Changes

726 bytes added ,  01:27, 4 January 2016
Line 84: Line 84:  
!  Last [[FIRM]] system version this flaw was checked for
 
!  Last [[FIRM]] system version this flaw was checked for
 
!  Timeframe this was discovered
 
!  Timeframe this was discovered
 +
!  Public disclosure timeframe
 
!  Discovered by
 
!  Discovered by
 
|-
 
|-
| Missing verification-block for the 9.6 keys
+
| enhanced-arm9loaderhax
 +
| See the 32c3 3ds talk.
 +
Since this is a combination of a trick with the arm9-bootrom + arm9loaderhax, and since you have to manually write FIRM to the firm0/firm1 NAND partitions, this can't really be completely fixed. More New3DS keys could be generated differently/etc in an updated arm9loader which also fixes arm9loaderhax, but that's about all really.
 +
| arm9loaderhax which automatically occurs at hard-boot.
 +
| See arm9loaderhax / description.
 +
| See arm9loaderhax / description.
 +
| Theorized around mid July, 2015. Later implemented+tested by [[User:Plutooo|plutoo]] and derrek.
 +
| 32c3 3ds talk (December 27, 2015)
 +
| [[User:Yellows8|Yellows8]]
 +
|-
 +
| Missing verification-block for the 9.6 keys (arm9loaderhax)
 
| Starting with [[9.6.0-24|9.6.0-X]] a new set of NAND-based keys were introduced. However, no verification block was added to verify that the new key read from NAND is correct. This was technically an issue from [[9.5.0-22|9.5.0-X]] with the original sector+0 keydata, however the below is only possible with [[9.6.0-24|9.6.0-X]] since keyslots 0x15 and 0x16 are generated from different 0x11 keyXs.
 
| Starting with [[9.6.0-24|9.6.0-X]] a new set of NAND-based keys were introduced. However, no verification block was added to verify that the new key read from NAND is correct. This was technically an issue from [[9.5.0-22|9.5.0-X]] with the original sector+0 keydata, however the below is only possible with [[9.6.0-24|9.6.0-X]] since keyslots 0x15 and 0x16 are generated from different 0x11 keyXs.
   Line 93: Line 104:  
This allows an hardware-based attack where you can boot into an older exploited firmware, fill all memory with NOP sleds/jump-instructions, and then reboot into executing garbage. By automating this process with various input keydata, eventually you'll find some garbage that jumps to your code.
 
This allows an hardware-based attack where you can boot into an older exploited firmware, fill all memory with NOP sleds/jump-instructions, and then reboot into executing garbage. By automating this process with various input keydata, eventually you'll find some garbage that jumps to your code.
   −
This should give very early ARM9 code execution (pre-ARM9 kernel). As such, it is possible to dump RSA keyslots with this and calculate the 6.x [[Savegames#6.0.0-11_Savegame_keyY|save]], and 7.x [[NCCH]] keys. This cannot be used to recover keys initialized by arm9loader itself. This is due to it wiping the area used for its stack during NAND sector decryption and keyslot init.  
+
This gives very early ARM9 code execution (pre-ARM9 kernel). As such, it is possible to dump RSA keyslots with this and calculate the 6.x [[Savegames#6.0.0-11_Savegame_keyY|save]], and 7.x [[NCCH]] keys. This cannot be used to recover keys initialized by arm9loader itself. This is due to it wiping the area used for its stack during NAND sector decryption and keyslot init.  
    
Due to FIRMs on both Old and New 3DS using the same RSA data, this can be exploited on Old3DS as well, but only if one already has the actual plaintext normalkey from New3DS NAND sector 0x96 offset-0 and has dumped the OTP area of the Old3DS.
 
Due to FIRMs on both Old and New 3DS using the same RSA data, this can be exploited on Old3DS as well, but only if one already has the actual plaintext normalkey from New3DS NAND sector 0x96 offset-0 and has dumped the OTP area of the Old3DS.
 
| Recovery of 6.x [[Savegames#6.0.0-11_Savegame_keyY|save key]]/7.x [[NCCH]] key
 
| Recovery of 6.x [[Savegames#6.0.0-11_Savegame_keyY|save key]]/7.x [[NCCH]] key
 
| None
 
| None
| [[9.6.0-24|9.6.0-X]]
+
| [[10.2.0-28|10.2.0-X]]
 
| March, 2015
 
| March, 2015
 +
|
 
| [[User:Plutooo|plutoo]]
 
| [[User:Plutooo|plutoo]]
 
|-
 
|-
Line 111: Line 123:  
|  
 
|  
 
| February 3, 2015 (one day after [[9.5.0-22|9.5.0-X]] release)
 
| February 3, 2015 (one day after [[9.5.0-22|9.5.0-X]] release)
 +
|
 
| [[User:Yellows8|Yellows8]]
 
| [[User:Yellows8|Yellows8]]
 
|}
 
|}