Hacking the Nintendo Alarmo

<https://garyodernichts.blogspot.com/2024/10/looking-into-nintendo-alarmo.html>

I was somewhat surprised how easily they decrypted the encrypted firmware.

"The CRYP interface is configured for AES-128-CTR, which makes things easier.
Since, in CTR mode, a keystream is created, which is then combined with the plaintext to
encrypt and decrypt files, we can simply create a large amount of this keystream using
the CRYP interface, and then combine it with the encrypted files to decrypt them"

This shouldn't be possible since they keystream should never be reused.