174
edits
Changes
about ClCertA and CRL
::There is ClCertA on CDN. Important keys are stored in hardware key-scrambler right? A.ClCertA's private key stored in hardware and there is api called with write access in the package. B.ClCertA's key stored in NAND or somewhere else so we can eventually grab that and setup a proxy to remote while replacing the original ninty ones to our own self-sign ones (Then we would be able to decode the data transfers between proxy to 3ds and proxy to remote). C.ClCertA.. The workers think their private key can never be leaked so no CRL and just stored in hardware with a package cheating their boss. Which one you think would be the best answer? BTW i do really think there is ones with R/W access to the hardware.. Hope you find new apis.--[[User:Syphurith|Syphurith]] 02:35, 4 July 2013 (CEST)
::There is ClCertA on CDN. Important keys are stored in hardware key-scrambler right? A.ClCertA's private key stored in hardware and there is api called with write access in the package. B.ClCertA's key stored in NAND or somewhere else so we can eventually grab that and setup a proxy to remote while replacing the original ninty ones to our own self-sign ones (Then we would be able to decode the data transfers between proxy to 3ds and proxy to remote). C.ClCertA.. The workers think their private key can never be leaked so no CRL and just stored in hardware with a package cheating their boss. Which one you think would be the best answer? BTW i do really think there is ones with R/W access to the hardware.. Hope you find new apis.--[[User:Syphurith|Syphurith]] 02:35, 4 July 2013 (CEST)
:::ClCertA contains the SSL client RSA cert/private-key, when one has that one can only access their servers(like with a PC) with that, *nothing* more. I'm not sure why they store that data in a CFA seperate from SSL module, those two files stored in the ClCertA RomFS use additional encryption to begin with. "BTW i do really think there is ones with R/W access to the hardware" I'm not sure what you mean by that. --[[User:Yellows8|Yellows8]] 03:24, 4 July 2013 (CEST)
:::ClCertA contains the SSL client RSA cert/private-key, when one has that one can only access their servers(like with a PC) with that, *nothing* more. I'm not sure why they store that data in a CFA seperate from SSL module, those two files stored in the ClCertA RomFS use additional encryption to begin with. "BTW i do really think there is ones with R/W access to the hardware" I'm not sure what you mean by that. --[[User:Yellows8|Yellows8]] 03:24, 4 July 2013 (CEST)
::::So no other things inside that package (Only CFA? I'm unable to decrypt the CDN so i can not even get a close look). If that key is stored in NAND, building up a proxy and replacing the original key and cert is not too easy lol (Then 3ds to us using our key and we to ninty using ninty keys, emulated.. able to catch all data pass through proxy SSL-decrypted) - even i don't know how to do that accurately (however can not assure). I don't think that private key is stored in nand or even sd, just cause of that can be easily cheated (if there is write access found). Since there is CRL enabled in the cert, even there is no CRL(Certificate Revocation List) file on remote now - that means they've prepared for declarition of the cert being invalid. after it is invalid they should take action to put a new package including new cert and private key (sounds reasonable for why they get such a package on cdn right?) and flash that into 3ds during a new update. That is why i think there is somewhere with at least write-access to the storation of keys. you mentioned ssl module, have you decrypted the whole executable yet (or from CDN with extracting its material)?
::::Conclusion: I do think there is some access to the storation of such a ssl private key. but i don't know where it exactly exists (even i hope that is stored in that key-scrambler - would bring a possibility to discovery the key-scrambler). i can not tell that is nand or sd or somewhere inside soc or actually key-scrambler, so i use hardware to refer that instead.--[[User:Syphurith|Syphurith]] 09:58, 4 July 2013 (CEST)
===Spam attack===
===Spam attack===