Posts: 22
Threads: 2
Joined: 17/Jul/2021
PR2 Name: Reisyukaku
25th September 2021, 9:31 PM
I do security research in my free time for fun. I enjoy breaking things. I've seen a lot of dumb stuff in my 8-10 years of hacking Nintendo consoles. I got out of that sometime ago and mostly do private work now, but yea, I've got tons of stories.
Feel free to share your stories, or learn from these stories.
I'll start out with a really easy one i did recently. I found some password protected zips that used the standard zipcrypto that windows zip uses. There are like 3 u32 values used to create a stream and thats XOR'd with the plaintext to produce cipher text. So just knowing at least one of the files plaintext, or at least part of it, i was able to zip the file with same deflate settings, get the plaintext of that and xor with cipher to recover the keys, and then decrypt the entire zip.
Ive also seen some people trying to encrypt files by just XORing the file with a stream made from a hash and i used plain text attacks on that too. Its especially easy when its zip because you can use zip's central directory to recover the keys.. the magics are known. easy to find EOCD and work backwards.
Lesson here is use AES.
Posts: 115
Threads: 11
Joined: 1/Jun/2018
PR2 Name: Magniloquent
26th September 2021, 1:13 PM
Posts: 282
Threads: 17
Joined: 2/Dec/2017
PR2 Name: good job man
26th September 2021, 1:44 PM
no idea what was said in the OP but it sounds bad lol. i am looking to learn about cybersecurity stuff down the line tho
Posts: 22
Threads: 2
Joined: 17/Jul/2021
PR2 Name: Reisyukaku
26th September 2021, 9:27 PM
Security can be fun but also not at the same time. I would never do it as a job, and underground scenes are worse.
I co-wrote and published a paper with some friends a while back on nintendo switch security. I did the part on the Tegra security co-processor (real fun thing). That was probably the one good thing that came from that.
That thing had all kinds of security features to prevent the security payload from being compromised (signed payloads, special mechanics to transfer code exec to other payloads).. but it failed to address payload downgrade exploitation lol. That on top of it leaking hashes on the heap that allowed me to sign my own first stage payload among other things.
Posts: 359
Threads: 37
Joined: 27/Nov/2017
PR2 Name: Northadox
PR3R Name: Northadox
26th September 2021, 9:37 PM
(This post was last modified: 26th September 2021, 9:37 PM by Northadox. Edited 1 time in total.)
(26th September 2021, 9:27 PM)Rei Wrote: Security can be fun but also not at the same time. I would never do it as a job, and underground scenes are worse.
I co-wrote and published a paper with some friends a while back on nintendo switch security. I did the part on the Tegra security co-processor (real fun thing). That was probably the one good thing that came from that.
That thing had all kinds of security features to prevent the security payload from being compromised (signed payloads, special mechanics to transfer code exec to other payloads).. but it failed to address payload downgrade exploitation lol. That on top of it leaking hashes on the heap that allowed me to sign my own first stage payload among other things.
That paper sounds really interesting. Is there any place I could read it?
All I know about Nintendo Switch security is that if you insert a paper clip in some older console version just right, you'll obtain uber hax and will be able to play free video games and commit copyright infringement!!!
Posts: 22
Threads: 2
Joined: 17/Jul/2021
PR2 Name: Reisyukaku
26th September 2021, 10:28 PM
(26th September 2021, 9:37 PM)Northadox Wrote: That paper sounds really interesting. Is there any place I could read it?
All I know about Nintendo Switch security is that if you insert a paper clip in some older console version just right, you'll obtain uber hax and will be able to play free video games and commit copyright infringement!!!
https://arxiv.org/pdf/1905.07643.pdf
The Following 1 User Says Thank You to Rei For This Useful Post:
• Northadox
Posts: 2,631
Threads: 452
Joined: 9/Nov/2017
PR2 Name: bls1999
PR3R Name: bls1999
27th September 2021, 3:18 PM
Have a looksie at my GitHub. I've contributed to a few projects that have had some glaring security issues. You may have to go back through years of commits to find them though -- I think I did a pretty good job of taking care of most of them early on. 🤞🏻
I post about the latest site updates on the
Dev Log. If you have suggestions, feel free to post them
here.
@
Eternal and I pay for this site out of our own savings. Please consider
donating to help keep Jiggmin's Village running.
Posts: 22
Threads: 2
Joined: 17/Jul/2021
PR2 Name: Reisyukaku
4th October 2021, 8:21 PM
My new favorite thing is passive DNS leaking info on open ftps and shit. lol