4dsdev
Views: 614,262 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 11-25-17 06:38 AM
Guest:

0 users reading Decrypting SD DSiWare Exports? | 1 bot

Main - Reverse-engineering - Decrypting SD DSiWare Exports? New reply


d0k3
Posted on 12-22-15 01:25 PM (rev. 2 of 12-22-15 01:42 PM) Link | #838
I just noticed that I did this wrong all the time... The DSiWare Exports are found in /Nintendo 3DS///Nintendo DSiWare. Everything else in that // folder is decrypted by a rather simple scheme of AES-CTR with an IV calculated from the path name. Not the DSiWare Exports though:
http://3dbrew.org/wiki/DSiWare_Exports

These use AES-CBC, and the IV for that seems to come from the 'Block Metadata' at the end of each section (if I got that right). Sections are Banner, Header, Footer, Content, and at the start of each section, I have to set the IV to the correct value.
DSiWare exported from 3DS use console-unique keyslots initialized by movable.sed. Each section is encrypted with AES-CBC.

Now, console-unique keyslots... I tried to bruteforce that, but no success so far. I'm also unsure if I can just use the keyY from movable.sed with each and every AES keyslot in the range from 0x10 - 0x40, without any danger of damaging my console.

Any ideas on how to proceed with that?

EDIT: Forgot about that... I'm also unsure about endianness and order. I'd assume it is the same as for everything else on the SD though.

profi200
Posted on 12-22-15 02:38 PM Link | #839
Don't really see the need for this if you just can decrypt twln. The effort to implement this is not worth the gain.
The required AES keyslot is documented on the AES Registers page.

d0k3
Posted on 12-22-15 07:14 PM Link | #840
Posted by profi200
Don't really see the need for this if you just can decrypt twln. The effort to implement this is not worth the gain.
The required AES keyslot is documented on the AES Registers page.

Well, that should be 0x34 then, same as with everything else in that folder. But you're right, at a second look this looks like as much effort as for CIA decryption (the contents themselves also consist of multiple sections), and that was a lot.

profi200
Posted on 12-22-15 08:30 PM Link | #841
No, look again. There is a special keyslot just for DSi Ware exports en-/decryption.

d0k3
Posted on 12-28-15 11:39 AM Link | #846
Alright, found it! After recognizing the effort that would have to be put into this, I decided to put this on ice for now. Although an interesting project, this is not even that useful for now. Will see about that later. Thank you!


Main - Reverse-engineering - Decrypting SD DSiWare Exports? New reply

Page rendered in 0.040 seconds. (2048KB of memory used)
MySQL - queries: 28, rows: 73/73, time: 0.029 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2017-11-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.