1
edit
Changes
possibility of DPA attack
There's a common key used to generate output at compile time, when the cci/ctx files are made. Why do you say 128 bit AES CTR though? --[[User:Jl12|Jl12]]
There's a common key used to generate output at compile time, when the cci/ctx files are made. Why do you say 128 bit AES CTR though? --[[User:Jl12|Jl12]]
: Because 128-bit AES CTR is used to encrypt those formats. --[[User:Neimod|Neimod]] 15:40, 18 June 2011 (CEST)
: Because 128-bit AES CTR is used to encrypt those formats. --[[User:Neimod|Neimod]] 15:40, 18 June 2011 (CEST)
AES CTR is more difficult to attack via DPA or EM-DPA
I know *something* is used to encrypt but do we know it is 128 bit AES CTR? --[[User:Jl12|Jl12]]
I know *something* is used to encrypt but do we know it is 128 bit AES CTR? --[[User:Jl12|Jl12]]
do you know that the cipher text is xored at the end but not the exact algo or are you sure about AES also
Frankly I don't think it was AES. I think it's using RSA for encryption. Besides it already used it once for the 2048-bit signature as you said. Wouldn't it make way more sense to also use it for the encryption scheme. --[[User:Jl12|Jl12]]
Frankly I don't think it was AES. I think it's using RSA for encryption. Besides it already used it once for the 2048-bit signature as you said. Wouldn't it make way more sense to also use it for the encryption scheme. --[[User:Jl12|Jl12]]
: Lol. --[[User:Neimod|Neimod]] 16:06, 20 June 2011 (CEST)
: Lol. --[[User:Neimod|Neimod]] 16:06, 20 June 2011 (CEST)
agree the (LOL) RSA would not be of use to slow for an real time decryption or load of a game at runtime also the block size would not match and there would be no advantage using RSA as when console talks to the cartridge both keys are exposed to the end user and therefore could be potentially broken. RSA would
only make sense if they can keep a secret key at their place. which is the case for DSA to sight the firmware for example preventing anybody to load
unauthorized firmware into the device. and nobody could fake the signature as he does not have the private key. (fairly standard methods today for
all sorts of consumer electronics).
What's funny? So I guess it's just based purely on speculation? You should say so. That way nobody believes something that isn't right. --[[User:Jl12|Jl12]] 22:28, 20 June 2011 (CEST)
What's funny? So I guess it's just based purely on speculation? You should say so. That way nobody believes something that isn't right. --[[User:Jl12|Jl12]] 22:28, 20 June 2011 (CEST)
: RSA is only used for the signature. After that a symmetric block cipher called AES is used in CTR mode. --[[User:Neimod|Neimod]] 23:32, 20 June 2011 (CEST)
: RSA is only used for the signature. After that a symmetric block cipher called AES is used in CTR mode. --[[User:Neimod|Neimod]] 23:32, 20 June 2011 (CEST)
i guess if Neimod has the RAM simulator he could dump the firmware if not fire walled by a MMU. the PROC is ARM and there are nice IDA modules for it plus the Hexrays decompiler. Don't forget the RAM is executable and i don't think that neimod just read from it !
How did you get this data? Did you find some way to dump 3DS cartridges? --[[User:Popoffka|Popoffka]] 09:15, 1 June 2011 (CEST)
How did you get this data? Did you find some way to dump 3DS cartridges? --[[User:Popoffka|Popoffka]] 09:15, 1 June 2011 (CEST)
:Bad wording, I mean DLPChild Container NCCH, the same DLPChild containers used in CCIs and installed titles, to hold the DLPChild CIA files--[[User:3dsguy|3dsguy]] 00:36, 24 June 2012 (CEST)
:Bad wording, I mean DLPChild Container NCCH, the same DLPChild containers used in CCIs and installed titles, to hold the DLPChild CIA files--[[User:3dsguy|3dsguy]] 00:36, 24 June 2012 (CEST)
I've been thinking, you know how we have executable specialisations of NCCH, which are officially called .CXI (CTR Executable Image). And we also have non-executable specialisations of NCCH, which I've assumed uses the extention .CXI. But perhaps officially, non-executable specialisations of NCCH have a different file extention all together, like the case CCI and CSU (both NCSD format).--[[User:3dsguy|3dsguy]] 18:09, 7 July 2012 (CEST)
I've been thinking, you know how we have executable specialisations of NCCH, which are officially called .CXI (CTR Executable Image). And we also have non-executable specialisations of NCCH, which I've assumed uses the extention .CXI. But perhaps officially, non-executable specialisations of NCCH have a different file extention all together, like the case CCI and CSU (both NCSD format).--[[User:3dsguy|3dsguy]] 18:09, 7 July 2012 (CEST)
:actually after looking more closely at the scarse details on the CFA (CTR File Archive), the details closely follow the non-executable specialisation of NCCH which is the dlpChild container. So are the non-executable NCCH called CFA files?--[[User:3dsguy|3dsguy]] 18:20, 7 July 2012 (CEST)
Question: from what you know today (i assume you have at lead partially disassembly) what of the mechanism is HW implemented ? and what software ?
the random seeding function for example ? could you force the seeding to be constant or better at your choice ? i think if you can influence the seed and if the use AES CRT plus the cipher text cleartext info as you must have as it corresponds RAM / ROM extern intern it should be possible to launch a DPA attack on it and get the key. assuming that there are not some hidden custom functions in it.