3DS System Flaws: Difference between revisions
WulfyStylez (talk | contribs) this can be worked around as an initial entrypoint but it's not really intended as that. also cleanup on base exploit description - k9l keys aren't really relevant to this hack. standby for known-plaintext description. |
WulfyStylez (talk | contribs) this has been leaking all over the place for the last year so i'm just throwing it up for the greater good |
||
Line 72: | Line 72: | ||
| February 2015 | | February 2015 | ||
| [[User:Yellows8|Yellows8]], [[User:Plutooo|plutoo]] | | [[User:Yellows8|Yellows8]], [[User:Plutooo|plutoo]] | ||
|- | |||
| FIRM partitions known-plaintext | |||
| The [[Flash_Filesystem|FIRM partitions]] are encrypted with AES-CTR. Since this works by XOR'ing data with a static (per-console in this case) keystream, one can deduce the keystream of a portion of each FIRM partition if they have the actual FIRM binary stored in it. | |||
This can be paired with many exploits. For example, it allows minor FIRM downgrades (i.e. 10.4 to 9.6 or 9.5 to 9.4, but not 9.6 to 9.5). | |||
This can be somewhat addressed by having a FIRM header skip over previously used section offsets, but this would just air-gap newer FIRMs without fixing the core bug. This can also only be done a limited number of times due to the size of FIRM versus the size of the partitions. | |||
| None | |||
| New3DS | |||
| | |||
| Everyone | |||
|} | |} | ||