Path: ...!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: The Running Man <running_man@writeable.com>
Newsgroups: sci.crypt
Subject: Hacking the Nintendo Alarmo
Date: Wed, 13 Nov 2024 04:17:04 -0000 (UTC)
Organization: EasyNews
Lines: 10
Message-ID: <I6tBEO+2O6Yrl2POGgzf0VwQYUBmcvCvWybvlFo7WJM=@writeable.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8-bit
Injection-Date: Wed, 13 Nov 2024 05:17:04 +0100 (CET)
Injection-Info: dont-email.me; posting-host="d275f9bf702fe897c8e5c57d6cedf030";
	logging-data="2155395"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/3cYr1hFi4pu40qAeO5zSC/yFtATZZElw="
Cancel-Lock: sha1:yTZ94lfSVr1b1fTuLCK7DHTBE9M=
Bytes: 1401

<https://garyodernichts.blogspot.com/2024/10/looking-into-nintendo-alarmo.html>

I was somewhat surprised how easily they decrypted the encrypted firmware. 

"The CRYP interface is configured for AES-128-CTR, which makes things easier. 
Since, in CTR mode, a keystream is created, which is then combined with the plaintext to 
encrypt and decrypt files, we can simply create a large amount of this keystream using 
the CRYP interface, and then combine it with the encrypted files to decrypt them"

This shouldn't be possible since they keystream should never be reused.