6,264
edits
Changes
Jump to navigation
Jump to search
Line 125:
Line 125: + + + + + + + + + + + Line 253:
Line 264: − + Line 283:
Line 294: − +
cache fail
! Public disclosure timeframe
! Public disclosure timeframe
! Discovered by
! Discovered by
|-
| Leak of normal-key matching a key-scrambler key
| Firmware versions [[8.1.0-18|8.1.0]] through [[9.2.0-20|9.2.0]] set the encryption key for [[Amiibo]] data using a hardcoded normal-key in Process9. In firmware [[9.3.0-21|9.3.0]], Nintendo "fixed" this by using the key scrambler instead, by calculating the keyY value for keyslot 0x39 that results in the same normal-key, then hardcoding that keyY into Process9.
Nintendo's fix is actually the problem: Nintendo revealed the normal-key matching an unknown keyX and a known keyY. Combined with the key scrambler using an insecure scrambling algorithm (see "Hardware" above), the key scrambler function could be deduced.
| Deducing the keyX for keyslot 0x39 and the key scrambler algorithm
| [[9.3.0-21|9.3.0-X]], sort of
| [[10.0.0-27|10.0.0-X]]
| January 2015
|
| [[User:Yellows8|Yellows8]]
|-
|-
| Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]])
| Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]])
| March 2015, original timeframe if any unknown
| March 2015, original timeframe if any unknown
|
|
| plutoo/[[User:Yellows8|Yellows8]]/maybe others(?)
| [[User:Plutooo|plutoo]]/[[User:Yellows8|Yellows8]]/maybe others(?)
|-
|-
| [[Application_Manager_Services_PXI|PXIAM]] command 0x003D0108(See also [[Application_Manager_Services|this]])
| [[Application_Manager_Services_PXI|PXIAM]] command 0x003D0108(See also [[Application_Manager_Services|this]])
| March 2015, originally 2012 for the first issue at least
| March 2015, originally 2012 for the first issue at least
|
|
| plutoo, [[User:Yellows8|Yellows8]], maybe others(?)
| [[User:Plutooo|plutoo]], [[User:Yellows8|Yellows8]], maybe others(?)
|}
|}