Hacking Old 3ds device Demo

CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
d0k3 said:
The NAND dump should be redone, in any case. This looks very fishy. And yes, the GW MSET ROP with D9s Launcher.dat should be the best option to go from there.
Click to expand...
Thank you for the advice, although the system was already updated to 6.x, so it might not be possible to recover anymore. I was thinking, because someone else happened to have the same exact NAND dump size, it might be fine to try flashing it back to the system with D9? I think we could get the Xorpads first before flashing, though.

enes eyibil said:
what do you suggest ?
how to make the transaction you need ?
Click to expand...
1. Download the latest .zip of Decrypt9: https://github.com/d0k3/Decrypt9WIP/releases
2. Copy Decrypt9WIP.dat to the root of your 3DS SD card. Then, rename it to "Launcher.dat"
3. Using your Blue Card, use Gateway's GW_INSTALLER.nds to install the 6.x DS Profile ROP exploit onto your system.
4. The system should try to shut off. Go ahead and shut it off.
5. Reboot, run System Settings, select Other Settings, select Profile, then select DS Profile.

Let me know if that gets you into Decrypt9's menu!
 
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
CrispyYoshi said:
Thank you for the advice, although the system was already updated to 6.x, so it might not be possible to recover anymore. I was thinking, because someone else happened to have the same exact NAND dump size, it might be fine to try flashing it back to the system with D9? I think we could get the Xorpads first before flashing, though.


1. Download the latest .zip of Decrypt9: https://github.com/d0k3/Decrypt9WIP/releases
2. Copy Decrypt9WIP.dat to the root of your 3DS SD card. Then, rename it to "Launcher.dat"
3. Using your Blue Card, use Gateway's GW_INSTALLER.nds to install the 6.x DS Profile ROP exploit onto your system.
4. The system should try to shut off. Go ahead and shut it off.
5. Reboot, run System Settings, select Other Settings, select Profile, then select DS Profile.

Let me know if that gets you into Decrypt9's menu!
Click to expand...
If the Decrypt9WIP.dat doesn not work, use the Launcher.dat instead (should be in an earlier release version). That dump will not be flashable by D9, though, because of it's size.
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
d0k3 said:
If the Decrypt9WIP.dat doesn not work, use the Launcher.dat instead (should be in an earlier release version). That dump will not be flashable by D9, though, because of it's size.
Click to expand...
Thanks for the heads up. Do you think it would be safe/viable to dump the xorpads, though? Also, is there anything else we can do from here? (Perhaps re-dump the NAND?)
 
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
CrispyYoshi said:
Thanks for the heads up. Do you think it would be safe/viable to dump the xorpads, though? Also, is there anything else we can do from here? (Perhaps re-dump the NAND?)
Click to expand...
Dumping the XORpads can't damage anything. It's just unsure it will work. Also, the CTRNAND XORpad is your best bet in finding out what is wrong with that NAND dump. It is possible we could just pad it and flash back.
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
d0k3 said:
Dumping the XORpads can't damage anything. It's just unsure it will work. Also, the CTRNAND XORpad is your best bet in finding out what is wrong with that NAND dump. It is possible we could just pad it and flash back.
Click to expand...
Alright, I'll ask them to re-dump the NAND.bin and also dump all the xorpads just for good measure. We got into Decrypt9 just now! (For the record, we didn't need the older Launcher.dat to get in)

Bedel said:
In wich way can be diferent this "demo NAND" from a normal 1.0 NAND?
Click to expand...
Software for sure. Hardware, I'm not sure yet: We ended up getting a NAND dump that didn't match with the standard 3DS, but someone else on a spanish forum happened to have the same exact filesize, in bytes: That could also mean they made the same mistake, though...
 
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
CrispyYoshi said:
Alright, I'll ask them to re-dump the NAND.bin and also dump all the xorpads just for good measure. We got into Decrypt9 just now! (For the record, we didn't need the older Launcher.dat to get in)


Software for sure. Hardware, I'm not sure yet: We ended up getting a NAND dump that didn't match with the standard 3DS, but someone else on a spanish forum happened to have the same exact filesize, in bytes: That could also mean they made the same mistake, though...
Click to expand...
Well, then use 3DSFAT16tool with the old NAND dump, dump the NAND FAT16 partition, and mount it in OSFMount. Then check the partition (f.e. via chkdsk). If there are no errors, you can just pad the dump with all zeroes to the correct size.
 
Bedel

Bedel

The key of the blade
Member
Level 12
Joined
Oct 28, 2015
Messages
1,384
Trophies
0
XP
2,837
Country
United States
CrispyYoshi said:
Alright, I'll ask them to re-dump the NAND.bin and also dump all the xorpads just for good measure. We got into Decrypt9 just now! (For the record, we didn't need the older Launcher.dat to get in)


Software for sure. Hardware, I'm not sure yet: We ended up getting a NAND dump that didn't match with the standard 3DS, but someone else on a spanish forum happened to have the same exact filesize, in bytes: That could also mean they made the same mistake, though...
Click to expand...
Well then if it's diferent, why could it help us in any way? It may have expoits we don't know, but there could only be in that demo version, am I wrong?
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
d0k3 said:
Well, then use 3DSFAT16tool with the old NAND dump, dump the NAND FAT16 partition, and mount it in OSFMount. Then check the partition (f.e. via chkdsk). If there are no errors, you can just pad the dump with all zeroes to the correct size.
Click to expand...
When you say pad it with zeros, do you mean adding a bunch of "00" bytes to the end of the NAND dump until it matches the correct byte size? Aren't there two different sizes that the NAND could be? Or is 3DSFAT16tool supposed to check for that? Then, we should try flashing the NAND dump back into the system if all goes well? How would we know if something went wrong before we do something reckless?

Bedel said:
Well then if it's diferent, why could it help us in any way? It may have expoits we don't know, but there could only be in that demo version, am I wrong?
Click to expand...
You never know what could be hidden! (Such as how people discovered downgrading an N3DS to 2.1 could get us the 9.6+ keys) It's also generally good to document as much about the system as possible.
 
Swiftloke

Swiftloke

Hwaaaa!
Member
Level 8
Joined
Jan 26, 2015
Messages
1,772
Trophies
1
Location
Nowhere
XP
1,506
Country
United States
d0k3 said:
Well, then use 3DSFAT16tool with the old NAND dump, dump the NAND FAT16 partition, and mount it in OSFMount. Then check the partition (f.e. via chkdsk). If there are no errors, you can just pad the dump with all zeroes to the correct size.
Click to expand...
Keep in mind that there's a crazy discrepancy in knowledge between you two. While you've written some of the most powerful & useful homebrew to date, [outside of the homebrew launcher itself] @enes eyibil has practically no knowledge whatsoever regarding the 3DS. No offense dude[?], but you've made a help thread [a BIG nono on GBATemp], failed to dump your OTP, failed to dump your Xorpads, and now you've updated using a cart, which in my opinion is not only a complete failure of common sense but furthermore not even the right update..... I rest my case.
Point is, he has no idea what you're talking about.
 
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
CrispyYoshi said:
When you say pad it with zeros, do you mean adding a bunch of "00" bytes to the end of the NAND dump until it matches the correct byte size? Aren't there two different sizes that the NAND could be? Or is 3DSFAT16tool supposed to check for that? Then, we should try flashing the NAND dump back into the system if all goes well? How would we know if something went wrong before we do something reckless?
Click to expand...

3DSFAT16tool should not be bothered by the too small size. Yes, just add zeroes until it matches the correct size. And, there won't be any 100% guarantee this won't go wrong. Make a backup of the current state, too, and be prepared that this will possibly require a hardmod later on.
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
Swiftloke said:
Keep in mind that there's a crazy discrepancy in knowledge between you two. While you've written some of the most powerful & useful homebrew to date, [outside of the homebrew launcher itself] @enes eyibil has practically no knowledge whatsoever regarding the 3DS. No offense dude[?], but you've made a help thread [a BIG nono on GBATemp], failed to dump your OTP, failed to dump your Xorpads, and now you've updated using a cart, which in my opinion is not only a complete failure of common sense but furthermore not even the right update..... I rest my case.
Point is, he has no idea what you're talking about.
Click to expand...
I'm actually "translating" this information to them in a private convo right now, but I think it should be fine as long as we check what we're doing.
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
d0k3 said:
3DSFAT16tool should not be bothered by the too small size. Yes, just add zeroes until it matches the correct size. And, there won't be any 100% guarantee this won't go wrong. Make a backup of the current state, too, and be prepared that this will possibly require a hardmod later on.
Click to expand...
Okay, I'll be sure to emphasize that. I think I'll modify the NAND dump for them, because that might be a bit difficult to communicate through words alone.
 
E

enes eyibil

Well-Known Member
OP
Member
Level 3
Joined
Mar 26, 2016
Messages
155
Trophies
0
Age
34
XP
285
Country
CrispyYoshi said:
Thank you for the advice, although the system was already updated to 6.x, so it might not be possible to recover anymore. I was thinking, because someone else happened to have the same exact NAND dump size, it might be fine to try flashing it back to the system with D9? I think we could get the Xorpads first before flashing, though.


1. Download the latest .zip of Decrypt9: https://github.com/d0k3/Decrypt9WIP/releases
2. Copy Decrypt9WIP.dat to the root of your 3DS SD card. Then, rename it to "Launcher.dat"
3. Using your Blue Card, use Gateway's GW_INSTALLER.nds to install the 6.x DS Profile ROP exploit onto your system.
4. The system should try to shut off. Go ahead and shut it off.
5. Reboot, run System Settings, select Other Settings, select Profile, then select DS Profile.

Let me know if that gets you into Decrypt9's menu!
Click to expand...

rop open but rop 6x notting

working normal 6.x

ds profile not working :(

--------------------- MERGED ---------------------------

Swiftloke said:
@enes eyibil I could help if you want.
Click to expand...

thanks help me :/
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
enes eyibil said:
rop open but rop 6x notting

working normal 6.x

ds profile not working :(

--------------------- MERGED ---------------------------



thanks help me :/
Click to expand...
Hmm, can you try to use the Launcher.dat from this .zip? http://puu.sh/p5VBV/cb1dbc5f81.zip (This is an older version of Decrypt9)

Replace the Launcher.dat you have on your root with this file. Then, try to enter DS Profile.
 
CrispyYoshi

CrispyYoshi

Well-Known Member
Member
Level 7
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
enes eyibil said:
patching for 6x

rop custom.txt load error does exist

normal 6x ok but not working ds profil
Click to expand...
Wait, ROP custom.txt? Are you sure you're not using GW_INSTALLER.nds? That sounds like you're using rxinstaller.nds, which is totally different (and perhaps incompatible with that Launcher.dat)
 
E

enes eyibil

Well-Known Member
OP
Member
Level 3
Joined
Mar 26, 2016
Messages
155
Trophies
0
Age
34
XP
285
Country

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @OctoAori20, Thank you. Hope you're in good spirits today like I am. :)