Homebrew Can't decide between Arm9loaderhax and Menuhax!?!

[gnmmarechal]

a9lh is slim xbox 360 menuhax is old white xbox 360 if you want it you need to prepeare yourself for red ring of death


a9lh is mario menuhax is sonic maybe in 90s sonic was good but think about sonic 06

a9lh is cola menuhax is pepsi


a9lh is windows menuhax is apple

a9lh is love a9lh is life


Also, I dislike both Micro$hit and iCrap.



--------------------- MERGED ---------------------------

Not gonna lie right now, I'm an A9LH user but if I needed to, I'd be fine with menuhax + emuNAND.

I'm gonna love the day when you guys lose your precious A9LH and have to be stuck in the "dark ages" as you guys consider it.

If so, I'm gonna love it when you guys lose your precious Menuhax and update SysNAND to whatever it is. Having A9LH doesn't mean you can't use EmuNAND. It's mostly unnecessary though.

 

[Inorizushi]

a9lh is love a9lh is life


Also, I dislike both Micro$hit and iCrap.



--------------------- MERGED ---------------------------


If so, I'm gonna love it when you guys lose your precious Menuhax and update SysNAND to whatever it is. Having A9LH doesn't mean you can't use EmuNAND. It's mostly unnecessary though.

Except you know.
I have experience with running that setup and don't go updating willy nilly.

 

[Bubsy Bobcat]

The 4 hours of setting up A9LH are totally worth it.

 

[caitsith2]

Technically, Nintendo could do something in regards to a9lh, that could lock out those who don't have a nand backup, from their homebrew, without bricking the system. All they would have to do, is embed a plaintext firm update into system menu, along with a custom arm9loaderhax.bin file.

If system menu detects arm9loaderhax.bin or arm9loaderhax_si.bin, it could hash check it, to determine the state of it. if it sees that it is not the hash of the one embedded in system menu, it could then overwrite it, and also write its copy of FIRM.bin to the SD then force a reboot.

Once rebooted, that overwritten arm9loaderhax.bin will then encrypt FIRM.bin with the system specific FIRM0/FIRM1 keys, and overwrite FIRM0/FIRM1, then reboot.

That updated FIRM, could just have ALL of the secret sector keys hard-coded within it, since said secret sector is compromised anyways, and not use secret sector anymore, and thus, this FIRM even if written onto FIRM0/FIRM1 of a new 3DS, could be made to NOT brick even the a9lh hacked systems. Likewise, if someone was to perform said update within gateway, if nintendo was to do this, then they would just lose A9LH.

Therefore, it definitely is suggested to NOT update your system, even with A9LH present, till a few hard-modded users confirm the update is safe.

 

[fikatr]

Technically, Nintendo could do something in regards to a9lh, that could lock out those who don't have a nand backup, from their homebrew, without bricking the system. All they would have to do, is embed a plaintext firm update into system menu, along with a custom arm9loaderhax.bin file.

If system menu detects arm9loaderhax.bin or arm9loaderhax_si.bin, it could hash check it, to determine the state of it. if it sees that it is not the hash of the one embedded in system menu, it could then overwrite it, and also write its copy of FIRM.bin to the SD then force a reboot.

Once rebooted, that overwritten arm9loaderhax.bin will then encrypt FIRM.bin with the system specific FIRM0/FIRM1 keys, and overwrite FIRM0/FIRM1, then reboot.

That updated FIRM, could just have ALL of the secret sector keys hard-coded within it, since said secret sector is compromised anyways, and not use secret sector anymore, and thus, this FIRM even if written onto FIRM0/FIRM1 of a new 3DS, could be made to NOT brick even the a9lh hacked systems. Likewise, if someone was to perform said update within gateway, if nintendo was to do this, then they would just lose A9LH.

Therefore, it definitely is suggested to NOT update your system, even with A9LH present, till a few hard-modded users confirm the update is safe.

we dont need arm9loaderhax.bin or arm9loaderhax_si.bin we have shadownand

 

[caitsith2]

And of course, Nintendo if they are aware of the possibility, could just write the arm9loaderhax.bin file anyways, if not found, assuming the SD card is present, and not in read-only mode, then reboot.

 

[zoogie]

And of course, Nintendo if they are aware of the possibility, could just write the arm9loaderhax.bin file anyways, if not found, assuming the SD card is present, and not in read-only mode, then reboot.

Any countermeasure they think of can be patched out before firmlaunch and checking for arm9loaderhax.bin is useless since the sd payload can be any arbitrary name (or patched out as well).

 

[fikatr]

even if nintendo patches a9lh we have whole acces to console we can just install (insert super hax name here) before updating our console

btw can nintendo block browser acces for 2 somehow

 

[gnmmarechal]

Except you know.
I have experience with running that setup and don't go updating willy nilly.

Except I also know, but I am less bothered by it.

A9LH is patchable, but so is Menuhax and EmuNAND.

 

[caitsith2]

Any countermeasure they think of can be patched out before firmlaunch and checking for arm9loaderhax.bin is useless since the sd payload can be any arbitrary name (or patched out as well).

Provided that the noob knows to check here first, before updating, to get the latest fixes to Nintendo's countermeasures.

 

[Clector]

MenuHax itself is already patched but there isn"t a way to block it from 9.0 to 10.5 without updating, CFW and EmuNand Nintendo may make a detection for that even though that will be difficult to do and also it may be possible to pass that detection. If Nintendo sometime ever make and update that can brick your console if modified they maybe say that in the update before you do it as they did with the Wii.

 

[gnmmarechal]

Both A9LH and Menuhax-launched EmuNANDs can be patched. However, A9LH is a better safety net and more of the install&forget type. And honestly, is Nintendo even going to bother trying to patch A9LH?

 

[Clector]

Getting to this point of the life of the console Nintendo will patch it if they can if they can"t do it when the times comes to the succesor they maybe didn"t bother too much and maybe they done one last update as they did with the Wii and the DSi.

 

[perspex]

If you got a boot manager that coldboots emunand everytime when on menuhax, then I don't really see the fear of ever updating your sysnand by mistake......right?

 

[N7Kopper]

If you got a boot manager that coldboots emunand everytime when on menuhax, then I don't really see the fear of ever updating your sysnand by mistake......right?

I still prefer coldbooting SysNAND as opposed to RedNAND (which is itself superior to EmuNAND if you have a bigger NAND chip than normal) - spreads the system workload the way it was meant to be spread. Boots faster, too. I like TWL and AGB stuff. Some people really don't, and don't need extra SD space either. As long as you don't turn it off, boot times aren't a problem for those people. To each their own.

Really, though, these theoretical ways of "patching out" arm9loaderhax are just asking for trouble on Nintendo's end. Remember when they patched boot2 on the Wii in an attempt to get rid of harmless old Bootmii? A sector that can't be protected from tampering minus the currently loaded program, and the IOS' capabilities. They bricked quite a few normal people who didn't know what was going on. Imagine that when you're not only trying to safely "fix" a payload meant for individual consoles, but one that relies on a serious bug in the bootrom's failsafe that many "legitimate" customers may be using (the failsafe, not the hax) without realising? And all that while dealing with CFW that is higher on the system's cryptographic Chain of Trust than your updater at this point. Sure, your updater might have ARM9, but the CFW got there first, and computer says no. Nintendo would essentially need to find an exploit in the CFW to boot their may-as-well-be-unsigned code.

Really, if a "patch-out" was pushed, and somehow successful, it would probably mangle your firmware to the point that you could claim you never hacked it, that it was a side-effect of a false positive from this horrible patching software, and be believable. Sure, smart money still says to wait on patching until you know it's safe, but fearmongering was what got men dangling from trees like strange fruit. I prefer to listen to actual developers and testers first and foremost.

Honestly, it'd be far easier to patch menuhax systems from behind their Red/EmuNANDs. Just find some way to discover menuhax, find a way to punch through the CFW, then update the firmware. No OTP needed. Still hard. But theoretically doable if it's possible for the updater to discover the RedNAND's hook.

 

[Swiftloke]

Hmmm? What happened that bricked those users? How did ninty (fail) to do it?
Also, nice write-up. I especially liked the bit about the "may as well be unsigned", that'll get through to a lot of noobs.

 

[N7Kopper]

Hmmm? What happened that bricked those users? How did ninty (fail) to do it?
Also, nice write-up. I especially liked the bit about the "may as well be unsigned", that'll get through to a lot of noobs.

I'm no developer, I just know that something about how they reflashed it didn't have enough error checking and therefore it went badly wrong for a lot of people.

 

[Dracari]

I'm no developer, I just know that something about how they reflashed it didn't have enough error checking and therefore it went badly wrong for a lot of people.

it mostly affected Korean Region-Changed Wiis and it affected a very small list of Normal US/European Wiis

 

[Swiftloke]

it mostly affected Korean Region-Changed Wiis and it affected a very small list of Normal US/European Wiis

Nice avatar. Did you make it?
Anyway, so it bricked normal consoles? How?

 

[TheCyberQuake]

Not gonna lie right now, I'm an A9LH user but if I needed to, I'd be fine with menuhax + emuNAND.

I'm gonna love the day when you guys lose your precious A9LH and have to be stuck in the "dark ages" as you guys consider it.

From what I've heard from devs, if Ninty found a way to patch A9LH they would also be able to stop CFW as well. Meaning if A9LH dies, CFW emuNAND is going down with it. So you would be on the same boat if Ninty ever could patch A9LH and CFW access.