Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Rich <rich@example.invalid>
Newsgroups: sci.crypt
Subject: Re: Hacking the Nintendo Alarmo
Date: Wed, 13 Nov 2024 15:10:42 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <vh2fhi$28m7g$1@dont-email.me>
References: <I6tBEO+2O6Yrl2POGgzf0VwQYUBmcvCvWybvlFo7WJM=@writeable.com>
Injection-Date: Wed, 13 Nov 2024 16:10:45 +0100 (CET)
Injection-Info: dont-email.me; posting-host="4e4b428f590dde6880379a32127a12c2";
	logging-data="2382064"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+tpvat8TZKaWklSsz/ws/n"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:bAUT5zOcRqCtu2mE9jnQPZa1XOo=

The Running Man <running_man@writeable.com> wrote:
> <https://garyodernichts.blogspot.com/2024/10/looking-into-nintendo-alarmo.html>
> 
> I was somewhat surprised how easily they decrypted the encrypted 
> firmware.
> 
> "The CRYP interface is configured for AES-128-CTR, which makes things 
> easier.  Since, in CTR mode, a keystream is created, which is then 
> combined with the plaintext to encrypt and decrypt files, we can 
> simply create a large amount of this keystream using the CRYP 
> interface, and then combine it with the encrypted files to decrypt 
> them"
> 
> This shouldn't be possible since they keystream should never be 
> reused.

Yes, but this is also why the usual comment re. broken crypto goes 
something like:

  "The cryptographic primitives are secure, it is the 
   use/implementation of those into a larger system that is broken".

AES-128 is secure.

AES-128-CTR is also secure, **if used correctly**.

This is yet one more in a long line of examples of "not used correctly".