4,563
edits
Changes
→System Modules
! Public disclosure timeframe
! Public disclosure timeframe
! Discovered by
! Discovered by
|-
| Broken RNG used by [[NS_Services|ns]]
| The code generating the sd seed and the data for the [[SD_Filesystem|sd]] private/private1 file, all use nn::os::GenerateRandomBytes, not csrng. The sd-seed is generated first, then private, then private1. This allows deriving sd-seed from private since this uses TinyMT, as long as the system shipped from factory on [2.0.0+]. private1 is only useful if the system shipped with [4.0.0+].
There's various other code in ns using nn::os::GenerateRandomBytes as well. This includes the code generating ns_systemseed when it doesn't exist. ns_systemseed is generated at some point after the various sd-seed-related code (both are called from the same func). Hence, ns_systemseed can be recovered with the above method as well, if it wasn't recreated at some point without regenerating the above nand-save used with the above.
With [15.0.0+] ns now uses csrng_GenerateRandomBytes for sd-seed/private and ns_systemseed, etc. This only matters when the file is newly generated, which is usually only for factory-fresh systems which ship with this version.
| Generation of a system's sd-seed allowing decryption of the NAX0 layer of data on [[SD_Filesystem|SD]], derived using the private file from SD. Applies to systems which factory-shipped with a system-version prior to [[15.0.0]] (that is, [2.0.0-14.1.2]).
| [[15.0.0]], for newly generated files
| [[15.0.0]]
| December ~12, 2021
| October 11, 2022
| [[User:Yellows8|yellows8]]
|-
|-
| Infoleak with [[Joy-Con]] HidCommand PairingIn
| Infoleak with [[Joy-Con]] HidCommand PairingIn