Talk:Stage2: Difference between revisions
Hallowizer (talk | contribs) m Hallowizer moved page Talk:Boot1 to Talk:Stage2: commonly used name |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 21: | Line 21: | ||
::Yes, those two RSA pubks are stored in the TWL_FIRM Process9 binary itself. When one has TWL_FIRM decrypted one can just extract those keys from there. There's public exploit(s)+tools for that, including arm9hax which is required for dumping the DSi keys from 3DS ARM9 ITCM. The common tad-keyX is written to the AES engine keyslot for it by bootrom, AFAIK it doesn't get copied elsewhere(the keyY for it is copied to the keystorage area near the end of ARM7 memory, but of course that area gets cleared when games are booted). --[[User:Yellows8|Yellows8]] 20:34, 18 April 2015 (CEST) | ::Yes, those two RSA pubks are stored in the TWL_FIRM Process9 binary itself. When one has TWL_FIRM decrypted one can just extract those keys from there. There's public exploit(s)+tools for that, including arm9hax which is required for dumping the DSi keys from 3DS ARM9 ITCM. The common tad-keyX is written to the AES engine keyslot for it by bootrom, AFAIK it doesn't get copied elsewhere(the keyY for it is copied to the keystorage area near the end of ARM7 memory, but of course that area gets cleared when games are booted). --[[User:Yellows8|Yellows8]] 20:34, 18 April 2015 (CEST) | ||
Thanks! Found the RSA key. And now I do also understand what you meant about reversing Tad key X (the DSi does only relocate Tad key Y to RAM/TCM). My emu is now throwing that "Error: 1-2435-8325" message. That should be a good place to start with. --[[User:Nocash|Nocash]] 23:41, 20 April 2015 (CEST) | |||
== Bootloader Error Photos == | == Bootloader Error Photos == | ||
| Line 33: | Line 35: | ||
'''Discuss here:''' | '''Discuss here:''' | ||
== Split to boot0 and boot1? == | |||
Seems like a better name to give these loaders. [[User:Hallowizer|Hallowizer]] ([[User talk:Hallowizer|talk]]) 07:26, 18 August 2021 (CEST) | |||