3DS System Flaws: Difference between revisions

Line 515:

|-

| [[DSiWare_Exports]] [[CTCert]] verification

| Just like DSi originally did, 3DS verifies the APCert for DSiWare on SD with the CTCert also in the DSiWare .bin. On DSi this was fixed with with system-version 1.4.2 by verifying with the actual console-unique cert instead(stored in NAND), while on 3DS it's still not~~(?)~~ fixed.

| Just like DSi originally did, 3DS verifies the APCert for DSiWare on SD with the CTCert also in the DSiWare .bin. On DSi this was fixed with with system-version 1.4.2 by verifying with the actual console-unique cert instead(stored in NAND), while on 3DS it's still not fixed.

On 3DS ~~however~~ this is ~~useless, unless one can obtain the console-unique movable.sed keyY which encrypts the entire~~ DSiWare ~~.bin.~~

On 3DS this is used in conjunction with seedminer to be able to decrypt & modify DSiWare TAD containers and inject them with exploitable DSiWare titles such as sudoku (sudokuhax) and Flipnote JPN (ugopwn)

| When the movable.sed keyY for the target 3DS is known and the target 3DS CTCert private-key is unknown, importing of modified DSiWare SD .bin files.

| None.

| 11.8.0-X

| 11.10.0-X

| April 2013

|

Line 537:

| This allows embedding older, exploitable DSiWare titles in completely different, unexploitable DSiWare titles. Since DSiWare has raw NAND RW, this can result in arm9 control through FIRM known-plaintext and sighax attacks.

| None.

| 11.8.0-X

| 11.10.0-X

| 2015?

| December 2016

Line 546:

| When combined with other public vulns, arm9 code execution.

| None.

| 11.8.0-X

| 11.10.0-X

| May 2018

| Sept 2018

@@ Line 515: / Line 515: @@
 |-
 | [[DSiWare_Exports]] [[CTCert]] verification
-| Just like DSi originally did, 3DS verifies the APCert for DSiWare on SD with the CTCert also in the DSiWare .bin. On DSi this was fixed with with system-version 1.4.2 by verifying with the actual console-unique cert instead(stored in NAND), while on 3DS it's still not(?) fixed.
+| Just like DSi originally did, 3DS verifies the APCert for DSiWare on SD with the CTCert also in the DSiWare .bin. On DSi this was fixed with with system-version 1.4.2 by verifying with the actual console-unique cert instead(stored in NAND), while on 3DS it's still not fixed.
-On 3DS however this is useless, unless one can obtain the console-unique movable.sed keyY which encrypts the entire DSiWare .bin.
+On 3DS this is used in conjunction with seedminer to be able to decrypt & modify DSiWare TAD containers and inject them with exploitable DSiWare titles such as sudoku (sudokuhax) and Flipnote JPN (ugopwn)
 | When the movable.sed keyY for the target 3DS is known and the target 3DS CTCert private-key is unknown, importing of modified DSiWare SD .bin files.
 | None.
-| 11.8.0-X
+| 11.10.0-X
 | April 2013
 |
@@ Line 537: / Line 537: @@
 | This allows embedding older, exploitable DSiWare titles in completely different, unexploitable DSiWare titles. Since DSiWare has raw NAND RW, this can result in arm9 control through FIRM known-plaintext and sighax attacks.
 | None.
-| 11.8.0-X
+| 11.10.0-X
 | 2015?
 | December 2016
@@ Line 546: / Line 546: @@
 | When combined with other public vulns, arm9 code execution.
 | None.
-| 11.8.0-X
+| 11.10.0-X
 | May 2018
 | Sept 2018