3DS System Flaws: Difference between revisions
Made all mentions of plutoo into user links |
→Process9: Amiibo key flaw |
||
| Line 124: | Line 124: | ||
! Timeframe this was discovered | ! Timeframe this was discovered | ||
! Discovered by | ! Discovered by | ||
|- | |||
| Leak of normal-key matching a key-scrambler key | |||
| Firmware versions [[8.1.0-18|8.1.0]] through [[9.2.0-20|9.2.0]] set the encryption key for [[Amiibo]] data using a hardcoded normal-key in Process9. In firmware [[9.3.0-21|9.3.0]], Nintendo "fixed" this by using the key scrambler instead, by calculating the keyY value for keyslot 0x39 that results in the same normal-key, then hardcoding that keyY into Process9. | |||
Nintendo's fix is actually the problem: Nintendo revealed the normal-key matching an unknown keyX and a known keyY. Combined with the key scrambler using an insecure scrambling algorithm (see "Hardware" above), the key scrambler function could be deduced. | |||
| Deducing the keyX for keyslot 0x39 and the key scrambler algorithm | |||
| [[9.3.0-21|9.3.0-X]], sort of | |||
| [[10.0.0-27|10.0.0-X]] | |||
| January 2015 | |||
| [[User:Yellows8|Yellows8]] | |||
|- | |- | ||
| Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]]) | | Title downgrading via [[Application_Manager_Services|AM]]([[Application_Manager_Services_PXI|PXI]]) | ||