Hacking Can We Unbrick a 3DS With No NAND Backups and a Hard Mod Yet?

Pokéidiot

Pokéidiot

Well-Known Member
Member
Level 2
Joined
Dec 6, 2015
Messages
244
Trophies
0
Location
\n?
XP
209
Country
Brazil
Decrypt9 does generate NAND xorpads.
You can even generate only those that decrypt FIRM0 and FIRM1. But, NAND xorpads are console-unique.
 
Urbanshadow

Urbanshadow

Well-Known Member
Member
Level 9
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
33
XP
1,723
Country
Pokéidiot said:
Decrypt9 does generate NAND xorpads.
You can even generate only those that decrypt FIRM0 and FIRM1. But, NAND xorpads are console-unique.
Click to expand...

Yeah ofc, but if you happen to have two systems in the same version, you should be able to decrypt the nand backup from system A with xorpads of the system A then encrypt the backup with xorpads of system B to obtain a nand backup from system B.

I remember something not working in there though.
 
gamesquest1

gamesquest1

Nabnut
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
Bear in mind that if there was a interrupted firm update, the plaintext firm attack method relies on knowing the exact plaintext of the existing firm.....if you crashed half way through flashing firm you wouldnt have the exact plaintext as it would obviously of not completely written so you would not really be able to do the plaintext attack unless you
A) know the exact offset it crashed at and can make your own plaintext bricked firm
B) already have your xorpads to write a new firm (which is essentially nearly as good as having a nand backup as long as you know roughly what you messed up)
C) you fancy spending weeks going through every possible offset hoping to by chance get licky and manage to build a corrupt firm that mayches exactly how your firm was corrupt



Basically, unless we get a way of generating the xorpad for a bricked console on a different console using an existing pre-exisitng dump of the unique info used to make the console specific nand encryprion, im not certain but i assume the nand encryption is derived in some way from the otp, in which case maybe one day a otp dump may be enough to generate xorpads for another console, but honestly idk how things go at bootup and if the values loaded by otp could be substituted for those from another console (or even if the otp has anything to do with nand encryption)

Tldr: - make a god damn nand backup already ffs :^)
 
  • Like
Reactions: astronautlevel
emanoel182

emanoel182

Member
Newcomer
Level 1
Joined
May 11, 2016
Messages
9
Trophies
0
XP
44
Country
Brazil
I believe with 2 nands good, it is possible to fix one NAND through the Hex editor.Anyone tried it? It is something that will give a lot of work.
 
Xenon Hacks

Xenon Hacks

Well-Known Member
OP
Member
Level 15
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
X81XiLw.jpg
 
  • Like
Reactions: Urbanshadow and Deleted member 373057
G

GothicIII

Well-Known Member
Member
Level 10
Joined
Jan 4, 2015
Messages
830
Trophies
0
Age
36
XP
2,226
Country
Gambia, The
emanoel182 said:
I believe with 2 nands good, it is possible to fix one NAND through the Hex editor.Anyone tried it? It is something that will give a lot of work.
Click to expand...

You don't understand how the encryption works. The xorpad is a key which is as (nearly) big as the nand itself and it consist of only random generated data (or algorythm).
If you dump the nand and compare it to another from a different console they will have pretty much nothing in common. It's impossible to hack this encryption without knowing the masterkey from which the xorpads are generated or have the exact xorpads to decrypt the content.

Example:

Cleartext on both console:

DEAD BEEF

written on NAND1 (XORPAD is A383 203D):
7D2E 9ED2
written on NAND2 (XORPAD is 92BC 7657):
4C11 C8B8

There is nothing you can hexedit with comparing two nands because they have nothing in common.
 
Last edited by GothicIII,
  • Like
Reactions: Deleted User and astronautlevel
G

GothicIII

Well-Known Member
Member
Level 10
Joined
Jan 4, 2015
Messages
830
Trophies
0
Age
36
XP
2,226
Country
Gambia, The
@emanoel182: Nobody will do this if they know what it is. The nand contains very unique information (e.g. Secureinfo) and should NOT be uploaded by anybody.
Without xorpads the nanddump will be useless anyway.

It does not make sense what you are trying to do.
 
Last edited by GothicIII,
emanoel182

emanoel182

Member
Newcomer
Level 1
Joined
May 11, 2016
Messages
9
Trophies
0
XP
44
Country
Brazil
GothicIII said:
You don't understand how the encryption works. The xorpad is a key which is as (nearly) big as the nand itself and it consist of only random generated data (or algorythm).
If you dump the nand and compare it to another from a different console they will have pretty much nothing in common. It's impossible to hack this encryption without knowing the masterkey from which the xorpads are generated or have the exact xorpads to decrypt the content.

Example:

Cleartext on both console:

DEAD BEEF

written on NAND1 (XORPAD is A383 203D):
7D2E 9ED2
written on NAND2 (XORPAD is 92BC 7657):
4C11 C8B8

There is nothing you can hexedit with comparing two nands because they have nothing in common.
Click to expand...

I think I understand now .
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

General chit-chat
Help Users
  • No one is chatting at the moment.
    OctoAori20 @ OctoAori20: Nice nice-