3dbrew

Changes

3DS System Flaws (edit)

Revision as of 20:26, 29 December 2015

848 bytes added ,  20:26, 29 December 2015
→‎Process9: Amiibo key flaw
Line 124: Line 124:  
!  Timeframe this was discovered
 
!  Timeframe this was discovered
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| Leak of normal-key matching a key-scrambler key
 +
| Firmware versions [[8.1.0-18|8.1.0]] through [[9.2.0-20|9.2.0]] set the encryption key for [[Amiibo]] data using a hardcoded normal-key in Process9.  In firmware [[9.3.0-21|9.3.0]], Nintendo "fixed" this by using the key scrambler instead, by calculating the keyY value for keyslot 0x39 that results in the same normal-key, then hardcoding that keyY into Process9.
 +
 +
Nintendo's fix is actually the problem: Nintendo revealed the normal-key matching an unknown keyX and a known keyY.  Combined with the key scrambler using an insecure scrambling algorithm (see "Hardware" above), the key scrambler function could be deduced.
 +
| Deducing the keyX for keyslot 0x39 and the key scrambler algorithm
 +
| [[9.3.0-21|9.3.0-X]], sort of
 +
| [[10.0.0-27|10.0.0-X]]
 +
| January 2015
 +
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]])
 
| Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]])
Myria
119

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/15090"