gbadev.org forum archive

This is a read-only mirror of the content originally found on forum.gbadev.org (now offline), salvaged from Wayback machine copies. A new forum can be found here.

DS development > WMB host question.

#165093 - freddan007 - Tue Dec 09, 2008 8:20 pm

Please move this if it's in the wrong forum.
I downloaded the 2.3 (or something) version of the wmbhost RSA mod by yellowstar and tried to send the homebrew balance by seddy from my dsx to my other ds. As far as I have read this shouldn't be possible if the other ds is not flashed. My question is will my ds get flashed if I used the DS-Xtream card because I successfully sent the homebrew to the other DS but when it started it froze.

Video of the attempt:
http://www.youtube.com/watch?v=8_1747uUvFc
(If I can't post links: h ttp : / /w w w.y out ube.co m/wa tch?v= 8_1747 uUv F c without spaces)

Is this what should happen if the firmwire is not flashed or should the RSA frame not be possible to send?

#165146 - yellowstar - Wed Dec 10, 2008 9:51 pm

The current WMB Host RSA Mod release is 2.2b. It is normal for the client DS to freeze with an odd gray logo after downloading the homebrew software, when the client DS is not flashed. Flashing will allow homebrew sent over WMB to run.

#165167 - freddan007 - Thu Dec 11, 2008 9:49 am

yellowstar wrote:
The current WMB Host RSA Mod release is 2.2b. It is normal for the client DS to freeze with an odd gray logo after downloading the homebrew software, when the client DS is not flashed. Flashing will allow homebrew sent over WMB to run.
Thanks for the reply. Do you know what is causing the freaze after the "nintendo like" logo has showed up?(Except from the un flashed firmwire)

#165182 - yellowstar - Thu Dec 11, 2008 7:10 pm

Official software sent over WMB is RSA signed. There's a public key, and a private key. The public key included in the signature, is used for verification. The private key is used for generating the public key, and signing. We don't know what the private key is, since no-one but Nintendo knows what it is. Really - it's not included in any DS software at all. Brute-forcing the private key, is not feasible. Even the best supercomputers couldn't generate the correct key before the DS becomes obsolete.(Like at least a century) When verification fails on a stock DS/NoFlashMe DS, the freeze happens. FlashMe patches the verification result so the DS boots the homebrew, instead of freezing.

#165183 - freddan007 - Thu Dec 11, 2008 7:15 pm

yellowstar wrote:
Official software sent over WMB is RSA signed. There's a public key, and a private key. The public key included in the signature, is used for verification. The private key is used for generating the public key, and signing. We don't know what the private key is, since no-one but Nintendo knows what it is. Really - it's not included in any DS software at all. Brute-forcing the private key, is not feasible. Even the best supercomputers couldn't generate the correct key before the DS becomes obsolete.(Like at least a century) When verification fails on a stock DS/NoFlashMe DS, the freeze happens. FlashMe patches the verification result so the DS boots the homebrew, instead of freezing.
Is the private key stored anywhere or is the nds using some sort of algorythm to generate it? How many bytes/bits is the key? Can't you sniff the key?

#165185 - yellowstar - Thu Dec 11, 2008 8:18 pm

No, it's nowhere we can get it - it's only stored with Nintendo's signing software. The private key is fixed - using the wrong private key results in a verification failure. It's 1024-bits/128-bytes. Sniffing is not possible. RSA is a sort of encryption, but it's meant for authentication, like SHA-1 hashes, which is what the DS uses for WMB verification. The private key is used to generate the public key. As said before, this is done during signing. The public key is basically an encrypted hash of the header, arm7/9 binaries. To decrypt and verify the public key/signature, you don't need the private key, you just need another public key. The official WMB client uses a public key stored in the firmware for this. To verify, you just need to decrypt the signature with a public key, such as the WMB client's public key, then compute the combined hash for the header, arm7/9 binaries, then compare this hash, and the decrypted hash. If they match, verification passed, otherwise verification failed.

#165199 - freddan007 - Fri Dec 12, 2008 1:01 pm

yellowstar wrote:
No, it's nowhere we can get it - it's only stored with Nintendo's signing software. The private key is fixed - using the wrong private key results in a verification failure. It's 1024-bits/128-bytes. Sniffing is not possible. RSA is a sort of encryption, but it's meant for authentication, like SHA-1 hashes, which is what the DS uses for WMB verification. The private key is used to generate the public key. As said before, this is done during signing. The public key is basically an encrypted hash of the header, arm7/9 binaries. To decrypt and verify the public key/signature, you don't need the private key, you just need another public key. The official WMB client uses a public key stored in the firmware for this. To verify, you just need to decrypt the signature with a public key, such as the WMB client's public key, then compute the combined hash for the header, arm7/9 binaries, then compare this hash, and the decrypted hash. If they match, verification passed, otherwise verification failed.
So you would need to get the source of the nds firmwire/one roms to be able to calculate it?

#165201 - chuckstudios - Fri Dec 12, 2008 1:48 pm

No, you'd need to break into Nintendo and steal hard drives. And then you go to prison.

#165227 - freddan007 - Sat Dec 13, 2008 4:53 pm

chuckstudios wrote:
No, you'd need to break into Nintendo and steal hard drives. And then you go to prison.
Not if they can't prove it. Muahahahahahaaa...
It would be possible to crack it but it would be very very very hard(Without breaking into nintendo). There is just one thing that bothers me. How does the other ds know it's the right/wrong key? That must be in the firmwire right?

#165233 - yellowstar - Sun Dec 14, 2008 12:32 am

freddan007 wrote:
How does the other ds know it's the right/wrong key? That must be in the firmwire right?
I already explained that in my previous post. Yes, the public key used for verification is in the firmware. When signing is done, a public key is generated from the private key and a combined hash previously described. This key is usually stored as the RSA signature stored at the end of the .nds. The signature is a encrypted combined hash, and decryption of it is done with another public key, normally the public key from the firmware. If the calculated combined hash does not match the decrypted hash, verification fails.

#165322 - tepples - Wed Dec 17, 2008 5:59 am

freddan007 wrote:
There is just one thing that bothers me. How does the other ds know it's the right/wrong key?

Please go to Wikipedia and look up RSA. After you understand RSA, you'll probably understand our explanations of how the DS firmware applies RSA.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.

#165334 - HyperHacker - Wed Dec 17, 2008 9:23 am

To oversimplify a bit: it's an algorithm. X goes in, Y comes out. Y can easily be extracted from the firmware, but it's only good for verifying the binary. To make a new binary pass verification, we need X. Only Nintendo has X (it's not anywhere in the code, etc), and it's a ridiculously huge number that would take at best hundreds of years to guess or brute-force. Knowing Y does not help you determine X at all, and the algorithm only works one way (i.e. you can't just use it "in reverse").
FlashMe reprograms it to skip the verification, so it will run any program you send it. That doesn't work in reverse either though - other DSes will still reject the program being sent from one that accepted it, if they aren't also flashed.
_________________
I'm a PSP hacker now, but I still <3 DS.

#165339 - freddan007 - Wed Dec 17, 2008 2:47 pm

HyperHacker wrote:
To oversimplify a bit: it's an algorithm. X goes in, Y comes out. Y can easily be extracted from the firmware, but it's only good for verifying the binary. To make a new binary pass verification, we need X. Only Nintendo has X (it's not anywhere in the code, etc), and it's a ridiculously huge number that would take at best hundreds of years to guess or brute-force. Knowing Y does not help you determine X at all, and the algorithm only works one way (i.e. you can't just use it "in reverse").
FlashMe reprograms it to skip the verification, so it will run any program you send it. That doesn't work in reverse either though - other DSes will still reject the program being sent from one that accepted it, if they aren't also flashed.
One more thing(Sorry for beeing a noob). Is X the same on all games or is it generated by nintendo for every game?