36C3 - It's not safe on the streets... especially for your 3DS!

Edit subtitles

0:00 - 0:20

36C3 preroll music
0:23 - 0:26

Herald: The following talk is titled "It's
Not Safe in the Streets, especially for
0:26 - 0:31

your 3DS" and it's about exploring a new
attack surface on the 3DS. And the speaker
0:31 - 0:36

is nba::yoh. The show is yours.
0:36 - 0:42

applause
0:43 - 0:50

nba::yoh: Hi, everyone. I'm nba::yoh and
today I'm going to talk about 3DS hacking
0:50 - 1:01

and especially about a protocol, an
undocumented protocol. And we're gonna see
1:01 - 1:11

how I attacked the protocol and got remote
code execution on the system. But before
1:11 - 1:18

before saying, oh, I did that, I'd like to
do a quick recap of the state of 3DS
1:18 - 1:27

hacking in 2019, because there have been a
lot of userland exploits, a lot of patched
1:27 - 1:33

kernel flaws and there's a lot of
documentation online about the system. And
1:33 - 1:41

during the last few years, people have
been working on it and broke the hardware
1:41 - 1:50

keyscambler. And they managed to dump the
bootroms. And as a result, anyone who now
1:50 - 1:58

have the bootrom can derive all the secret
keys of the system. And as a bonus, they
1:58 - 2:04

were able to find a permanent unpatchable
bootrom exploit. So at that point, you
2:04 - 2:11

might be wondering what's left to do in
the system. And actually, I wonder if it
2:11 - 2:17

would be possible to use those keys to
attack features that were protected until
2:17 - 2:22

then by encryption. So that's why today
I'm going to talk about StreetPass.
2:25 - 2:31

First, I'm going to do a quick introduction about
the feature and then we'll see how I
2:31 - 2:39

expoited it and see what's possible to do
once you get code execution. So what is
2:39 - 2:46

StreetPass? This is a local and wireless
communication feature. The basic idea
2:46 - 2:52

behind StreetPass was that users would
take their 3DS with them and go out and it
2:52 - 3:00

would automatically communicate with other
people's systems. The point of the feature
3:00 - 3:07

was to share data between applications
like custom levels for your games or
3:07 - 3:15

messages, avatars, et cetera. So this is
quite an interesting feature for players,
3:15 - 3:22

but also for hackers. So this is the
player point of view so you can send your
3:22 - 3:29

messages and other people will be able to
receive them. But we'd like to - from an
3:29 - 3:35

hacker point of view - we'd like to
replace one of these systems with a PC to
3:35 - 3:41

tamper with the protocol, for example. And
eventually it would be nice if we could
3:41 - 3:48

send some corrupted messages and see if we
can get code execution on foreign systems.
3:50 - 3:55

But for doing that, you need to know how
the street the StreetPass feature works.
3:56 - 4:01

So it's quite simple. It acts like a mailbox.
So you have CECD, which is a system
4:01 - 4:11

module, and it's the only one that manages
all this StreetPass feature. So all your
4:11 - 4:18

applications have an inbox and an
associated outbox in the CECD file system
4:18 - 4:27

and they can put and get messages from and
to these boxes via IPC. Then messages in
4:27 - 4:32

these boxes are used to craft packets
which are then sent using the StreetPass
4:32 - 4:41

protocol. And we can already see on this
diagram which path we could try to attack.
4:41 - 4:47

The first one you might think about are
our application boxes because it's very
4:47 - 4:54

likely that you'll be able to find some kind
of game or application that have a float
4:54 - 5:03

parser. So we might take and get remote
code execution in such an application. But
5:03 - 5:11

the most interesting one would be to try
to attack CECDs parser. And this would
5:11 - 5:19

give us remote code execution in a system
module, which would be nice. But for doing
5:19 - 5:25

that, we need to figure out how the
StreetPass protocol works and nobody
5:25 - 5:31

really knows how it works. There is a bit
of documentation online about the
5:31 - 5:36

pairings, so "oh both our systems are
seeing a hand here. Would like would you
5:36 - 5:42

like to communicate with me?" But it has
never been successfully reproduced, at
5:42 - 5:50

least publicly. And we know that it's
using an unknown and encrypted protocol
5:50 - 5:59

that uses the secret AES key that we can
now get. So let's reverse the protocol.
5:59 - 6:08

First, well, let's reverse the pairing and
replicate it. So it's fairly easy to
6:08 - 6:15

understand: You have both peers, the
client and the master and before
6:15 - 6:23

communicating they randomize their console
ID and their MAC address. Then the client
6:23 - 6:32

sends a bunch of probe requests with our
bundle specific tag, containing a list of
6:32 - 6:38

the applications that have StreetPass
activated. And then eventually the master
6:38 - 6:45

received that public list and analyzes it.
It's checked if an application from the
6:45 - 6:50

client that has StreetPass activated
matches one of it's own applications with
6:50 - 6:56

StreetPass activated. If it's the case, it
sends the probe response to the client,
6:56 - 7:02

which will do the same. And if both peers
agree that they can exchange data, they
7:02 - 7:11

will start communicating after deriving a
common key. So replicating the pairing is
7:11 - 7:21

not super odd if you know what tool to
use. I tried to reproduce the pairing
7:21 - 7:28

using a monitor mode, but it's really hard
because you have to deal with all the
7:28 - 7:38

action item frames et cetera. So I used
nl80211 which lets you register some
7:38 - 7:44

specific callback for some specific frames
and send custom frames and everything is
7:44 - 7:54

handled by your wifi adapter driver. So at
that point the 3DS starts sending
7:54 - 8:01

encrypted data and we have to decrypt
them. So let's review the encryption. They
8:01 - 8:10

do this in two passes, the first one they
use an HMAC-SHA1 over both consoles CIDs
8:10 - 8:18

and both MAC addresses and the output of
this pass is used as an input counter for
8:18 - 8:29

on AES-CTR using the AES key slot we can
now get. And the output of this encryption
8:29 - 8:38

is used as a session key for the
communication. So nl80211 lets you
8:38 - 8:46

register CCMP keys so it's quite easy to
send and receive encrypted packets using
8:46 - 8:56

it. So now we can start reversing the
protocol. Let's take a look at the
8:56 - 9:04

structure of packets before doing any
reverse engineering. So I put some packets
9:04 - 9:10

I was able to receive and the first one is
one of the smallest one you can actually
9:10 - 9:19

observe. So first you have a header and
then you have some data and you can spot
9:19 - 9:27

some magic values here. Actually, it's
easy to spot them because CECD is using
9:27 - 9:36

really recognizable magic values. It's
always the same byte repeated twice. Once
9:36 - 9:41

you know the structure of the packets, you
can view that there are actually
9:41 - 9:49

two protocols. The first one is SPTCP.
It's an equivalent of TCP, but for local
9:49 - 9:55

communication. It's mainly designed to
ensure reliability and data segmentation.
9:55 - 10:04

And then you have SPMTP which is built
over SPTCP and handles all the exchange of
10:04 - 10:11

stricter data and StreetPass messages. So
we have two protocols and we need to
10:11 - 10:18

review both of them. Let's start with
SPTCP. Actually, there is not much to say
10:18 - 10:29

because you only basically have to reverse
and understand the header. You have a
10:29 - 10:34

magic value and some constants. But the
most important field here is the flag
10:34 - 10:39

field because if you can understand what
are the flags, you can understand the
10:39 - 10:46

meaning of the packets you are sending and
receiving. And so you can basically
10:46 - 10:54

understand the protocol. And fortunately,
in this case, they're using the same flags
10:54 - 11:02

as TCP, so it was really easy to
understand the protocol and how it worked.
11:02 - 11:14

And what about SPTCP security? Actually,
it's OK. I did not find any bug. But the
11:14 - 11:19

attack surface is really small. We can
basically only tamper with the header and
11:19 - 11:31

that's it. So SPMTP should be much more
interesting. Let's take a look at the
11:31 - 11:40

structure of SPMTP packets, because there
are actually two different packet types.
11:40 - 11:50

The first one is an info packet. It's
basically used in the handshake and it's
11:50 - 11:57

only here to share information between
both peers. And then you have message box
11:57 - 12:03

packets which are much more interesting
because they contain actual StreetPass
12:03 - 12:11

data and you can even spot the CECD
message via magic value, which means that
12:11 - 12:18

we actually reach actual game data and
SPMTP is the last layer of encapsulation
12:18 - 12:26

of the whole protocol. So once you figure
out how SPMTP works, you can reimplement
12:26 - 12:34

the protocol. So let's first review info
packets. There's a bunch of things in
12:34 - 12:40

here. Many fixed size data like friend
codes, MAC addresses, et cetera. It's not
12:40 - 12:47

much interesting when you're looking for
vulnerabilities. There are variable size
12:47 - 12:52

data, which are much more interesting.
They are sending application lists,
12:52 - 12:59

metadata lists, and it's much more
interesting because when you process them,
12:59 - 13:06

you can fail your parser. And if there is
some vulnerability here, we might exploit
13:06 - 13:15

them to get remote execution. So let's
take a look at one of this parser. This is
13:15 - 13:24

a function that parses meta data lists. So
let's focus on the for-loop. They are
13:24 - 13:34

actually copying a list of entries to the
stack. The destination is on the stack and
13:34 - 13:41

they do not check the number of entries in
the list. So this is clearly a buffer
13:41 - 13:48

overflow, but is it exploitable? Let's
illustrate this with a diagram. So this is
13:48 - 13:57

a regular copy. So you have your packet
buffer. And you have memcopy called on
13:57 - 14:09

each entry and everything's is all right
here. But if you had more entries, you
14:09 - 14:16

have a bunch of entries, compete on the
stack, that overwrite a bunch of things.
14:16 - 14:22

But there's a problem here, because the
packet buffer is not large enough for us
14:22 - 14:33

to reach the return address on the stack.
So we are probably copying uncontrol data.
14:33 - 14:39

So I was like, it's too bad, we can't do
anything with this, but let's check the
14:39 - 14:45

buffer next to our packet buffer. Maybe
there are some control data in there. And
14:45 - 14:54

actually, yes, it's this buffer just
next to the packet buffer, dedicated to a
14:54 - 15:03

list that we sent just before. So actually
we can rewrite the return address. So, how
15:03 - 15:10

do we exploit it now? On the 3DS, you have
the NX bit, but there is no stack cookies
15:10 - 15:16

or no ASLR, so it's pretty
straightforward. You can just embed a ROP-
15:16 - 15:23

chain, a small ROP-chain, and then send
another one in some kind of packets and
15:23 - 15:31

stack-pivot to it. And then you get remote
code execution in CECD. So this one was
15:31 - 15:40

quite easy. Let's move on to message box
packets. Message box packets are packets
15:40 - 15:48

to send a list of StreetPass messages for
some specific applications. They are
15:48 - 15:55

actually stored in some temporary files
for avoiding delays and they are parsed
15:55 - 16:02

once the communication is over. So they
are parsed. So let's take a look at the
16:02 - 16:15

parser. This is the function that actually
loads a temp file into an associated
16:15 - 16:24

structure on the stack and whoops, they do
not check the number of messages in the
16:24 - 16:35

box. So this is another buffer overflow.
You are basically overflowing the message
16:35 - 16:43

pointers array and the message sizes
array. So let's treat this with another
16:43 - 16:55

diagram. So you have on the right the temp
file and on the left the stack and you see
16:55 - 17:02

that you have this structure on the stack
we can see that there is the message
17:02 - 17:08

pointers with pointer pointing to your
temp file buffer and you have the message
17:08 - 17:18

sizes. And if you add another message in
the temporary file, you overflow both
17:18 - 17:27

arrays and start overwriting some data on
the stack. We are a bit concerned because
17:27 - 17:32

we are writing partially or uncontrolled
data on the stack. Obviously you cannot
17:32 - 17:39

control the message pointers and you can
not still control message size because you
17:39 - 17:45

can not put some arbitrary values in
there. You'd have to send gigabytes of
17:45 - 17:57

messages and you can not do that. So what
can we do? What you can see here is that
17:57 - 18:02

you can actually set the last message size
to an arbitrary value because they are
18:02 - 18:11

checking if the current message being
parsed is actually inside of the temporary
18:11 - 18:16

file, a buffer. And if the current message
pointer goes out of the buffer,
18:16 - 18:17

they break the loop
18:17 - 18:24

without returning an error. So what you
can do is set the last message size to an
18:24 - 18:30

arbitrary value and then the pointer will
go out of the buffer and you will write
18:30 - 18:40

one 32-bit value on the stack. But we
need to know what to write. You cannot,
18:40 - 18:45

unfortunately, you cannot directly
overwrite the return address because
18:45 - 18:52

remember that we are writing mainly
uncontrolled data and reaching the return
18:52 - 18:59

address would require you to overwrite the
whole stack frame with uncontrolled or
18:59 - 19:08

partially uncontrolled data. So the only
thing I was able to rewrite without
19:08 - 19:17

crashing the system is this particular
variable. It's a pointer to a critical
19:17 - 19:26

section and it's used for signed
synchronization and mutual exclusion. And
19:26 - 19:32

you can see it's used after the temporary
file has been parsed. So maybe we can do
19:32 - 19:37

something with it. This is the leave_critical_section
call at the end of the loop
19:37 - 19:43

iteration. And you can see that they're
using the pointer to decrement some kind
19:43 - 19:49

of count. So it's basically the number of
threads that are using the critical
19:49 - 19:56

section and we can override the lock
pointer. So by overwriting it, we can
19:56 - 20:03

decrement an arbitrary value in memory,
but we need to find what to overwrite,
20:03 - 20:13

that would give us more control of the
memory and control the execution flow. So
20:13 - 20:19

I've been looking for something like this
and I found something interesting in the
20:19 - 20:27

function that deinitialized the structure
associated to temporary files. This is the
20:27 - 20:35

function for the structure
deinitialization. And you can spot this
20:35 - 20:43

variable. They actually implemented
some kind of allocation mode. And if it's
20:43 - 20:50

equal to pointer mode, it will not try to
free the pointer. The pointers in the
20:50 - 20:58

message pointers array. But if it's not
pointer mode, they will free all of them.
20:58 - 21:04

And while this value should be pointer
mode in any case. But we can decrement it
21:04 - 21:14

using the the vulnerability we've seen
before. So we can get some pointer freed.
21:14 - 21:22

And since we control everything at the
location pointed by message pointers, we can
21:22 - 21:31

try to make it free some crafted and fake
chunks. But there is another problem
21:31 - 21:39

because they're actually resetting the
allocation mode each time a temporary box
21:39 - 21:48

is passed. So we have to find a solution
to this. And what you can do is try to
21:48 - 21:55

make that function return early before the
allocation mode is restored. But this
21:55 - 22:06

implies making it return an invalid return
code. But actually, it's not a problem
22:06 - 22:16

because they're not checking the return
code. So what can we do so far with
22:16 - 22:24

this? So you can send a first temporary
box. This will overwrite the lock variable
22:24 - 22:30

in the stack and decrement the
allocation mode. Then you can send your
22:30 - 22:38

invalid second temorary box and the
parser will return early and the
22:38 - 22:43

message pointers array will not be
updated. And in the end, all the pointers
22:43 - 22:51

in that particular array will be freed.
But since the message pointers array is
22:51 - 22:58

not updated, the pointer in that
particular array are still pointing to the
22:58 - 23:06

first temporary file buffer
which has been freed. That's not a
23:06 - 23:12

problem. If you send a xecond temporary
box with the same size, the buffer will be
23:12 - 23:16

re-allocated for that second
temporary file and we eventually free
23:16 - 23:26

up pointers to control the buffer. So
what's next? We can craft some fake heap
23:26 - 23:33

chunks. We can have the application free
them. What do we do? The free, yes, it is
23:33 - 23:39

actually really insecure. You can exploit
the classic unsafe linker vulnerability,
23:39 - 23:48

so you get one arbitrary write for each
chunk you can free. And you still need to
23:48 - 23:57

know what to overwrite. But you can just
rewrite the heap free list head pointer. So the
23:57 - 24:04

next malloc call will return a pointer to
wherever you want, and you can especially
24:04 - 24:10

put a pointer to the stack in there. So
the next malloc call will return a
24:10 - 24:21

pointer to the stack and it will be used
to store your third temporary file. So
24:21 - 24:29

it's a bit hard to understand. So let's
again illustrate this with a diagram. So
24:29 - 24:36

first you have your first temporary file
loaded in memory. So on the right it's
24:36 - 24:49

parsed and the associated structure is
written in stack and it overwrites the
24:49 - 24:58

lock pointer to make it point to the alloc
mode in memory. In the end,
24:58 - 25:05

leave_critical_section is called. So you have
your temporary buffer freed and your location
25:05 - 25:14

mode decremented. Then your second
temporary file is loaded in memory. The
25:14 - 25:19

buffer used for the first
file is relocated and the pointers in the
25:19 - 25:26

structure still point to our
controlled data and especially our fake
25:26 - 25:39

chunks. So your second temporary file is
loaded and parsed. Then all the chunks are
25:39 - 25:49

freed and the field it is at is moved to
point on the stack. And finally, you can
25:49 - 25:54

see that your last temporary file is
read in on the stack so we can overwrite
25:54 - 26:01

the return address and put a ROP-chain in
there. So this gives us a second remote
26:01 - 26:10

code execution vulnerability in CECD. And
this one this one was quite trickier. So
26:10 - 26:19

what's next? Another one. Yeah. Again,
there is another vulnerability in the
26:19 - 26:30

message parser. It's actually an SDK
function. So any application that uses
26:30 - 26:34

SteetPass is vulnerable, not only CECD but
all application and games that use
26:34 - 26:36

StreetPass are vulnerable for this one.
26:36 - 26:41

But I'm not going
to talk about it and explain everything.
26:41 - 26:51

It's up to you to exploit it. So this
gives us a third Remote Code Execution in
26:51 - 26:57

CECD and you can get Code Execution in any
application using StreetPass. And this
26:57 - 27:06

also give us a persistent backdoor in CECD
because of CECD usually parses all the
27:06 - 27:15

messages in the in and out boxes at startup.
So you can trigger the vulnerability
27:15 - 27:25

once the system boots. So we've got a
Remote Code Execution in CECD, what can we
27:25 - 27:35

do? No, actually, CECD does not have much
privileges. It's only a userspace
27:35 - 27:41

application. And it's pretty well
sandboxed. You can not access the
27:41 - 27:49

internet, for example or not the SD card.
So if you want more privileges and we
27:49 - 27:57

want more privileges, you need to take
care of something else. And your
27:57 - 28:05

best choice would be trying to take over
ARM11 Kernel, which is the kernel for the
28:05 - 28:14

userland processor. This this would give
you total control over this processor.
28:14 - 28:18

And if you want really full system
control, you'd like to also take over the
28:18 - 28:26

ARM9 security processor. So this is the
processor that do all the encryption and
28:26 - 28:35

signature stuff. And we will see this
later. So let's first try to take over the
28:35 - 28:46

ARM11 kernel. But first, I need to
talk about IPC and especially
28:46 - 28:56

what are called static buffers. So when
you are doing IPC, you need to sometimes
28:56 - 29:03

send data from a sender process to a
receiver process and on the 3DS, you can
29:03 - 29:12

do this in multiple ways. The first one is
if you want to send large regular
29:12 - 29:20

buffers, you can map parts of the sender's
memory into the receivers, but you can
29:20 - 29:27

also use what are called static buffers.
If you want to send some small buffers,
29:27 - 29:35

the receiver can register static buffers
and the ARM11 kernel will do the copy for
29:35 - 29:42

you to that particular buffer. And
sometimes you need some buffers
29:42 - 29:52

to be sent to the ARM9
processor. So the ARM11 kernel need to
29:52 - 29:59

write some pairs of
physical addresses and size to the static
29:59 - 30:06

buffers because the ARM9 does not have an
MMU so it's only using physical addresses
30:06 - 30:15

and the copy of data is eventually done by
the Process9, which is the only process
30:15 - 30:24

running on the ARM9 side. So let's talk
about a vulnerability now. So it's called
30:24 - 30:33

LazyPixie and it has been found by TuxSH.
So it's not me. How does the kernel handle the
30:33 - 30:45

PXI buffers case because it
seems a bit complicated. So first
30:45 - 30:49

they check the alignment of the
destination state buffer, they check the
30:49 - 30:54

size of the destination static buffer.
They check the permissions for the source
30:54 - 31:01

buffers. Then they do cache operations, they
copy metadata. So the physical address and
31:01 - 31:09

the size of the static buffer
to the destination and then the copy is
31:09 - 31:16

done by the ARM9 side. But I think
there is something missing here because
31:16 - 31:24

they do not check the permissions for the
destination buffer. So what you can do is
31:24 - 31:30

use an arbitrary address as a destination.
And so you can just overwrite the MMU
31:30 - 31:38

table and make your kernnel read, write and
execute, which is obviously enough to take
31:38 - 31:49

it over. So at that point, the ARM11
Kernel has fallen and we have
31:49 - 31:59

the full control of that processor. But we
would like a bit more privileges because
31:59 - 32:08

why not? We want the full system control.
So let's take the road to full system
32:08 - 32:16

control and see why taking over CECD was
one of the best ideas ever. So I am going
32:16 - 32:22

to talk about SAFEHAX. Maybe some of you
know what SAFEHAX is because it's a really
32:22 - 32:32

cool vulnerability. It's actually race a
condition in the firmware header parsing
32:32 - 32:38

you can take over the ARM9 side if you
control the ARM11 kernel. It has
32:38 - 32:47

been fixed in the system version 9.5 for
the regular native firmware
32:47 - 32:52

and fixed in the safe mode firmware, which
is basically the recovery firmware if
32:52 - 32:58

something went wrong for your console. So
people have been exploiting it both on the
32:58 - 33:05

native firmware and the
safe mode firmware and it has been
33:05 - 33:13

mitigated in version 11.3 and 11.4. So it
does not work anymore, but it has only
33:13 - 33:20

been mitigated and not patched. So let's
take a look at that mitigation because
33:20 - 33:27

how do they prevent us to exploit that
vulnerability? So this so-called
33:27 - 33:37

mitigation is a boolean flag that has been
added on the ARM9 side and when it's set to
33:37 - 33:49

1 the system just panics. When you try to
launch the safe mode firmware. So this
33:49 - 33:53

flag is actually set to 1 whenever you try
to launch an application, so this was the
33:53 - 33:59

usual way to exploit it, you were
launching the homebrew menu through an
33:59 - 34:07

application and then exploiting the ARM11
kernel and then running SAFEHAX. So they
34:07 - 34:14

set the flag to 1 whenever you try to
launch a specific application, except some
34:14 - 34:22

of them because your reconnection ARMs needs some
applications to run. So this is there is
34:22 - 34:29

an exception for the home menu and the
system modules. And guess what? We are
34:29 - 34:35

exploiting CCD, which is a system module
and we are getting Remote Code Execution
34:35 - 34:43

in CCD. So the the flag is never set to 1
when we are getting code executing on the
34:43 - 34:53

CCD. So with that kind of exploit. You can
easily replicate the initial SAFEHAX
34:53 - 35:03

exploit. So then you get a full control,
remote code execution without any user
35:03 - 35:10

interaction. And it's StreetPass and it's
doing all of this thing in the background
35:10 - 35:16

and on any firmwre version at the time
this was developed because Nintendo
35:16 - 35:29

patched it with firmware version 11.12. So
I guess it's time for a little demo. I'm
35:29 - 35:38

not going to do it live because I don't
want to some exploits in the air. So I
35:38 - 35:46

have a little video. So I'm running my
exploit on my laptop and you can see the
35:46 - 35:53

LED is turned on to see that the exploit
is running in CCD. And then you once
35:53 - 36:00

you're you can exploit and you can launch
the installer for the Boot ROM exploit,
36:00 - 36:10

for example.
applause
36:10 - 36:24

Thanks. So now, some some takeaways. Well,
you'd better check your return value,
36:24 - 36:29

really, because there's a second
vulnerability would have been really,
36:29 - 36:42

really out to exploit without that
mistake. And really, you should not hide
36:42 - 36:48

behind cryptography because one day your
encryption will be broken and this might
36:48 - 37:00

come sooner than you think. And for this
specific case, there was a bunch of dumb
37:00 - 37:09

mistakes and basically all vulnerabilities
were only buffer overflows. Then,
37:09 - 37:17

assessing hard-to-reach features is really
arduous. I spent a lot of time doing this,
37:17 - 37:26

especially figuring out how to replicate
all the features, parts and all the
37:26 - 37:33

different protocols involved. But
eventually, you can get some really
37:33 - 37:41

interesting results like this. Then, I'd
say please fix your flows, and do not
37:41 - 37:51

implement some poor mitigation, like for
SAFEHAX. And there's things still to do on
37:51 - 37:57

the 3DS. I think I was able to show this
today. There is, this is an amazing system
37:57 - 38:04

you can start to work on and do some
practical things. And there's still things
38:04 - 38:13

to document on the open source wiki, so
feel free to contribute. So, in the end, I
38:13 - 38:25

would like to thank @TuxSH for the
LazyPixie and helping me getting this full
38:25 - 38:39

chain exploit done, and @hedgeberg for
recurring support with a lot of things. So
38:39 - 38:45

now, if you have some questions, feel free
to ask.
38:45 - 38:51

Herald: Thank you very much.
38:51 - 38:55

applause
38:55 - 39:02

Herald: We are very, very much on time. So
ask any questions, but please do ask them
39:02 - 39:14

at a microphone. Go ahead. No, I thought
there was going to ask a question. No
39:14 - 39:21

questions? Oh, the Internet has one.
Great.
39:21 - 39:29

Signal angel: So, yes, we have two
questions. The first one is what tools and
39:29 - 39:34

environments do you use for your research?
For example, someone mentioned how do you
39:34 - 39:41

get all the source code?
nba::yoh: Oh, everything on the 3DS is
39:41 - 39:50

closed source. So you have to reverse
engineer everything. I used IDA and Ghidra
39:50 - 39:57

to reverse the binaries of CCD and, yeah,
that, that's it.
39:57 - 40:08

Signal angel: OK. Thank you. We have a
second question: Is there any procedure
40:08 - 40:13

for the Switch that is compatible with all
what you've done?
40:13 - 40:16

nba::yoh: Sorry, could you repeat that
question?
40:16 - 40:23

Signal angel: Well, all the things you
have done, all the code. Is there anything
40:23 - 40:28

similar for the Switch?
nba::yoh: I don't think there is something
40:28 - 40:37

similar on the Switch, at least something
that looks like the StreetPass feature.
40:37 - 40:44

But I don't really know how the Switch
works, I've only done things on the 3DS.
40:44 - 40:52

Herald: OK, first question for the room.
Microphone: Thanks for the talk, great.
40:52 - 40:58

Did you really need all the three
exploits? And which one did you use in the
40:58 - 41:03

end for the full chain? Thanks.
nba::yoh: Could you repeat the question?
41:03 - 41:08

Microphone: Did you need all the three
exploits that you had or could you just
41:08 - 41:12

use the easiest one? And which one did you
use in the end?
41:12 - 41:20

nba::yoh: Well, no, you do not need all
three exploits, at least in CCD. You only
41:20 - 41:30

need one basically to get remote code
execution. But I found it fun to just show
41:30 - 41:36

all the exploits for CCD.
Herald: Next question.
41:36 - 41:40

Microphone: Are the StreetPass messages
passed to the applications even when those
41:40 - 41:44

applications are not running? So, for
example, when you have like PokÃ©mon or
41:44 - 41:47

something installed...
nba::yoh: Could you speak louder, please?
41:47 - 41:51

Microphone: Okay. Are the applications
parsing the messages even if they are not
41:51 - 41:55

running? Like, is there some sort of a
handler being run by the OS even if you
41:55 - 42:00

don't have an application running, just
installed? So that if you have a
42:00 - 42:06

vulnerable application with the old SDK
built in there, will it automatically
42:06 - 42:15

parse the corrupted message?
nba::yoh: Could you reformulate your
42:15 - 42:19

question? I don't understand.
Microphone: Okay. In your tree
42:19 - 42:25

exploitation method, you mentioned the
third method that mentions the SDK being
42:25 - 42:27

broken.
nba::yoh: Yeah.
42:27 - 42:31

Microphone: And if you have an application
built with that old SDK, does it
42:31 - 42:36

automatically parse the message even if
it's not running, so that even if you have
42:36 - 42:41

a patched OS, but not patched
applications, it will still get exploited?
42:41 - 42:49

nba::yoh: Yeah, all the applications using
the SDK should be updated to fix the
42:49 - 43:00

vulnerability. So the exploit is triggered
when the application parsed the messages.
43:00 - 43:11

So you have to run the application to
exploit it. CCD has been patched, so there
43:11 - 43:21

is no more remote code execution in CCD,
nor a permanent backdoor in CCD, that
43:21 - 43:29

automatically runs, when the system is
started. But you can probably still
43:29 - 43:34

exploit games and applications that use
the old SDK.
43:34 - 43:39

Microphone: Okay, thanks.
Herald: There's a question over there.
43:39 - 43:44

Microphone: Yes. Can you go back to the
slide where you showed how the encryption
43:44 - 43:47

for the packets worked?
nba::yoh: The encryption?
43:47 - 44:12

Microphone: Yes, the encryption. Yeah.
Yeah. That one. So my question is, if all
44:12 - 44:19

you're, if the only thing that you're
changing is the counter, and the data is
44:19 - 44:24

constant and the key is constant, and it's
CTR, then you're basically just XOring a
44:24 - 44:34

known block with your HMAC output. So why
do you even need the key here?
44:34 - 44:43

nba::yoh: Well, the counter changed every
time you start a new StreetPass
44:43 - 44:50

communication, because the CID's are
randomized and the MAC address is, the MAC
44:50 - 44:56

address is also randomized before starting
a new communication.
44:56 - 45:01

Microphone: Right. But I guess what I'm
asking is, why do you need key slot 2E? In
45:01 - 45:08

my mind, having the CCD HMAC key would be
enough, because you can just XOR the, you
45:08 - 45:14

know, output of that with the final
output, and that removes, you know, the
45:14 - 45:20

CTR part, and now you have the raw output
of the null block encrypted with key slot
45:20 - 45:27

2E, which is always going to be constant,
and then you can just XOR whatever output
45:27 - 45:33

to get the final result, right?
nba::yoh: Yeah, well I'm not super
45:33 - 45:42

familiar with all the cryptography, but
maybe we could talk about it. I was just
45:42 - 45:51

putting this for, for people to reproduce
it if they want.
45:51 - 46:02

Herald: Okay. Are there any more
questions? Thank you so much.
46:02 - 46:04

nba::yoh: Thanks.
46:04 - 46:05

applause
46:05 - 46:08

postroll music
46:08 - 46:29

subtitles created by c3subtitles.de
in the year 2020. Join, and help us!

Title:: 36C3 - It's not safe on the streets... especially for your 3DS!
Description:: more » « less
Video Language:: English
Duration:: 46:29

	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!
	alcuna edited English subtitles for 36C3 - It's not safe on the streets... especially for your 3DS!

Show all

English subtitles

Revisions

Revision 14 Edited

alcuna

36C3 - It's not safe on the streets... especially for your 3DS!

Revisions

Our website uses cookies

Operating cookies (Required)