Hacking Old 3ds device Demo

d0k3

3DS Homebrew Legend
Member
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
I think it would be good to get more people to verify this, so sure. I'll share it as soon as I get ahold of it. You don't mind me sharing these files, do you @enes eyibil?

At this rate, it seems the 2GB of information might take a very long time to upload (I guess they just have really slow internet speed). I'll message you if everything goes as planned, but I would estimate another 8 hours before we can get it.
2GB file ends in 8 hours

it's loading so slow

damn

after you install the files, want to share it with everyone ?
Just a quick hint (if it helps you): The extracted NAND.FAT16.img compresses much better than the full NAND image or the XORpads. Same for TWLN and TWLP, but they don't matter much.
 

CrispyYoshi

Well-Known Member
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
will they arrest me ? :)))
It depends where and how you got that system, and what Nintendo chooses to do if they find out who owns it... I would not post that information out in the open, and only share it with those who know how to use them.

Ofc, I always meant by private message. I would be very surprised if it is a valid image after all.
Indeed, I suspect it isn't a valid image, but I'm hoping we can at least get the important information we're looking for. However, after we get it, we'll want to do a bit of testing/verifying before attempting to flash it back to the system.

Just a quick hint (if it helps you): The extracted NAND.FAT16.img compresses much better than the full NAND image or the XORpads. Same for TWLN and TWLP, but they don't matter much.
Is that so? Then we could probably .zip/.rar/.7z the file so it uploads faster. I don't think we're in much of a rush for these files, though, but thanks for the heads up!
 

enes eyibil

Well-Known Member
OP
Member
Joined
Mar 26, 2016
Messages
155
Trophies
0
Age
34
XP
285
Country
Give it to them by private message and your fine
It depends where and how you got that system, and what Nintendo chooses to do if they find out who owns it... I would not post that information out in the open, and only share it with those who know how to use them.


Indeed, I suspect it isn't a valid image, but I'm hoping we can at least get the important information we're looking for. However, after we get it, we'll want to do a bit of testing/verifying before attempting to flash it back to the system.


Is that so? Then we could probably .zip/.rar/.7z the file so it uploads faster. I don't think we're in much of a rush for these files, though, but thanks for the heads up!

upload ready
 
  • Like
Reactions: CrispyYoshi

Normmatt

Former AKAIO Programmer
Member
Joined
Dec 14, 2004
Messages
2,161
Trophies
1
Age
33
Website
normmatt.com
XP
2,161
Country
New Zealand
My old tool used the same filename for the nand backup when dumping the encrypted nand and when doing the dump partitions option. So if you did the partition dump last which you probably did then you dont have a valid encrypted nand backup.
 

enes eyibil

Well-Known Member
OP
Member
Joined
Mar 26, 2016
Messages
155
Trophies
0
Age
34
XP
285
Country
My old tool used the same filename for the nand backup when dumping the encrypted nand and when doing the dump partitions option. So if you did the partition dump last which you probably did then you dont have a valid encrypted nand backup.
wouldn't that be the solution ?

the browser error is not resolved?
 

CrispyYoshi

Well-Known Member
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
Well, then use 3DSFAT16tool with the old NAND dump, dump the NAND FAT16 partition, and mount it in OSFMount. Then check the partition (f.e. via chkdsk). If there are no errors, you can just pad the dump with all zeroes to the correct size.
The NAND.img is 792,606,208 bytes, and after decrypting the FAT16 partition from that NAND using your 3DSFAT16tool.exe, it gave me a FAT16 file at 587,202,560 bytes (It seems to force-close itself after it hits 73%). The partition will not mount properly, and chkdsk doesn't want to touch it because' it's supposedly a "RAW File System".

The SysNand.bin dump from 6.x looks valid and produced a FAT16 partition at 794,624,000 bytes. Mounting this one works just fine, and it's detected as a DOS3.31+FAT16 file system.

It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
 
Last edited by CrispyYoshi,

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.

Are you implying the first NAND.img is decrypted?
(Also, did you forget to pass me the fat16 xorpad?)
 

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
It could be decrypted actually, but you can check for yourself (Sorry, I forgot to send you the FAT16 Xorpad. I'll do that right now)
I have just peeked into the file with an hex editor. It surely has some part in clear as you can find strings referring to firmwares below 1.0. Interesting.

Edit: I am not able to find the FIRM header (the one stored in CTRNAND, at least), so I assume that part is actually encripted.
 
Last edited by Urbanshadow,

Suiginou

(null)
Member
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
The NAND.img is 792,606,208 bytes, and after decrypting the FAT16 partition from that NAND using your 3DSFAT16tool.exe, it gave me a FAT16 file at 587,202,560 bytes (It seems to force-close itself after it hits 73%). The partition will not mount properly, and chkdsk doesn't want to touch it because' it's supposedly a "RAW File System".

The SysNand.bin dump from 6.x looks valid and produced a FAT16 partition at 794,624,000 bytes. Mounting this one works just fine, and it's detected as a DOS3.31+FAT16 file system.

It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
It could be decrypted actually, but you can check for yourself (Sorry, I forgot to send you the FAT16 Xorpad. I'll do that right now)

>NAND.img: , code offset 0x0+3, OEM-ID "CTR ", sectors/cluster 32, root entries 512, Media descriptor 0xf8, sectors/FAT 189, sectors/track 63, heads 64, hidden sectors 357, sectors 1547931 (volumes > 32 MB) , serial number 0x12345678, label: " ", FAT (16 bit)

NAND.img is a decrypted CTRNAND.
 

d0k3

3DS Homebrew Legend
Member
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
The NAND.img is 792,606,208 bytes, and after decrypting the FAT16 partition from that NAND using your 3DSFAT16tool.exe, it gave me a FAT16 file at 587,202,560 bytes (It seems to force-close itself after it hits 73%). The partition will not mount properly, and chkdsk doesn't want to touch it because' it's supposedly a "RAW File System".

The SysNand.bin dump from 6.x looks valid and produced a FAT16 partition at 794,624,000 bytes. Mounting this one works just fine, and it's detected as a DOS3.31+FAT16 file system.

It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
Okay. I'll explain to you what this means, and your options. What you got here is not a full NAND backup, but rather the decrypted CTRNAND partition only. See here (also called the CTR-NAND file system). This does not mean the FW 1.0.0 state is lost, but it will make things difficult. What you don't have at this point is the contents of the TWLN partition (which is not critical) and the FIRM0 / FIRM1.

If you want to try to go back, try this, but keep in mind there's a bricking risk with this:
  • Use the valid 6.x NAND backup as base
  • Inject the 1.0.0 NAND.img as FAT16 partition, using 3DSFAT16tool
  • Get the 1.0.0 FIRM from somewhere (it is identical over all regions)
  • Inject the FIRM to both, FIRM0 / FIRM1 via either 3DSFAT16tool or 3DSFIRMtool. Latter one is recommended
  • Ignore TWLN for now (you may fix this at a later point by injecting another same region 1.0.0 3DS' TWLN)
  • Restore via D9
If you do this, keep in mind, bricking risk. Also, if you do this, make sure you don't lose the XORpads, you may need them at a later point, too.
 
Last edited by d0k3,

enes eyibil

Well-Known Member
OP
Member
Joined
Mar 26, 2016
Messages
155
Trophies
0
Age
34
XP
285
Country
Keep us

Okay. I'll explain to you what this means, and your options. What you got here is not a full NAND backup, but rather the decrypted CTRNAND partition only. See here (also called the CTR-NAND file system). This does not mean the FW 1.0.0 state is lost, but it will make things difficult. What you don't have at this point is the contents of the TWLN partition (which is not critical) and the FIRM0 / FIRM1.

If you want to try to go back, try this, but keep in mind there's a bricking risk with this:
  • Use the valid 6.x NAND backup as base
  • Inject the 1.0.0 NAND.img as FAT16 partition, using 3DSFAT16tool
  • Get the 1.0.0 FIRM from somewhere (it is identical over all regions)
  • Inject the FIRM to both, FIRM0 / FIRM1 via either 3DSFAT16tool or 3DSFIRMtool. Latter one is recommended
  • Ignore TWLN for now (you may fix this at a later point by injecting another same region 1.0.0 3DS' TWLN)
  • Restore via D9
If you do this, keep in mind, bricking risk. Also, if you do this, make sure you don't lose the XORpads, you may need them at a later point, too.
do I have to do this process ?
 

Just3DS

Well-Known Member
Member
Joined
Jan 31, 2015
Messages
440
Trophies
0
XP
237
Country
Well considering he got somewhat valid 1.0 firmware it can be used as reference for devs. As for this member kindly help him get back to CFW route, as he seems more interested for it to be useable for such.
 
D

Deleted-379826

Guest
Well considering he got somewhat valid 1.0 firmware it can be used as reference for devs. As for this member kindly help him get back to CFW route, as he seems more interested for it to be useable for such.
From what I see your almost able to turn it back off :D
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.