Hacking The status of Gateway and A9LH

daxtsu · May 24, 2016

I'll just weigh in on my experience (i.e. the one @astronautlevel detailed) with my N3DS:

I ended up installing the beta via restoring a good 2.1 backup through Decrypt9 and then using the Gateway site (I restored to 9.2, not 11.0). I dumped the firm0 and firm1 partitions for later analysis since I knew Normmatt and others would be interested in it, and I then went to restore my 11.0 NAND backup that had the "good" A9LH on it (i.e. an open source one). To my horror, the NAND restore tool said "NAND.BIN ERROR", so I tried a few other backups, and those all met the same error. I then dumped the Gateway NAND and tried restoring it immediately, same error. So I tried using my hardmod to restore, and Win32diskimager says the SD is locked, when it isn't (my JST SD adapter has the lock switch glued in place, so it can't possibly be locked). Also, saving things to the NAND when in the 3DS OS works fine, so it's as if Gateway has placed a write lock when NATIVE_FIRM is not running. So currently my N3DS is married to my Gateway card, and I can't do much else with it, unless I possibly try using PlaiSysUpdater to overwrite FIRM, or maybe boot NTRCardHax to run Decrypt9 (which should work, assuming Gateway is using 10.2 FIRM).

TL;DR: Don't install this, it's not a fun situation to be in. At the moment I'm waiting on Normmatt to hopefully pass on some good news.

Edit: I've since escaped my predicament.

Kazuma77 · May 24, 2016

daxtsu said:
I'll just weigh in on my experience (i.e. the one @astronautlevel detailed) with my N3DS:

I ended up installing the beta via restoring a good 2.1 backup through Decrypt9 and then using the Gateway site (I restored to 9.2, not 11.0). I dumped the firm0 and firm1 partitions for later analysis since I knew Normmatt and others would be interested in it, and I then went to restore my 11.0 NAND backup that had the "good" A9LH on it (i.e. an open source one). To my horror, the NAND restore tool said "NAND.BIN ERROR", so I tried a few other backups, and those all met the same error. I then dumped the Gateway NAND and tried restoring it immediately, same error. So I tried using my hardmod to restore, and Win32diskimager says the SD is locked, when it isn't (my JST SD adapter has the lock switch glued in place, so it can't possibly be locked). Also, saving things to the NAND when in the 3DS OS works fine, so it's as if Gateway has placed a write lock when NATIVE_FIRM is not running. So currently my N3DS is married to my Gateway card, and I can't do much else with it, unless I possibly try using PlaiSysUpdater to overwrite FIRM, or maybe boot NTRCardHax to run Decrypt9 (which should work, assuming Gateway is using 10.2 FIRM).

TL;DR: Don't install this, it's not a fun situation to be in. At the moment I'm waiting on Normmatt to hopefully pass on some good news.

I can verify that. Was just saying I had the same issue. Got out of it by updating with Pokemon Super Mystery Dungeon. I knew my 9.2 was valid and shouldn't brick, since according to others, there is no firm protection. That got me out of it, so then I just used SMCH to downgrade. Oh yeah, you have to hold up while booting SysNAND in order to enable updates from carts (that still works, put your thumb down on it before hitting X).

daxtsu · May 24, 2016

Kazuma77 said:
I can verify that. Was just saying I had the same issue. Got out of it by updating with Pokemon Super Mystery Dungeon. I knew my 9.2 was valid and shouldn't brick, since according to others, there is no firm protection. That got me out of it, so then I just used SMCH to downgrade. Oh yeah, you have to hold up while booting SysNAND in order to enable updates from carts (that still works).

Are you on an O3DS or an N3DS? Just curious.

reiyu · May 24, 2016

daxtsu said:
Gateway has placed a write lock when NATIVE_FIRM is not running

jesus f christ, someone should put a PSA out somewhere for this.

hacksn5s4 · May 24, 2016

just burn or destroy your gateway card and just convent your games into cia gateway are shit 3ds flashcardss are no longer needed as you can convent games into cia flash cards for 3ds are a waste of money unless its a ds flashcard

Kazuma77 · May 24, 2016

daxtsu said:
Are you on an O3DS Or an N3DS? Just curious.

That was an O3DS. Was not about to try it with my N3DS first. I wish I could say for sure it would work on N3DS. Still, you do have a hard mod. The update should restore your NAND to a factory state, should it not? Even if it bricks it, it should be back to a writable state I would think. But I admit, I'm no expert.

daxtsu · May 24, 2016

reiyu said:
jesus f christ, someone should put a PSA out somewhere for this.

Well, I wouldn't panic yet until Normmatt can confirm it further, but that's the situation I'm in.

reiyu · May 24, 2016

daxtsu said:
Well, I wouldn't panic yet until Normmatt can confirm it further, but that's the situation I'm in.

whatever it is though, it doesn't sound normal.

hacksn5s4 · May 24, 2016

why are people using gateway stuff i would never trust them any more they brick 3ds

Kazuma77 · May 24, 2016

daxtsu said:
Well, I wouldn't panic yet until Normmatt can confirm it further, but that's the situation I'm in.

If you're thinking the extra encryption might screw it up, you could try a game with a 9.5 update or less. Just a thought.

urherenow · May 24, 2016

Kazuma77 said:
Keep in mind, what was leaked says alpha. What was announced was a beta. We're dealing with an old copy. Knowing how fast GW moves, it may even be over a month old.

Keep in mind that I'm not using a leaked copy. I'm actually a beta tester. Nobody has ever used the term "alpha tester" so... whatever. What GW has given me is labeled Alpha in the small bit of documentation that came with it. And the file is 4.0a.

Kazuma77 · May 24, 2016

urherenow said:
Keep in mind that I'm not using a leaked copy. I'm actually a beta tester. Nobody has ever used the term "alpha tester" so... whatever. What GW has given me is labeled Alpha in the small bit of documentation that came with it. And the file is 4.0a.

So this really is something they considered nearly complete? Wow, just, wow.

KidIce · May 24, 2016

KSP said:
How can we use this without their product? The whole point is to get their "Flashcard" to load in A9 environment, so, how can anyone use GW's payload without their card, if you even want it is because you want to use GW's Red Card.

I don't see why GW is so protective of their multirom loader code. Its completely useless without the physical Flashcard. The two go hand in hand.

I don't know what GW is thinking.

stl25 said:
Finally, we agree on something. The attempted lockdown of everything GW borders on god complex. They need to adapt or just take their ball and go home. They have helped advance the scene, but their contributions as of late are a waste of time and are not constructive in any way. I know they are in it for the dough, but do you need to force a $50-60 dollar tag on making something that is free (A9LH) proprietary instead of embracing the scene advancements as extra value to your product.

They played nice with cia and the original downgrader and that I am sure spurred sales. Time to embrace A9LH instead of finding a way to discourage people from your product.

EXACTLY!!! Even as a CFW user I still use my GW and value it. IT DOES HAVE CERTAIN ADVANTAGES! But this, what seems purposeful, incompatability w/ current and likely "future standard" solutions is completely stupid. AND FOR THE LOVE OF GOD!!! GW can't even offer simplicity of use (or safety if they don't work out all the bugs) this time around, can they? It sounds like it's just as hard/dangerous/etc as the current methods.

<shrug> I got my $60 out of my purchase. Bought a couple as gifts, and "sold" a few more through word of mouth... If they can't get w/ the program I'll stop advocating them to noobs or anyone else. </shrug>

And as I was writing the above, the below came in:

Kazuma77 said:
All of my devices are running A9LH, just the open source version. And I didn't have to give up GW. I just setup MenuHax as type 1 on a 9.2 EmuNAND and set the hotkey as "L" because that's Luma's hotkey for EmuNAND. Holding L then boots EmuNAND, and if I keep holding it, loads MenuHax. I then use a modified copy of BootCTR (because I also use BootCTR9) set to default to GW, and load HB menu on B (it's in case Nintendo breaks something with an update, like they almost did Retroarch, 9.2 is a good exploitable FW, so I plan to keep it around regardless). Of course, it might run from HBL on SysNAND once the update is released. Time will tell. So you see, there's no need to deprive your CFWs of A9LH, because the existing methods of running GW will work with it.

Let's try to remember that the leaked release was just an alpha. What they said was that they sent out a watermarked beta. So, this leak is potentially several weeks outdated. It probably doesn't contain everything planned for the final release. A .bin file might be included for all we know.

Fair enough. We will wait and see. Your method is not exactly optimal but it works. I know "it" was leaked, and I also believe that the severe bugs will be long gone in their final release.

I still dislike that GW seems to want to break the existing standards, and for no good purpose, IMO. As I said, your method works, but my point is GW is making this unnecessarily hard to share CFW and GW on A9LH... When one of the things they should be marketing their cart for is ease of use. At least that's why my word of mouth advertising sold a few.

EmanueleBGN · May 24, 2016

Can't boot other CFW? Very bad. I'll stay with Menuhax and CtrBootManager

liomajor · May 24, 2016

I found a way how GW A9LH can co-exist with our current A9LH.

As for this, i've extracted from GW A9LH's NAND the Stage from B800000 (9456 Bytes)
and tested to insert it into my non GW A9LH NAND. GW A9LH boots now Launcher.DAT

There is only one thing to do >> add a button combo to load it from another offset.

Kazuma77 · May 24, 2016

KidIce said:
EXACTLY!!! Even as a CFW user I still use my GW and value it. IT DOES HAVE CERTAIN ADVANTAGES! But this, what seems purposeful, incompatability w/ current and likely "future standard" solutions is completely stupid. AND FOR THE LOVE OF GOD!!! GW can't even offer simplicity of use (or safety if they don't work out all the bugs) this time around, can they? It sounds like it's just as hard/dangerous/etc as the current methods.

<shrug> I got my $60 out of my purchase. Bought a couple as gifts, and "sold" a few more through word of mouth... If they can't get w/ the program I'll stop advocating them to noobs or anyone else. </shrug>

And as I was writing the above, the below came in:

Fair enough. We will wait and see. Your method is not exactly optimal but it works. I know "it" was leaked, and I also believe that the severe bugs will be long gone in their final release.

I still dislike that GW seems to want to break the existing standards, and for no good purpose, IMO. As I said, your method works, but my point is GW is making this unnecessarily hard to share CFW and GW on A9LH... When one of the things they should be marketing their cart for is ease of use. At least that's why my word of mouth advertising sold a few.

Exactly. They didn't try to monopolize with MenuHax. Just put out the .3dsx file. So it seems out-of-place for them to be reinventing the wheel this time. They have to know lots of users have already installed A9LH. I think they will put out a .bin file ultimately. If they weren't already planning one, they probably will be now. They do tend to listen when enough customers complain.

urherenow · May 24, 2016

liomajor said:
I found a way how GW A9LH can co-exist with our current A9LH.

As for this, i've extracted from GW A9LH's NAND the Stage from B800000 (9456 Bytes)
and tested to insert it into my non GW A9LH NAND. GW A9LH boots now Launcher.DAT

There is only one thing to do >> add a button combo to load it from another offset.

I've already tried renaming bootanim9's arm9loaderhax.bin to Launcher.DAT and it did not load. So what's your proposal again? (not being a smarta$$, I really want to try)

Kazuma77 · May 24, 2016

urherenow said:
I've already tried renaming bootanim9's arm9loaderhax.bin to Launcher.DAT and it did not load. So what's your proposal again? (not being a smarta$$, I really want to try)

What he's saying is he's isolated the part of the FIRM that runs the Launcher.dat file. He's inserted that part of the FIRM onto a non-GW A9LH and it loaded Launcher.dat. Now what he needs to do is relocate it somewhere else with a bunch of empty space, then setup a hotkey to point to it, so it only loads when we want it to. Hmm, any chance we could just use those 9456 bytes as a .bin file?

daxtsu · May 24, 2016

Kazuma77 said:
Exactly. They didn't try to monopolize with MenuHax. Just put out the .3dsx file. So it seems out-of-place for them to be reinventing the wheel this time. They have to know lots of users have already installed A9LH. I think they will put out a .bin file ultimately. If they weren't already planning one, they probably will be now. They do tend to listen when enough customers complain.

If they do, hopefully they'll provide some sort of way out for people that are now stuck like I am. It was a low blow to lock out hardmods. In a day or so I might try reinstalling 9.0 FIRM via PlaiSysUpdater; in theory it should work as long as Gateway didn't issue some sort of lock command to the NAND chip itself, since 9.0 uses NAND key1, not key2.

liomajor · May 24, 2016

urherenow said:
I've already tried renaming bootanim9's arm9loaderhax.bin to Launcher.DAT and it did not load. So what's your proposal again? (not being a smarta$$, I really want to try)

Make a dump of your gw's a9lh nand, open it in HxD > goto B800000 and select gw's stage, should be from B800000 to B802EF (9456 Bytes).

This is what gets executed on booting to start launcher.dat.

Hacking The status of Gateway and A9LH

Well-Known Member

Well-Known Member

Well-Known Member

Canadian, eh?

Banned!

Well-Known Member

Well-Known Member

Canadian, eh?

Banned!

Well-Known Member

Well-Known Member

Well-Known Member

Smart Ass

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum