
The 3DS Cryptosystem - yifanlu
http://yifan.lu/2016/04/06/the-3ds-cryptosystem/
======
bostik
That was an amusing read. The big takeaways are even deliciously quotable:

 _The irony is that the feature designed to bring more security was the one
that completely broke it._

 _Too much complexity: having lots of blocks that say “AES” and “RSA” in your
plan might impress the boss, but it just adds to the attack surface. Always go
with the simplest plan that secures against your threat model._

Security is hard to get right, and retrofitting security features into
existing systems is ripe with very subtle traps. Add backwards compatibility
into the mix and you've probably created a fragile Frankenstein.

~~~
justifier
i suppose a handheld gaming device could be considered low consequence on the
spectra of encryption use, which may simply answer my own question..

but being someone interested in factorisation i am baffled as to why anyone
has or is using rsa

my intended inference is that factoring numbers is deterministically
achievable in sub polynomial time, and having your crypto rely on 'it's hard
for me it must be impossible for you' reads so sophomoric

~~~
eximius
That is what _all_ cryptography is based on?

And I don't know what subpolynomial time nonsense you're talking about.

~~~
tptacek
If you're going to be rude, at least be correct. All cryptography is not in
fact based on factoring; in fact, most public-key crypto isn't.

~~~
eximius
I wasn't referring to factoring. I quite like lattice based and ECC systems. I
was referring to 'if it's hard for me it must be hard for you'. ALL
cryptography is based off of that assumption.

edit: I can't seem to reply to you again, so I'll edit. This is all a big
miscommunication. I was more confused than hostile, though I recognize how it
came off poorly. I genuinely thought he had some fundamental understandings
due to the combination of things he said. I was mistaken and my response came
off poorly.

~~~
tptacek
That's a reading of the original comment so uncharitable as to seem
tendentious. The commenter was specific about factoring; they were not calling
into question the entire idea of a trapdoor function.

------
userbinator
_Finally, I will summarize the findings and provide a few tips to fellow
engineers in hopes that these kinds of mistakes will not be made again._

On the other hand, those of us who like to actually own our hardware very much
hope that these mistakes do happen again. :-)

~~~
venomsnake
And I would prefer a legal solution to that. Cryptography is great when you
control the keys.

Do not allow restricted devices on the mass market if the legal owner is
unable to override the restrictions.

~~~
andrepd
Why should restricted devices be forbidden? The device is on the market, you
know beforehand it's restrictions, and you are free to buy it or not.

~~~
venomsnake
Because the feudal model of today must be destroyed since i consider it
harmful.

~~~
andrepd
Calling a voluntary consumer purchase a "feudal model" is really stretching
it.

------
tptacek
[https://www.thoughtcrime.org/blog/the-cryptographic-doom-
pri...](https://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/)

~~~
cmrx64
I was hoping I'd find this link here. It never fails to deliver.

~~~
tptacek
You could see it in the very first diagram, with "AES-CTR" and no other
blocks. And, sure enough...

At this point, the term "CTR" has become a design smell.

~~~
yifanlu
As a simplification, I did not draw any of the blocks contributing to code
signing. RSA is used everywhere to ensure that the code is signed. If you
consider the signature as the MAC, it does "Authenticate Then Encrypt" (the
signature is over the NCCH or FIRM header. The header contains hash + size of
each section.)

~~~
tptacek
Help me understand a bit more about how a bogus key was able to generate a
gibberish text segment that code could successfully return into if all program
text was protected by RSA signatures. I may have misread the article.

~~~
yifanlu
So we have FIRM, the main firmware image. It has three segments: 1) main ARM11
kernel modules, 2) ARM11 kernel, 3) ARM9 kernel/ARM9 process. The FIRM header
has a SHA256 hash over all the segments and the size of all segments. The FIRM
header also has a RSA2048 signature over the header. Then everything (sig +
header + FIRM) is encrypted with AES-CTR and placed on the NAND.

On system start, the whole chunk is decrypted, the signature is verified, and
everything works as expected. Until in the New 3DS, they decide to also
additionally encrypt segment 3 (the ARM9 stuff) with a separate key on the
NAND. That's what led to the whole mess. So I guess their mistaken assumption
was that since FIRM was signed, the encrypted ARM9 section was protected.
However, they didn't take account of the fact that the key to decrypt it can
be corrupted. It's a bit subtle.

~~~
tptacek
I follow. But, if they'd encrypted every segment with AES-OCB or AES-GCM,
rather than raw AES-CTR and then relying on the RSA signature of a header with
hashes, this bug wouldn't have been possible, right?

(I get that there are multiple ways to break a bug. :)

~~~
yifanlu
Of course, in a perfect world we would all be doing that. However, there is a
tradeoff of boot-time/power consumption/hardware complexity (the hw AES engine
only does CCM/CTR/CBC). Given their track record though, I wouldn't be
surprised if things still broke if they used GCM. I think the main takeaway
isn't that there's a couple of things they could have done differently to
prevent this (which is always true in hindsight), but that certain major
design decisions made such bugs inevitable.

------
Jasper_
A funny thing about the key generator. There was originally a project within
the community to raise the funds to do a successful decap of the AES engine
and key generator.

They successfully raised the $2000 before the person claiming to do a decap
(Jl12) stole all the money and disappeared off the face of the earth.

[http://web.archive.org/web/20121227085042/http://3dbrew.org/...](http://web.archive.org/web/20121227085042/http://3dbrew.org/wiki/Fundraiser)

[http://web.archive.org/web/20140209211220/http://3dbrew.org/...](http://web.archive.org/web/20140209211220/http://3dbrew.org/wiki/Fundraiser)

~~~
AdmiralAsshat
All that goodwill pissed away for a paltry 2k? I mean, at least get into five
figures if you're planning a heist like that.

------
SXX
For anyone interested there is PS3 security explained and it's one more proof
that complexity don't make system more secure:

[http://www.psdevwiki.com/ps3/Boot_Order#Chain_of_trust_Diagr...](http://www.psdevwiki.com/ps3/Boot_Order#Chain_of_trust_Diagram)

[http://www.psdevwiki.com/ps3/Keys](http://www.psdevwiki.com/ps3/Keys)

------
wizzard0
Another illustration of the classic thesis "security should be built from the
ground up and can't be added later". Also shows the importance of minimizing
the attack surface. Would love to hear some inside stories about discussions
that ultimately led to these implementation decisions.

------
anon4
Still, it held off for 4 years. That's pretty much the usual lifetime of a
console generation, so I'd say the system was a success.

~~~
kanetw
It was broken much, much earlier. At first you required an external device
(special cartridge) or hardware mods, but there was a software exploit via the
web browser for over a year now.

~~~
kevingadd
In addition to being broken earlier, it's been _trivial_ for even a casual
user to pick up the exploits and use them to run arbitrary software on the
device. There's a long-running website out there you can load in the 3DS web
browser to exploit your device with a single click.

