Line 123: |
Line 123: |
| ! Last [[FIRM]] system version this flaw was checked for | | ! Last [[FIRM]] system version this flaw was checked for |
| ! Timeframe this was discovered | | ! Timeframe this was discovered |
| + | ! Public disclosure timeframe |
| ! Discovered by | | ! Discovered by |
− | |-
| |
− | | Leak of normal-key matching a key-scrambler key
| |
− | | Firmware versions [[8.1.0-18|8.1.0]] through [[9.2.0-20|9.2.0]] set the encryption key for [[Amiibo]] data using a hardcoded normal-key in Process9. In firmware [[9.3.0-21|9.3.0]], Nintendo "fixed" this by using the key scrambler instead, by calculating the keyY value for keyslot 0x39 that results in the same normal-key, then hardcoding that keyY into Process9.
| |
− |
| |
− | Nintendo's fix is actually the problem: Nintendo revealed the normal-key matching an unknown keyX and a known keyY. Combined with the key scrambler using an insecure scrambling algorithm (see "Hardware" above), the key scrambler function could be deduced.
| |
− | | Deducing the keyX for keyslot 0x39 and the key scrambler algorithm
| |
− | | [[9.3.0-21|9.3.0-X]], sort of
| |
− | | [[10.0.0-27|10.0.0-X]]
| |
− | | January 2015
| |
− | | [[User:Yellows8|Yellows8]]
| |
| |- | | |- |
| | Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]]) | | | Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]]) |
Line 143: |
Line 134: |
| | NATIVE_FIRM / AM-sysmodule [[10.0.0-27|10.0.0-X]] | | | NATIVE_FIRM / AM-sysmodule [[10.0.0-27|10.0.0-X]] |
| | ? | | | ? |
| + | | |
| | ? | | | ? |
| |- | | |- |
Line 171: |
Line 163: |
| | [[9.6.0-24|9.6.0-X]] | | | [[9.6.0-24|9.6.0-X]] |
| | July 8-9, 2015 | | | July 8-9, 2015 |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 180: |
Line 173: |
| | [[9.5.0-22|9.5.0-X]] | | | [[9.5.0-22|9.5.0-X]] |
| | March 2015 | | | March 2015 |
| + | | |
| + | | [[User:Yellows8|Yellows8]] |
| + | |- |
| + | | pxips9 [[AES_Registers|AES]] keyslot reuse |
| + | | This requires access to the [[Process_Services|ps:ps]]/pxi:ps9 services. One way to get access to this would be snshax on system-version <=10.1.0-X(see 32c3 3ds talk). |
| + | When an invalid key-type value is passed to any of the PS commands, Process9 will try to select keyslot 0x40. That aesengine_setkeyslot() code will then immediately return due to the invalid keyslot value. Since that function doesn't return any errors, Process9 will just continue to do crypto with whatever AES keyslot was selected before the PS command was sent. |
| + | | Reusing the previously used keyslot, for crypto with PS. |
| + | | None |
| + | | [[10.2.0-28|10.2.0-X]] |
| + | | Roughly the same time(same day?) as firmlaunch-hax. |
| + | | December 29, 2015 |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 190: |
Line 194: |
| | | | | |
| | 2012, 3 days after [[User:Yellows8|Yellows8]] started Process9 code RE. | | | 2012, 3 days after [[User:Yellows8|Yellows8]] started Process9 code RE. |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 199: |
Line 204: |
| | [[9.3.0-21|9.3.0-X]] | | | [[9.3.0-21|9.3.0-X]] |
| | ? | | | ? |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 208: |
Line 214: |
| | [[9.3.0-21|9.3.0-X]] | | | [[9.3.0-21|9.3.0-X]] |
| | 2012 | | | 2012 |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 217: |
Line 224: |
| | [[9.5.0-22]] | | | [[9.5.0-22]] |
| | April 2013 | | | April 2013 |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 226: |
Line 234: |
| | ? | | | ? |
| | April 2013 | | | April 2013 |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 234: |
Line 243: |
| | | | | |
| | 2013? | | | 2013? |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 242: |
Line 252: |
| | | | | |
| | March 2015, original timeframe if any unknown | | | March 2015, original timeframe if any unknown |
− | | [[User:Plutooo|plutoo]]/[[User:Yellows8|Yellows8]]/maybe others(?) | + | | |
| + | | plutoo/[[User:Yellows8|Yellows8]]/maybe others(?) |
| |- | | |- |
| | [[Application_Manager_Services_PXI|PXIAM]] command 0x003D0108(See also [[Application_Manager_Services|this]]) | | | [[Application_Manager_Services_PXI|PXIAM]] command 0x003D0108(See also [[Application_Manager_Services|this]]) |
Line 250: |
Line 261: |
| | | | | |
| | May 2013 | | | May 2013 |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 259: |
Line 271: |
| | | | | |
| | 2012 | | | 2012 |
| + | | |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
| |- | | |- |
Line 269: |
Line 282: |
| | | | | |
| | March 2015, originally 2012 for the first issue at least | | | March 2015, originally 2012 for the first issue at least |
− | | [[User:Plutooo|plutoo]], [[User:Yellows8|Yellows8]], maybe others(?) | + | | |
| + | | plutoo, [[User:Yellows8|Yellows8]], maybe others(?) |
| |} | | |} |
| | | |