Hacking 3DS Private Key Theory

[RoyalCardMan]

When I was eating dinner, I started thinking about how everyone is trying to find the Private Key that would allow people to play homebrew on the Nintendo 3DS. Well, you may think that this theory sounds crazy, but it could be why it was impossible.

When people are trying to find the private key, they are looking for specific values. They think that it will just be one huge value of certain number, letters, ect. But, what if they are embedded within a huge key. Take this for example:

XFADS92435K834523KDSA23253 - Not real

You may think(if it was real), that this was the private key. Now, it may just seem impossible that it would work, but look within the code:

XFADS92435K834523KDSA23253

Maybe the Private key relies on a pattern. For example, if a game had the value of:

XFADG56435K0DF523KLO12325I

It may not seem the same, but the Nintendo 3DS would still accept it because they had these values and in the correct order.

Well, if this theory was true, I would have a solution. What could be done is get 5-10 ROMs(games made by other companys) and examine the code. Now, from here, comparing all the values, you could see which one is most commonly used. Using these values, you could put them together, and walla. The private key.

Now, if you want to test this, I guess you can, but I can't since I don't have the proper equipment to do so.

Tell me what you think. If this is in the wrong section, I am sorry.

 

[KingAsix]

I think I see what you are saying...Nice theory in my opinion.

 

[RoyalCardMan]

Well, maybe I'll start a team to test this theory.

If anybody wants to see if this works, just PM me. I want to get the Nintendo 3DS working with homebrew and such.

EDIT: This is my second theory.

Well, yes the system would work similar to the first theory, but instead of keeping the same unneeded(the values not part of the actual Private Key)values, the Nintendo 3DS firmware actually randomizes the values. This would allow them to make sure people would have a harder time matching up the values of the Private Key.

For example:

XFADS92435K834523KDSA23253

Then, the next time the Nintendo 3DS does a certain action(what ever action that would be), the code would somewhat be randomized to hide the code:

XFADS92435K244523KDSA23259

Now, it wouldn't matter what the other values were, as long as the values stayed the same, including the order of the values, it would still work.

EDIT2: I will be asking a relative of mine to lend his Nintendo 3DS to me, since he has always wanted to play homebrew on his Nintendo 3DS.

 

[ChrisRX]

I've said it many times before but I guess it's still relevant. The people who are actually smart enough to break software and hardware security are not the sort of people who frequent this forum. They have much more knowledge than most (if not all) of us and everything that gets suggested I'm sure they have already thought of.

In reality it's going to be nowhere near as simple as your suggestion and there would be months if not years of additional work. As I'm sure you know you can't just find a key and then poof, homebrew. There would be all sorts of encryption algorithms to crack on the software side and even more to investigate on the hardware side.

I do commend you for actually sounding more intelligent than most people who make suggestions but in short, if we think of anything that may help towards the hacking efforts, chances are the experts have already tried it.

 

[RoyalCardMan]

I've said it many times before but I guess it's still relevant. The people who are actually smart enough to break software and hardware security are not the sort of people who frequent this forum. They have much more knowledge than most (if not all) of us and everything that gets suggested I'm sure they have already thought of.

In reality it's going to be nowhere near as simple as your suggestion and there would be months if not years of additional work. As I'm sure you know you can't just find a key and then poof, homebrew. There would be all sorts of encryption algorithms to crack on the software side and even more to investigate on the hardware side.

I do commend you for actually sounding more intelligent than most people who make suggestions but in short, if we think of anything that may help towards the hacking efforts, chances are the experts have already tried it.

Well, actually the example I gave was just a poor example. As I said, this is just a theory. Second of all, I am actually testing this using different mathematical equations. That comes with my theory, but I didn't have the time to post it.

You see, there is some important part I forgot to include. These parts of the Private Key would need to be put together in such a way that it would mostly be encrypted. In other words, the values of the private key would have to go through a mathematical problem, and the evaluation would have to be evaluated with another type of equation, something like an encryption of using mathematical equations to hide the actual Private Key.

As I said, it is just a theory. I have so many more.

Edit: And I speak the way I do because I want others to understand what I am doing.

Also, please don't insult my intellegents. I have been programming for many years(with so many programming and scripting languages). I would understand how encryptions work.

 

[Kyohack]

You have completely misunderstood the concept of the private key and the common key. To get a general understanding of how this works, see here: http://en.wikipedia.org/wiki/Public-key_cryptography

You see, it isn't possible to obtain the private key, since only Nintendo has it. Instead, you would have to hack Nintendo's implementation of the private key cryptography system. Perhaps you would instead try to create a buffer overflow within the module that verifies the signed Title Meta Data.

However, before you try that, there is more hope that an exploit would be found in the 3DS browser, rather than attempt to hack Nintendo's implementation of the private key cryptography system. Since the browser is standardized, and since source code is available, we can determine exactly which vulnerabilities still exist within the browser (the browser is ancient, and contains tons of bugs). In fact, TeamTwiizers successfully created a buffer overflow that froze the entire system. I witnessed this. All that needs to be done, is attach an executable payload.

You need proof? Go here in your 3DS internet browser. It will freeze your 3DS, and you will be forced to turn it off, and turn it back on again. (also proves that the browser isn't sandboxed, which is a HUGE relief)

 

[naved.islam14]

Nice theory, but I don't think Big N would work so hard on security like $ony.

 

[RoyalCardMan]

You have completely misunderstood the concept of the private key and the common key. To get a general understanding of how this works, see here: http://en.wikipedia.org/wiki/Public-key_cryptography

You see, it isn't possible to obtain the private key, since only Nintendo has it. Instead, you would have to hack Nintendo's implementation of the private key cryptography system. Perhaps you would instead try to create a buffer overflow within the module that verifies the signed Title Meta Data.

However, before you try that, there is more hope that an exploit would be found in the 3DS browser, rather than attempt to hack Nintendo's implementation of the private key cryptography system. Since the browser is standardized, and since source code is available, we can determine exactly which vulnerabilities still exist within the browser (the browser is ancient, and contains tons of bugs). In fact, TeamTwiizers successfully created a buffer overflow that froze the entire system. I witnessed this. All that needs to be done, is attach an executable payload.

You need proof? Go here in your 3DS internet browser. It will freeze your 3DS, and you will be forced to turn it off, and turn it back on again. (also proves that the browser isn't sandboxed, which is a HUGE relief)

So, what I am getting from the article is from the private key, it uses a random mathematical equation to determine the public key. Well, couldn't you use patterns(not easily)to determine the private key? I could do that.

 

[nutella]

Also, please don't insult my intellegents.

Sorry, had to be done.

 

[Nathan Drake]

This won't be as easy as you are trying to make it sound. There are reasons that there are dedicated teams of hackers that work hard as hell to figure this stuff out. If it was simple in any possible way, we would have had news about the system being cracked within the first week of it releasing.

 

[RoyalCardMan]

I know it ain't easy. I have been looking at one code file four like 10 hours so far, and have only gotten barely anything so far. I never said it was easy.

It was just a theory, which I am actually thinking might be true from what I am seeing so far within the code.

 

[jwcgator]

That's not how a private-public key system works at all.... you are literally wasting your time.


I'm not 100% on the details of cryptography, but I do know that the public keys (which are used to decode things encrypted by the private key) are comprised of a bunch of crazy multiplications of the private key and random numbers that we cannot just "see the pattern" in. There is absolutely no way in the world you're going to find the private key by looking for patterns, I promise.

 

[WiiUBricker]

The private key is just a big random number that can't be found/exploited/cracked etc. The only possibilities are:

1) A Nintendo engineerer releases it to the world wide web (not gonna happen)
2) Bruteforcing it (only if the South Pole melts and Sony hires GeoHot)

Basically this topic is garbage.

 

[ferret7463]

Here's an idea, get one of those hacker groups who infiltrate stuff like the NATO servers and have them do the same to Nintendo. Then they can release the secret of the 7 herbs and spices?

 

[RupeeClock]

Here's an idea, get one of those hacker groups who infiltrate stuff like the NATO servers and have them do the same to Nintendo. Then they can release the secret of the 7 herbs and spices?

That's eleven herbs and spices, and they along with the original hand-writing recipe with measurements are kept in a very tightly secured vault.

 

[p1ngpong]

Yet another "I have a theory on how to hack the 3DS" thread?

As ChrisRX said:

I've said it many times before but I guess it's still relevant. The people who are actually smart enough to break software and hardware security are not the sort of people who frequent this forum. They have much more knowledge than most (if not all) of us and everything that gets suggested I'm sure they have already thought of.

In reality it's going to be nowhere near as simple as your suggestion and there would be months if not years of additional work. As I'm sure you know you can't just find a key and then poof, homebrew. There would be all sorts of encryption algorithms to crack on the software side and even more to investigate on the hardware side.

I do commend you for actually sounding more intelligent than most people who make suggestions but in short, if we think of anything that may help towards the hacking efforts, chances are the experts have already tried it.

So yeah, Im just going to close this.