Changes

Jump to navigation Jump to search

3DS System Flaws (edit)

Revision as of 07:00, 11 January 2017

1,145 bytes added ,  07:00, 11 January 2017
→‎Hardware: Pohlig-Hellman attack on boot ROM RSA keyslot keys
Line 85: Line 85:  
|  
 
|  
 
| Everyone
 
| Everyone
 +
|-
 +
| RSA keyslots don't clear exponent when setting modulus
 +
| The [[RSA_Registers|RSA keyslots]] are set by boot ROM to have four private RSA keys.  The exponent value in the RSA registers is write-only and not readable.
 +
 +
However, when setting a keyslot's modulus, the RSA hardware leaves the exponent alone.  This allows retrieving the exponent by doing a discrete logarithm of the output.
 +
 +
By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [//en.wikipedia.org/wiki/Pohlig%E2%80%93Hellman_algorithm Pohlig-Hellman algorithm].  If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.
 +
 +
This exploit's usefulness is limited: these four keyslots' values are only used in current firmware for deriving the 6.x save and 7.x NCCH keys, which were already known.  Additionally, with a boot ROM dump, this exploit is moot; these private keys are located in the protected ARM9 boot ROM.
 +
| None
 +
| New3DS
 +
| March 2016
 +
| [[User:Myria|Myria]]
 
|}
 
|}
  
Myria
119

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19226"

Navigation menu