|
| ||
| Views: 1,609,166 | Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search | 11-21-24 10:21 AM |
| Guest: | ||
| 0 users reading DSi Keys on 3DS | 1 bot |
| Main - Reverse-engineering - DSi Keys on 3DS | Hide post layouts | New reply |
| nocash |
| ||
|
Normal user Level: 20 Posts: 17/77 EXP: 38995 Next: 3444 Since: 10-09-15 Last post: 2097 days ago Last view: 2013 days ago |
The DSi has a bunch of RSA, AES, Blowfish keys in ROM. The only two ways for dumping that keys would be decapping the Main CPU, or using a main memory hack for dumping RAM copies of that keys during booting - which is both nothing that could be done easily at home.
However, http://3dbrew.org/wiki/Memory_layout#ARM9_ITCM says that the DSi keys can be also found on 3DS at ARM9 ITCM address 01FFD000h or 07FFD000h. Is it difficult to dump that memory area? And does anybody know more about which DSi key is stored at which 3DS address? Knowing that stuff would help on building working DSi BIOS ROM images - needed for emulating the DSi boot process. As by know, the DSi ROMs can be dumped only partially: http://problemkaputt.de/gbatek.htm#biosdumping The DSi seems to have some extra keys that are missing in 3DS - but the DSi doesn't seem to use those extra keys keys either (maybe they are used only for DSi-debug version or so). |
| profi200 |
| ||
|
Member Who knows? Level: 19 Posts: 34/70 EXP: 34507 Next: 1270 Since: 05-21-15 From: Germany Last post: 2992 days ago Last view: 2860 days ago |
Dumping that area is easy. If you have ARM9 code execution you can always at least read that area. |
| Main - Reverse-engineering - DSi Keys on 3DS | Hide post layouts | New reply |
|
Page rendered in 0.010 seconds. (2048KB of memory used) MySQL - queries: 26, rows: 65/65, time: 0.006 seconds. ![[powered by Acmlm]](img/poweredbyacmlm.png "powering nostalgia")
Acmlmboard 2.064 (2018-07-20)© 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |