Changes

509 bytes added ,  13:51, 27 June 2013
m
well...i mean decryption..
Line 70: Line 70:  
::"some keyslots are with the same data" I encrypted an all-zero block with each AES engine keyslot with CTR=0, and encrypted that data again with each keyslot with keyY=0. When the output block for the former is the same for multiple keyslots, those keyslots use the same keyX/keyY. When the latter output block is the same for multiple keyslots, those keyslots use the same keyX. "decrypt the CDN TMD key strings" TMDs have nothing to do with decrypting the ticket titlekey. [[RomFS]] does not contain code(besides [[CRO0]] for web browser), that's stored in [[ExeFS]]:/.code. There's no need to dump code from memory when one can just use the [[AES]] engine. --[[User:Yellows8|Yellows8]] 17:40, 26 June 2013 (CEST)
 
::"some keyslots are with the same data" I encrypted an all-zero block with each AES engine keyslot with CTR=0, and encrypted that data again with each keyslot with keyY=0. When the output block for the former is the same for multiple keyslots, those keyslots use the same keyX/keyY. When the latter output block is the same for multiple keyslots, those keyslots use the same keyX. "decrypt the CDN TMD key strings" TMDs have nothing to do with decrypting the ticket titlekey. [[RomFS]] does not contain code(besides [[CRO0]] for web browser), that's stored in [[ExeFS]]:/.code. There's no need to dump code from memory when one can just use the [[AES]] engine. --[[User:Yellows8|Yellows8]] 17:40, 26 June 2013 (CEST)
 
:::oh well. sorry for been n00b again. then have you ever found something that you can execute to decrypt those CDN data? i badly wanna try it.. ExeFS.. okey.. hope good work--[[User:Syphurith|Syphurith]] 08:04, 27 June 2013 (CEST)
 
:::oh well. sorry for been n00b again. then have you ever found something that you can execute to decrypt those CDN data? i badly wanna try it.. ExeFS.. okey.. hope good work--[[User:Syphurith|Syphurith]] 08:04, 27 June 2013 (CEST)
:::oh wait i nearly forgot one thing. where do you think those keys are been when you manually called those encrypt/decrypt functions? if that is purely hardware implemented decapping may help; if that is in memory you may eventually get it; if that is stored in somewhere inside SoC.. yeah? --[[User:Syphurith|Syphurith]] 08:36, 27 June 2013 (CEST)
+
:::-snip- --[[User:Syphurith|Syphurith]] 08:36, 27 June 2013 (CEST)
 
::::You do not "call" crypto functions here, this is a hardware [[AES]] engine with a hardware key-scrambler. "found something that you can execute to decrypt those CDN data" Not sure what you mean when we had system-version v4.5 total-control code exec haxx since December. --[[User:Yellows8|Yellows8]] 09:52, 27 June 2013 (CEST)
 
::::You do not "call" crypto functions here, this is a hardware [[AES]] engine with a hardware key-scrambler. "found something that you can execute to decrypt those CDN data" Not sure what you mean when we had system-version v4.5 total-control code exec haxx since December. --[[User:Yellows8|Yellows8]] 09:52, 27 June 2013 (CEST)
 +
:::::I forgot that hours ago. sorry. I thought we would be able to feed those raw data we got from CDN, and let it decrypt and extract for us. then at least we may be able to find those differences in modules implemented between two nearby versions. Some just fix crash - stablility, and some would fix some vulnerables we may use, and some would indicates those internal logical process of the module's implementation. we can not always rely on those ROP or other black-box methods. when we get the opportunity to build a CFW or a special homebrew that would affect the original behaviours of the system, we may need to modify it right? also that should show us some interesting points if we have ones dedicated on analysing those. --[[User:Syphurith|Syphurith]] 14:51, 27 June 2013 (CEST)
    
===Spam attack===
 
===Spam attack===
174

edits