Homebrew [Coming Soon] OTPless A9LH installation on N3DS (no 2.1 downgrade)

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
No. I'm seeing other explanations on why it's not possible on o3DS, but they're not detailed at all and expect you to know everything about the 3DS. Let's fix that.
arm9loader never expects to be run on an old3DS, and Nintendo (obviously) never expected it to be run either. Because of this, there's no new3DS key store (secret store) encrypted with the OTP hash on the old3DS programmed into the console at the factory. Without any kind of key store (a garbage key or not) arm9loader will not be able to decrypt the rest of FIRM, as it will try to do. Putting in an unencrypted key store won't work either. arm9loader never expects an unencrypted key store, so it will try to decrypt it with the OTP. This will result in a garbage key being used to decrypt FIRM, and since the key generated is console unique (OTP, remember) it's not exploitable. Not putting in a key store at all will result in the same thing.
Therefore, the OTP is an absolute must to make arm9loader run at all on the o3DS. Because we have to encrypt the key store as valid, we have to have the OTP to encrypt it so that arm9loader will use it (properly, it expects the key store to be encrypted with the OTP) decrypt the FIRM with our garbage key, and jump to our payload.
It works on new3DS because the key store is already there.

Great explanation. Thanks.
 
Last edited by Urbanshadow,

duffmmann

Well-Known Member
Member
Joined
Mar 11, 2009
Messages
3,966
Trophies
2
XP
2,305
Country
United States
Wow, very cool, I sure would have loved this a year ago when I installed A9LH, I have to imagine this process shaves a significant amount of time off the original downgrade to 2.1 and get the OTP method.
 

DavidRO99

Average Ryzen user.
Member
Joined
Jun 11, 2016
Messages
1,018
Trophies
0
Age
26
Location
your back-door
XP
948
Country
Korea, North
Wow, very cool, I sure would have loved this a year ago when I installed A9LH, I have to imagine this process shaves a significant amount of time off the original downgrade to 2.1 and get the OTP method.
yeah, just downgrade to 9.2 and copy the files to the sd, after that run the homebrew app. That is like a 10 minute install
 

moghedien

Well-Known Member
Member
Joined
Mar 9, 2015
Messages
411
Trophies
0
XP
317
Country
United States
So if I understand correctly the 10.0 firmware is just for the exploit right? In the end you'll get the exact same a9lh (8.1 firmware) as you get from using the SafeA9LHInstaller v2 method? So in the future, if there's a update to a9lh, you should be able to upgrade using SafeA9LHInstaller without issues?
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
A lot of people have asked about this, so I'll try and clear up why this "doesn't work" for o3ds.

The simple fact of the matter is, it's actually possible on an old 3ds, but once you get to the point of it being possible, there's really not a point to doing so.

We need an already encrypted secret sector. Why? Well, the original arm9loader used the first key contained in the secret sector, and it wasn't exploitable in the method that the second arm9loader was, because they verified the key. Since they built the second version of arm9loader off of the first version, key verification on the first key still takes place, and thus we can't just install garbage keys into NAND and keep trying (this needs a hardmod anyways) on an old 3ds. Since having a key sector encrypted with the normalkey derived from the hash of the first 0x90 bytes of the OTP is not possible without it either having been put there by Nintendo (which IS the case on new 3ds, but not old 3ds) or having the OTP to generate the hash and therefore the normalkey to encrypt a new first key. The first doesn't exist on the o3ds without the second having been achieved, and for the second to happen you already need your OTP, and can already install a9lh in the normal manner.

Hope this clears it up for everyone :)
 
Last edited by dark_samus3,

N64

Well-Known Member
Member
Joined
Apr 16, 2014
Messages
425
Trophies
0
XP
267
Country
United States
i still want the OTP, so as much as I think this will help folks in the future (when its released as a stable build), i'll stick to plailect's guide for getting the OTP

edit: GL to the author and great work
 

mashers

Stubborn ape
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
Reading the technical explanations here by @ihaveamac and others
i still want the OTP, so as much as I think this will help folks in the future (when its released as a stable build), i'll stick to plailect's guide for getting the OTP

edit: GL to the author and great work
I think you can get the from within A9LH. So it might still be easier to use this method then dump the OTP from A9LH under 9.2.

I was wrong.
 
Last edited by mashers,

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
If you have a hardmod, I don't think you even have to downgrade to 9.2.

9.2 is only there so you can run a payload to install Kernel9LoaderHax I assume. A 10.0 firm is obviously too old to boot a 11.x console. But once you have Kernel9LoaderHax installed, you can just have your CFW use a different firm anyways.
 
Last edited by Apache Thunder,

ihaveahax

Well-Known Member
Member
Joined
Apr 20, 2015
Messages
6,069
Trophies
2
XP
7,804
Country
United States
Reading the technical explanations here by @ihaveamac and others

I think you can get the from within A9LH. So it might still be easier to use this method then dump the OTP from A9LH under 9.2.
you can't get the actual otp without going to 2.1 (or any pre-3.0 firmware), just the hash. kernel9loader locks it before we get code execution.
 

Hking0036

Well-Known Member
Member
Joined
Sep 15, 2015
Messages
498
Trophies
0
XP
1,340
Country
United States
hypothetically if we got an 11.x arm9 in the future could this be usable for that too, or is it too early to say? I guess what I'm asking is, does it apply to any arm9 or 9.x specifically?
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
If you have a hardmod, I don't think you even have to downgrade to 9.2.

9.2 is only there so you can run a payload to install Kernel9LoaderHax I assume. A 10.0 firm is obviously too old to boot a 11.x console. But once you have Kernel9LoaderHax installed, you can just have your CFW use a different firm anyways.
heh, no, more than a hardmod is needed, you need to be able to put something in arm9 memory in a location that is out of range of any FIRM. Also, no, 10.0 should run on 11.1. All that's really needed is a way to get things in arm9 memory and a way to write to NAND.

--------------------- MERGED ---------------------------

hypothetically if we got an 11.x arm9 in the future could this be usable for that too, or is it too early to say? I guess what I'm asking is, does it apply to any arm9 or 9.x specifically?
it'll be applicable once any arm9 exploit comes out for any FW version
 
  • Like
Reactions: Hking0036

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
you can't get the actual otp without going to 2.1 (or any pre-3.0 firmware), just the hash. kernel9loader locks it before we get code execution.

Actually I recall there was a security fail where Nintendo forgot to have it clear the OTP hash from the SHA registers. This was fixed in 10.2+ I think? That I don't recall, but I definitely know it was still an issue for 10.0. This could be combined with that flaw to obtain otp hash and thus be able to decrypt OTP. So you could obtain a more favorable payload location/size once you get initial pwnage of the system with the 10.0 otpless install. You have to use a payload to get the hash. You can't allow a firm to launch fully as I recall the hash gets cleared later on if that happens.
 
Last edited by Apache Thunder,

ihaveahax

Well-Known Member
Member
Joined
Apr 20, 2015
Messages
6,069
Trophies
2
XP
7,804
Country
United States
Actually I recall there was a security fail where Nintendo forgot to have it clear the OTP hash from the SHA registers. This was fixed in 10.2+ I think? That I don't recall, but I definitely know it was still an issue for 10.0. This could be combined with that flaw to obtain otp hash and thus be able to decrypt OTP.
yes, you can access the hash, as I stated in the post :P

I don't recall it ever being fixed, it's a thing in kernel9loader. I could be wrong of course...... but it doesn't really matter since we'd be able to just use older FIRMs.

but how would the hash let you get the actual otp back without going to 2.1?
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Actually I recall there was a security fail where Nintendo forgot to have it clear the OTP hash from the SHA registers. This was fixed in 10.2+ I think? That I don't recall, but I definitely know it was still an issue for 10.0. This could be combined with that flaw to obtain otp hash and thus be able to decrypt OTP. So you could obtain a more favorable payload location/size once you get initial pwnage of the system with the 10.0 otpless install.
No. ONLY the OTP hash is recoverable, not the whole thing. The OTP is locked behind config registers the same way bootroms are and a hash is not enough to calculate it EDIT: this flaw still exists in the lastest version of arm9loader as well, afaik
 
Last edited by dark_samus3,
  • Like
Reactions: VinsCool

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
but how would the hash let you get the actual otp back without going to 2.1?

Gaining OTP hash allows you to decrypt the secret sector. Thus having the same effect as having a otp dump without having to dump OTP. Because normally folks need otp dump to generate the hash the installer needs to decrypt secret sector. if you get the hash instead, you skip all that and can just go right to decrypting secret sector.

No. ONLY the OTP hash is recoverable, not the whole thing. The OTP is locked behind config registers the same way bootroms are and a hash is not enough to calculate it EDIT: this flaw still exists in the lastest version of arm9loader as well, afaik


Wait, I thought it was the hash that was ultimately used to decrypt secret sector? If you have the hash, you don't need a otp dump. Just use the hash to decrypt the secret sector?
 
Last edited by Apache Thunder,

ihaveahax

Well-Known Member
Member
Joined
Apr 20, 2015
Messages
6,069
Trophies
2
XP
7,804
Country
United States
Gaining OTP hash allows you to decrypt the secret sector. Thus having the same effect as having a otp dump without having to dump OTP. Because normally folks need otp dump to generate the hash the installer needs to decrypt secret sector. if you get the hash instead, you skip all that and can just go right to decrypting secret sector.
well, yes, but that still didn't explain "decrypting OTP". unless you meant decrypting the secret sector.
 
  • Like
Reactions: dark_samus3

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Gaining OTP hash allows you to decrypt the secret sector. Thus having the same effect as having a otp dump without having to dump OTP. Because normally folks need otp dump to generate the hash the installer needs to decrypt secret sector. if you get the hash instead, you skip all that and can just go right to decrypting secret sector.
Yes, that's what the alpha already does. The point is, the OTP may become useful in the future, for more than just a9lh. So it might be worth getting, at some point
 
  • Like
Reactions: Gray_Jack

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.