Jiggmin's Village

Full Version: Security Fails
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I do security research in my free time for fun. I enjoy breaking things.  I've seen a lot of dumb stuff in my 8-10 years of hacking Nintendo consoles. I got out of that sometime ago and mostly do private work now, but yea, I've got tons of stories.
Feel free to share your stories, or learn from these stories. 

I'll start out with a really easy one i did recently. I found some password protected zips that used the standard zipcrypto that windows zip uses. There are like 3 u32 values used to create a stream  and thats XOR'd with the plaintext to produce cipher text. So just knowing at least one of the files plaintext, or at least part of it, i was able to zip the file with same deflate settings, get the plaintext of that and xor with cipher to recover the keys, and then decrypt the entire zip.

Ive also seen some people trying to encrypt files by just XORing the file with a stream made from a hash and i used plain text attacks on that too. Its especially easy when its zip because you can use zip's central directory to recover the keys.. the magics are known. easy to find EOCD and work backwards.

Lesson here is use AES.
[Image: a8c.png]
no idea what was said in the OP but it sounds bad lol. i am looking to learn about cybersecurity stuff down the line tho
Security can be fun but also not at the same time. I would never do it as a job, and underground scenes are worse.
I co-wrote and published a paper with some friends a while back on nintendo switch security. I did the part on the Tegra security co-processor (real fun thing). That was probably the one good thing that came from that.

That thing had all kinds of security features to prevent the security payload from being compromised (signed payloads, special mechanics to transfer code exec to other payloads).. but it failed to address payload downgrade exploitation lol. That on top of it leaking hashes on the heap that allowed me to sign my own first stage payload among other things.
(26th September 2021, 9:27 PM)Rei Wrote: [ -> ]Security can be fun but also not at the same time. I would never do it as a job, and underground scenes are worse.
I co-wrote and published a paper with some friends a while back on nintendo switch security. I did the part on the Tegra security co-processor (real fun thing). That was probably the one good thing that came from that.

That thing had all kinds of security features to prevent the security payload from being compromised (signed payloads, special mechanics to transfer code exec to other payloads).. but it failed to address payload downgrade exploitation lol. That on top of it leaking hashes on the heap that allowed me to sign my own first stage payload among other things.

That paper sounds really interesting. Is there any place I could read it?
All I know about Nintendo Switch security is that if you insert a paper clip in some older console version just right, you'll obtain uber hax and will be able to play free video games and commit copyright infringement!!!
(26th September 2021, 9:37 PM)Northadox Wrote: [ -> ]That paper sounds really interesting. Is there any place I could read it?
All I know about Nintendo Switch security is that if you insert a paper clip in some older console version just right, you'll obtain uber hax and will be able to play free video games and commit copyright infringement!!!
https://arxiv.org/pdf/1905.07643.pdf
Have a looksie at my GitHub. I've contributed to a few projects that have had some glaring security issues. You may have to go back through years of commits to find them though -- I think I did a pretty good job of taking care of most of them early on. 🤞🏻
My new favorite thing is passive DNS leaking info on open ftps and shit. lol