Views: 1,610,085 | Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search | 11-23-24 09:27 AM |
Guest: |
0 users reading DSi Keys on 3DS | 1 bot |
Main - Reverse-engineering - DSi Keys on 3DS | Show post layouts | New reply |
nocash |
| ||
Normal user Level: 20 Posts: 17/77 EXP: 39007 Next: 3432 Since: 10-09-15 Last post: 2099 days ago Last view: 2015 days ago |
The DSi has a bunch of RSA, AES, Blowfish keys in ROM. The only two ways for dumping that keys would be decapping the Main CPU, or using a main memory hack for dumping RAM copies of that keys during booting - which is both nothing that could be done easily at home.
However, http://3dbrew.org/wiki/Memory_layout#ARM9_ITCM says that the DSi keys can be also found on 3DS at ARM9 ITCM address 01FFD000h or 07FFD000h. Is it difficult to dump that memory area? And does anybody know more about which DSi key is stored at which 3DS address? Knowing that stuff would help on building working DSi BIOS ROM images - needed for emulating the DSi boot process. As by know, the DSi ROMs can be dumped only partially: http://problemkaputt.de/gbatek.htm#biosdumping The DSi seems to have some extra keys that are missing in 3DS - but the DSi doesn't seem to use those extra keys keys either (maybe they are used only for DSi-debug version or so). |
profi200 |
| ||
Member Who knows? Level: 19 Posts: 34/70 EXP: 34517 Next: 1260 Since: 05-21-15 From: Germany Last post: 2994 days ago Last view: 2862 days ago |
Dumping that area is easy. If you have ARM9 code execution you can always at least read that area. |
Main - Reverse-engineering - DSi Keys on 3DS | Show post layouts | New reply |
Page rendered in 0.011 seconds. (2048KB of memory used) MySQL - queries: 26, rows: 65/65, time: 0.006 seconds. Acmlmboard 2.064 (2018-07-20) © 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |