4dsdev
Views: 1,599,010 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 10-07-24 09:10 PM
Guest:

Main - Posts by Dazzozo


Dazzozo
Posted on 09-22-15 11:41 PM, in Decrypting CIA contents directly? (rev. 2 of 09-22-15 11:44 PM) Link | #424
It can obviously only be a normal key, if this crypto can be performed on a PC.

Which keyslot you use is up to you, and how much you care depends on what you're doing. If you're not FIRM launching and just MCU-rebooting (on exit) it doesn't really matter outside of slots you want to use elsewhere.

Edit: 0x11 is a good slot for temporary work. Nintendo also uses it for this purpose.

Dazzozo
Posted on 09-23-15 08:35 AM, in Decrypting CIA contents directly? Link | #426
Yeah, you got it. Only the encryption of the title key uses a "special" key pair (hardware key generator). The title key itself is a normal key.

Dazzozo
Posted on 10-13-15 06:23 PM, in DSP reverse engineering Link | #506
Posted by nocash
The DSi uses "MBK" registers http://problemkaputt.de/gbatek.htm#dsinewsharedwramforarm7arm9dsp for mapping WRAM either to DSP or ARM memory at 3000000h-3FFFFFFh. I would assume that the 3DS has some similar "MBK" mapping mechanism (but mapping to 1FF00000h-1FF7FFFFh instead of 3000000h-3FFFFFFh).


Yes, the same mechanism exists: http://3dbrew.org/wiki/PDN_Registers#PDN_SHAREDWRAM_32K_DATA

Dazzozo
Posted on 10-25-15 04:49 PM, in Wifi/User Settings on SPI bus FLASH Link | #561
On 3DS, the console type byte is still 0x57. The wifi hardware revision is 0x03 (even on New3DS it seems).

The flash has been dumped by many people, and in fact was used in an exploit a while back, see: http://3dbrew.org/wiki/3DS_Userland_Flaws#System_applications

Dazzozo
Posted on 11-10-15 10:55 AM, in What is special about homebrew zero key encryption? Link | #701
Posted by d0k3
(this is zero key encryption, right?), and how can I detect it?


Yes. The FixedCryptoKey bit is set. See http://3dbrew.org/wiki/NCCH#NCCH_Flags

The key used (fixed / zero) depends on whether its a system title. This is all explained at http://3dbrew.org/wiki/NCCH#Encryption

Dazzozo
Posted on 11-10-15 11:57 AM, in What is special about homebrew zero key encryption? Link | #705
Posted by d0k3
Alright, so with that flag set, a fixed key is used as AES NormalKey for encryption and everything else works as normal?


Yep.

Posted by d0k3
I assume the zero key is all zeroes


Yep.

Posted by d0k3
and the systemkey is unknown.


It's known, but I don't think it has been posted anywhere yet.

Posted by d0k3
Because of the all-zeroes key, no actual hardware is needed for de-/encryption, but actual hardware would be required for decrypting with the fixed systemkey.


They're both normal keys, intended for debug.

Posted by d0k3
Also, does this work with 7x / seed crypto? (might only make sense in theory)


Neither, it doesn't make sense. A normal key is set when FixedCryptoKey is set, and the production NCCH keyXs and title keyY (regardless of generation method) aren't used. Process9 basically prioritises the different flags based on common sense.

Posted by d0k3
Plus, the thing about the hashes in homebrew CIAs... any ideas?


I can verify the hashes on your CTRXplorer CIA. So it just sounds like something's broken, haha.

Dazzozo
Posted on 11-19-15 12:27 AM, in Cartridge header for NDS Carts from year 2009 or later (rev. 3 of 11-19-15 12:38 AM) Link | #753
There are plenty of examples of cards using RSA. Cooking Coach and Face Training are right in front of me and I can verify the RSA on both. AFAIK all retail TWL hybrid or limited cards use RSA?

Edit: Unless you meant *Nitro cards* using RSA, I don't think that's ever been observed.

Edit 2: Apparently they do exist according to Normmatt and I'm just full of shit

Dazzozo
Posted on 11-28-15 05:04 PM, in Get ARM11 code execution from FIRM_LAUNCH ARM9? Link | #788
Posted by gudenau
That memory is the bootrom...


You're meant to remap it.

Dazzozo
Posted on 11-28-15 10:34 PM, in Get ARM11 code execution from FIRM_LAUNCH ARM9? Link | #791
There won't be one after FIRM launch, the ARM11 will be operating with physical addressing.

You will have to enable the MMU yourself.

Dazzozo
Posted on 11-29-15 02:50 PM, in Get ARM11 code execution from FIRM_LAUNCH ARM9? Link | #794
You don't even need the bootrom for any of this.

Dazzozo
Posted on 11-29-15 04:45 PM, in Get ARM11 code execution from FIRM_LAUNCH ARM9? Link | #796
Posted by gudenau
I guess your correct... It is FIRM stuff. -.-
Over over complicating things as per usual.


As for your overall aim here, I suggest you first spend some time understanding how NATIVE_FIRM operates, before trying to replace it. Specifically, how it brings up the ARM cores and to an extent, how it prepares them for shutdown (and generally how FIRM launch works). Otherwise, you're trying to run before you can walk.

Dazzozo
Posted on 02-04-16 04:39 PM, in [Question]Reserve memory for arm9 Link | #931
How about: don't check for running processes on ARM9 at all? You guys know the ARM11 exists, right?

Dazzozo
Posted on 03-27-16 09:24 PM, in Touch Screen? Link | #993
see http://3dbrew.org/w/index.php?title=Codec_Services&curid=2071&diff=16241&oldid=13745

These use SPI device 3, I think the legacy (TWL) device was 2.


Main - Posts by Dazzozo

Page rendered in 0.012 seconds. (2048KB of memory used)
MySQL - queries: 22, rows: 85/85, time: 0.005 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.