6,263
edits
Changes
no edit summary
:I saw you update the AES page recently. you can confirm some keyslots are with the same data, but how had you done that (by comparing the data, or just the same memory location)? Can you even fetch those keys to decrypt the CDN TMD key strings? if so that would be a potential way to go.. BTW you're disasm those in-memory content not the decrypted Romfs right?
:I saw you update the AES page recently. you can confirm some keyslots are with the same data, but how had you done that (by comparing the data, or just the same memory location)? Can you even fetch those keys to decrypt the CDN TMD key strings? if so that would be a potential way to go.. BTW you're disasm those in-memory content not the decrypted Romfs right?
:I do wonder if contents decrypted succussfully, shall we need any customed disassembler? --[[User:Syphurith|Syphurith]] 16:51, 26 June 2013 (CEST)
:I do wonder if contents decrypted succussfully, shall we need any customed disassembler? --[[User:Syphurith|Syphurith]] 16:51, 26 June 2013 (CEST)
::"some keyslots are with the same data" I encrypted an all-zero block with each AES engine keyslot with CTR=0, and encrypted that data again with each keyslot with keyY=0. When the output block for the former is the same for multiple keyslots, those keyslots use the same keyX/keyY. When the latter output block is the same for multiple keyslots, those keyslots use the same keyX. "decrypt the CDN TMD key strings" TMDs have nothing to do with decrypting the ticket titlekey. [[RomFS]] does not contain code(besides [[CRO0]] for web browser), that's stored in [[ExeFS]]:/.code. There's no need to dump code from memory when one can just use the [[AES]] engine. --[[User:Yellows8|Yellows8]] 17:40, 26 June 2013 (CEST)
===Spam attack===
===Spam attack===