#100483 - bugmenot! - Mon Aug 28, 2006 4:52 am
There are some improvements in cracking SHA1, but the article doesn't go in to too much detail. Is this enough to make a homebrew with the same hash as a signed game?
http://www.heise-security.co.uk/news/77244
#100501 - MaHe - Mon Aug 28, 2006 8:58 am
This doesn't help us anything ... DS uses RSA and not SHA1.
_________________
[ Crimson and Black Nintendo DS Lite | CycloDS Evolution | EZ-Flash 3-in-1 | 1 GB Transcend microSD ]
#100516 - Harakiri - Mon Aug 28, 2006 12:05 pm
| MaHe wrote: |
| This doesn't help us anything ... DS uses RSA and not SHA1. |
do you know what you just said ? this comment doesnt make any sense
a hash is created using SHA1 for example, this hash is then encrypted using RSA/DSA or whatever you like - if the Nintendo DS uses signed code well then sure there is an underlying hash algorithm used - RSA is not an hash algorithm
On Topic :
The SHA1 is far from beeing "cracked" its just that instead of random bytes you have to put together to gather the same hash as a valid message - you are now able to put up to 25-50% text (text that makes sense and is not random) in it
#100542 - MaHe - Mon Aug 28, 2006 4:03 pm
Oh, excuse me. I promise I won't bull**** about things I know nothing about.
*hides in a corner, embarassed*
_________________
[ Crimson and Black Nintendo DS Lite | CycloDS Evolution | EZ-Flash 3-in-1 | 1 GB Transcend microSD ]
#100550 - Turambar - Mon Aug 28, 2006 5:20 pm
| Harakiri wrote: |
| The SHA1 is far from beeing "cracked" its just that instead of random bytes you have to put together to gather the same hash as a valid message - you are now able to put up to 25-50% text (text that makes sense and is not random) in it |
If you can do that in a reasonable amount of time, then it really is "cracked". At least for practical purposes. Can't you use the first 25-50% part of the file to put your nds, and just leave the rest for the random stuff? Then your ds would only execute the "text that makes sense" part, and the rest would just ocupy space.
#100568 - Harakiri - Mon Aug 28, 2006 7:59 pm
| Turambar wrote: |
| then it really is "cracked". At least for practical purposes. Can't you use the first 25-50% part of the file to put your nds, and just leave the rest for the random stuff? Then your ds would only execute the "text that makes sense" part, and the rest would just ocupy space. |
the attacks are generally for plain text messages (i.e. signed emails or something like that) - its not cracked yet since you cannot create exact 1:1 messages (i.e. you have to hide some data for the enduser)
moreover, the sha1 term is missleading - because the proof of concept is only provided for a lower sha1 with uses only 64 steps during hashing instead of 80
if you are interested in this subject - heise.de has created an article about it with more in depth information - it is in english too
http://www.heise-security.co.uk/articles/75686
#100579 - HyperHacker - Mon Aug 28, 2006 8:41 pm
Being able to generate a file which has the same checksum as a signed NDS would be just as good as cracking the RSA, wouldn't it? You'd be able to add whatever garbage to your program to make it match the existing signature.
_________________
I'm a PSP hacker now, but I still <3 DS.
#100601 - tepples - Mon Aug 28, 2006 10:29 pm
Even if the added code is only a jump to GBA ROM, it's still a candidate to replace WiFiMe.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#100602 - josath - Mon Aug 28, 2006 10:32 pm
Unfortunately, from what I read in the article, the attacker has to be generating BOTH pieces of code in order to produce matching signatures. In other words, this will only help if we know someone on the inside who is willing to attach random data (selected by an attacker) to the end of a commercial nds file before it is published. Also, currently you need to have 25% real data and 75% random attack data. So at this time, this is pretty much useless to us.