Line 7: |
Line 7: |
| Of course, whomever has found the normal key, should be also able to find the keyX/Y values, but I've no idea how that could be done (it will certainly not work with cooking coach which has all keyslots erased, so it might require main ram hacks in worst case). | | Of course, whomever has found the normal key, should be also able to find the keyX/Y values, but I've no idea how that could be done (it will certainly not work with cooking coach which has all keyslots erased, so it might require main ram hacks in worst case). |
| | | |
− | The part about ''"binblk->binblocksize" is the actual binary size'' is confusing. If '''binblk->binblocksize''' is known, then what is '''binblocksize''' in the formula? Or is that a typo, and it means same as '''binblk->binblocksize'''?[[User:Nocash|Nocash]] 14:27, 27 March 2015 (CET) | + | The part about ''"binblk->binblocksize" is the actual binary size'' is confusing. If '''binblk->binblocksize''' is known, then what is '''binblksize''' in the formula? Or is that a typo, and it means same as '''binblk->binblocksize'''?[[User:Nocash|Nocash]] 14:27, 27 March 2015 (CET) |
| | | |
| * 1/3) See last page edit. | | * 1/3) See last page edit. |
| * 2) One can easily obtain the keyX^keyY key with F_XY_reverse(<any normalkey>) from that tool, but of course that's rather pointless without a keyX/keyY to XOR with that. Besides ramhaxx, the only other way to obtain the keyX/keyY for that yourself is to just get it from the 3DS [http://3dbrew.org/wiki/Memory_layout#ARM9_ITCM DSi-key-stash] @ 0x01FFD000(essentially *all* DSi keys are stored in there + TWL_FIRM Process9). | | * 2) One can easily obtain the keyX^keyY key with F_XY_reverse(<any normalkey>) from that tool, but of course that's rather pointless without a keyX/keyY to XOR with that. Besides ramhaxx, the only other way to obtain the keyX/keyY for that yourself is to just get it from the 3DS [http://3dbrew.org/wiki/Memory_layout#ARM9_ITCM DSi-key-stash] @ 0x01FFD000(essentially *all* DSi keys are stored in there + TWL_FIRM Process9). |
| --[[User:Yellows8|Yellows8]] 06:00, 7 April 2015 (CEST) | | --[[User:Yellows8|Yellows8]] 06:00, 7 April 2015 (CEST) |
| + | |
| + | :4.1) Okay, decrypting the RSA stuff is possible, and it's just me not knowing how to. Are you saying that the RSA key is contained in the TWL_FIRM executable? So one could simply "copy/paste" it from the TWL_FIRM files? Or is the key elsewhere, and TWL_FIRM is just using it during boot? So one would need some exploit to hack TWL_FIRM during boot-up? Sorry, but I don't have a 3DS, and know absolutely nothing about that console. |
| + | |
| + | :4.3) I've edited it myself (see last page edit). I hope that wasn't wrong. |
| + | |
| + | :5) Yeah, reversing KeyX without KeyY won't work (I can confirm that). If that Tad KeyX is one of the "known" DSi keys (those relocated from DSi BIOS ROM to TCM/WRAM during booting), then everything would be fine. And otherwise, one would need some 3DS exploit to get that DSi-key-stash... supposedly some special kernel exploit which isn't available to normal 3DS programmers? |
| + | :PS. I've added some contact info on my wiki/user page (just in case) --[[User:Nocash|Nocash]] 22:56, 14 April 2015 (CEST) |
| | | |
| == Bootloader Error Photos == | | == Bootloader Error Photos == |