3DS System Flaws: Difference between revisions
Dark samus (talk | contribs) |
|||
| Line 97: | Line 97: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| Rearrangable keys in the NAND keystore | |||
| Due to the keystore being encrypted with AES-ECB, one can rearrange blocks and still have the NAND keystore decrypt in a deterministic way. Combining this with the arm9loaderhax and uncleared hash keydata vulnerabilities, one can achieve arm9loaderhax without downgrading to a system version that exposes the OTP data, or using a hardware method. The NAND keystore must be encrypted with console-unique data; therefore, this is not achievable on Old 3DS or 2DS. | |||
| arm9loaderhax achieveable with no extra hardware and without downgrading to a system version which exposes the OTP. | |||
| None | |||
| [[11.1.0-34|11.1.0-X]] | |||
| Early 2016 | |||
| 27 Sepetember 2016 | |||
| [[User:Dark samus|dark_samus]] | |||
|- | |- | ||
| Uncleared OTP hash keydata in console-unique 0x11 key-generation | | Uncleared OTP hash keydata in console-unique 0x11 key-generation | ||