Views: 1,526,831 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 07-25-24 04:28 AM

0 users reading DSi Keys on 3DS | 1 bot

Main - Reverse-engineering - DSi Keys on 3DS Hide post layouts | New reply

Posted on 10-25-15 12:04 PM (rev. 2 of 10-25-15 12:07 PM) Link | #555
The DSi has a bunch of RSA, AES, Blowfish keys in ROM. The only two ways for dumping that keys would be decapping the Main CPU, or using a main memory hack for dumping RAM copies of that keys during booting - which is both nothing that could be done easily at home.

However, http://3dbrew.org/wiki/Memory_layout#ARM9_ITCM says that the DSi keys can be also found on 3DS at ARM9 ITCM address 01FFD000h or 07FFD000h. Is it difficult to dump that memory area?

And does anybody know more about which DSi key is stored at which 3DS address?

Knowing that stuff would help on building working DSi BIOS ROM images - needed for emulating the DSi boot process. As by know, the DSi ROMs can be dumped only partially: http://problemkaputt.de/gbatek.htm#biosdumping

The DSi seems to have some extra keys that are missing in 3DS - but the DSi doesn't seem to use those extra keys keys either (maybe they are used only for DSi-debug version or so).

Posted on 10-25-15 12:11 PM Link | #556
Dumping that area is easy. If you have ARM9 code execution you can always at least read that area.

Main - Reverse-engineering - DSi Keys on 3DS Hide post layouts | New reply

Page rendered in 0.011 seconds. (2048KB of memory used)
MySQL - queries: 26, rows: 65/65, time: 0.007 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.