3DS System Flaws: Difference between revisions
Tomsterley (talk | contribs) No edit summary |
→Hardware: It's because FIRM partitions don't have a MAC. |
||
| Line 74: | Line 74: | ||
|- | |- | ||
| FIRM partitions known-plaintext | | FIRM partitions known-plaintext | ||
| The [[Flash_Filesystem|FIRM partitions]] are encrypted with AES-CTR. Since this works by XOR'ing data with a static (per-console in this case) keystream, one can deduce the keystream of a portion of each FIRM partition if they have the actual FIRM binary stored in it. | | The [[Flash_Filesystem|FIRM partitions]] are encrypted with AES-CTR without a MAC. Since this works by XOR'ing data with a static (per-console in this case) keystream, one can deduce the keystream of a portion of each FIRM partition if they have the actual FIRM binary stored in it. | ||
This can be paired with many exploits. For example, it allows minor FIRM downgrades (i.e. 10.4 to 9.6 or 9.5 to 9.4, but not 9.6 to 9.5). | This can be paired with many exploits. For example, it allows minor FIRM downgrades (i.e. 10.4 to 9.6 or 9.5 to 9.4, but not 9.6 to 9.5). | ||