Homebrew The bootroms

chaoskagami

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Level 10
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States
Xenon Hacks said:
That wasn't sarcasm on my part :/ they way you worded that it sounded like you managed to pull bootrom keys
Click to expand...

Rei does indeed have devkits. I assume they're hacked, but then again, I don't know.

People seem to underestimate the difficulty of modifying devkits though. Right now, according to people I talk with on #Cakey the most ideal exploit on devkits at the moment is MSET. You can't necessarily a9lh a devkit. The secret sector is different, and the method of calculating keys to clobber is more than likely different.

This is made worse by the large majority of people who have devkits being NDA'd.
 
  • Like
Reactions: Suiginou
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
chaoskagami said:
Rei does indeed have devkits. I assume they're hacked, but then again, I don't know.

People seem to underestimate the difficulty of modifying devkits though. Right now, according to people I talk with on #Cakey the most ideal exploit on devkits at the moment is MSET. You can't necessarily a9lh a devkit. The secret sector is different, and the method of calculating keys to clobber is more than likely different.

This is made worse by the large majority of people who have devkits being NDA'd.
Click to expand...
the arm9loaderhax keyfinder should do just fine on devkits, actually. The method is essentially the exact same, downgrade to low FW, grab OTP, decrypt secret sector, use the key bruteforcer to find a new key (using the dev FW), encrypt secret sector with new key #2, add stage1 at the proper place and flash it all to the device
 
  • Like
Reactions: N7Kopper
chaoskagami

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Level 10
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States
dark_samus3 said:
the arm9loaderhax keyfinder should do just fine on devkits, actually. The method is essentially the exact same, downgrade to low FW, grab OTP, decrypt secret sector, use the key bruteforcer to find a new key (using the dev FW), encrypt secret sector with new key #2, add stage1 at the proper place and flash it all to the device
Click to expand...

Well, straight from the horse's mouth. It's a tad more involved for the first person who decides to try it, but possible.
 
S

Suiginou

(null)
OP
Member
Level 6
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
dark_samus3 said:
the arm9loaderhax keyfinder should do just fine on devkits, actually. The method is essentially the exact same, downgrade to low FW, grab OTP, decrypt secret sector, use the key bruteforcer to find a new key (using the dev FW), encrypt secret sector with new key #2, add stage1 at the proper place and flash it all to the device
Click to expand...
"dev FW"? NATIVE_FIRM and SAFE_MODE_FIRM are the same across all devices, retail as well as dev, as far as I'm aware.
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Suiginou said:
"dev FW"? NATIVE_FIRM and SAFE_MODE_FIRM are the same across all devices, retail as well as dev, as far as I'm aware.
Click to expand...
iirc, dev FW is signed differently, meaning they won't be able to run on retail, and vice versa, which means for a9lh on a dev unit, you'll need to use one of their FWs
 
  • Like
Reactions: HiD
Swiftloke

Swiftloke

Hwaaaa!
Member
Level 8
Joined
Jan 26, 2015
Messages
1,771
Trophies
1
Location
Nowhere
XP
1,489
Country
United States
TheReturningVoid said:
When this thread isn't just memes and shitposts, I feel like I'm learning stuff. I have little to no knowledge of low-level hardware/software, so this is all a really interesting read. If there's anything to test hardware-wise, I have a O3DS XL that I killed with a failed hardmod, so if that could be of use to anyone, just let me know.
Click to expand...
Re-reading this thread I feel the same so let's keep it on topic please ;) I'm really enjoying reading this.
 
Aletron9000

Aletron9000

Well-Known Member
Member
Level 9
Joined
May 10, 2016
Messages
1,716
Trophies
0
Location
Classified
XP
1,598
Country
United States
runetoonxx2 said:
Ooo so basically give us cias like a month before release due to us being able to decrypt titles
Click to expand...

no, more like, you can fully decrypt and encrypt games on a computer
generate encrypted title keys from decrypted title keys without a 3ds
encrypted title keys to decrypted title keys without a 3ds
etc.

I think some slot0x??Key?.bin files
 
Last edited by Aletron9000,

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking  New 2ds Refuses to boot

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

3DS won't boot into DS Mode, Extended Memory Mode and more

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: Sup