3dbrew

Changes

3DS System Flaws (edit)

Revision as of 06:30, 27 September 2016

725 bytes added ,  06:30, 27 September 2016
→‎arm9loader
Line 97: Line 97:  
!  Public disclosure timeframe
 
!  Public disclosure timeframe
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| Rearrangable keys in the NAND keystore
 +
| Due to the keystore being encrypted with AES-ECB, one can rearrange blocks and still have the NAND keystore decrypt in a deterministic way. Combining this with the arm9loaderhax and uncleared hash keydata vulnerabilities, one can achieve arm9loaderhax without downgrading to a system version that exposes the OTP data, or using a hardware method. The NAND keystore must be encrypted with console-unique data; therefore, this is not achievable on Old 3DS or 2DS.
 +
| arm9loaderhax achieveable with no extra hardware and without downgrading to a system version which exposes the OTP.
 +
| None
 +
| [[11.1.0-34|11.1.0-X]]
 +
| Early 2016
 +
| 27 Sepetember 2016
 +
| [[User:Dark samus|dark_samus]]
 
|-
 
|-
 
| Uncleared OTP hash keydata in console-unique 0x11 key-generation
 
| Uncleared OTP hash keydata in console-unique 0x11 key-generation
Dark samus
35

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/18302"