Views: 1,611,506 | Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search | 12-02-24 08:10 PM |
Guest: |
0 users reading What is this file's format? | 1 bot |
Main - Reverse-engineering - What is this file's format? | Hide post layouts | New reply |
Mikle0x |
| ||
Newcomer Normal user Level: 5 Posts: 1/4 EXP: 458 Next: 71 Since: 12-06-15 Last post: 3283 days ago Last view: 3152 days ago |
Someone found this file (.plugin extension) , where there is supposedly interesting stuff. Most of the file's contents are encrypted, and I don't know how to decrypt it (the decryption process is probably related to the dev keys, which I have). |
Bond697 |
| ||
Newcomer Normal user Level: 3 Posts: 1/1 EXP: 60 Next: 68 Since: 12-21-14 Last post: 3283 days ago Last view: 2985 days ago |
where did you find it? |
StapleButter |
| ||
Member blarg Level: 30 Posts: 154/184 EXP: 151591 Next: 14278 Since: 10-27-14 From: France Last post: 2659 days ago Last view: 2570 days ago |
ahem ____________________ blargSNES -- SNES emu for 3DS More cool stuff |
einstein95 |
| ||
Newcomer Normal user Level: 5 Posts: 3/4 EXP: 459 Next: 70 Since: 11-20-15 Last post: 3283 days ago Last view: 3246 days ago |
Perhaps it'd be better to upload said file and not black out the first 0x10 bytes. |
StapleButter |
| ||
Member blarg Level: 30 Posts: 155/184 EXP: 151591 Next: 14278 Since: 10-27-14 From: France Last post: 2659 days ago Last view: 2570 days ago |
this reeks of SDK crap ____________________ blargSNES -- SNES emu for 3DS More cool stuff |
Mikle0x |
| ||
Newcomer Normal user Level: 5 Posts: 2/4 EXP: 458 Next: 71 Since: 12-06-15 Last post: 3283 days ago Last view: 3152 days ago |
Yeah sorry, someone who wants to stay anon., got this file I-don't-know-where, and had no clue about it either. Thus the "I".
Anyways there were another file that came with it, a .debugger file, containing some function-name-related symbols, such as "update_firmware()", "note_new()", "//DevMenuCTR" |
einstein95 |
| ||
Newcomer Normal user Level: 5 Posts: 4/4 EXP: 459 Next: 70 Since: 11-20-15 Last post: 3283 days ago Last view: 3246 days ago |
Telling us about said file is not the same as uploading the file for others to tell you what it is. |
Mikle0x |
| ||
Newcomer Normal user Level: 5 Posts: 3/4 EXP: 458 Next: 71 Since: 12-06-15 Last post: 3283 days ago Last view: 3152 days ago |
http://s000.tinyupload.com/index.php?file_id=49063689152813464337 |
plutoo |
| ||
Member Normal user Level: 11 Posts: 19/19 EXP: 4803 Next: 1182 Since: 09-17-15 Last post: 3283 days ago Last view: 3207 days ago |
Looks like it contains some form of bytecode, maybe Lua or something. Edit: Or maybe it's just some encryption throwing me off. |
Mikle0x |
| ||
Newcomer Normal user Level: 5 Posts: 4/4 EXP: 458 Next: 71 Since: 12-06-15 Last post: 3283 days ago Last view: 3152 days ago |
Posted by plutoo I believe there is too few zeroes for it to be bytecode. Moreover, I think signature-like data is located just after "PROCESS" (compare UiT.plugin with UiT (1).plugin; the encrypted data is EXACTLY the same between the two files, but the signature is totally different due to a modification in the header) |
Syphurith |
| ||
Member Normal user Level: 18 Posts: 53/59 EXP: 26133 Next: 3764 Since: 10-26-15 Last post: 3245 days ago Last view: 3195 days ago |
Posted by Mikle0x 1.The most content of the file should be encrypted. Just try load it into a IDA (you can find 6.6). 2.No those Dev Cert marks such as "CP00000004" or "XS0000000A" is involved. Oh this is only for those NCCHs. 3.There are dev keys leaked very long ago, including AES and RSA types. The amount of those is finite. 4.This file isn't found in NW4C:NW4F, or leaked 4.2.8 SDK. Since i don't find any clue about where this file comes from, i don't know what it belongs. You may just want to write a tiny program to try all those keys for you, but this may be not enough. If you have a dev console, write a program to let it try all its keyslots. Let me guess. If a file is designed to be used inside a system with many keys, it may at least tell the system which key should be used. Otherwise it could not be decrypted well. I don't know if the 0x31=49 is a slot number. Good luck. Hope you could eventually play with it. |
54634564 |
| ||
Newcomer Normal user Level: 7 Posts: 5/7 EXP: 1064 Next: 384 Since: 11-14-15 Last post: 3085 days ago Last view: 2975 days ago |
Posted by Mikle0x They have to know where they got the file from. I seriously doubt it just poofed into existence on their hard drive. |
Main - Reverse-engineering - What is this file's format? | Hide post layouts | New reply |
Page rendered in 0.021 seconds. (2048KB of memory used) MySQL - queries: 28, rows: 87/87, time: 0.009 seconds. Acmlmboard 2.064 (2018-07-20) © 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |