Homebrew [Coming Soon] OTPless A9LH installation on N3DS (no 2.1 downgrade)

[Swiftloke]

There's an easy trick they could do. New arm9loader which re-encrypts the secret sector with some encryption mode other than ECB the keys stay the same, OTPless goes away, if you update beyond a certain point, anyways

Sure, but if we have NAND access (which is required anyway) couldn't we just replace it with the current one?

 

[Redirr]

I never intended to answer the question of decrypting OTP....I meant decryption of secret sector which is what a full Kernel9LoaderHax install needs before it can insert custom keys into that sector correctly. So yes, if you want the contents of OTP itself, of coarse you still need to do the 2.1 downgrade.

Can i make u a question?

If i use restore sysnand option to restore a Nand backup. Using restore sysnand (keep a9lh)

This option need otp inside files9 folder?

Because when i perform dsiware downgrade i use to restore original OFW 11 ( dumped with fieldrunner ) with keep a9lh when in in 2.1 with a9lh installed.

With otpless can i do the same or ill need to update from 9.2?


Sorry if my question its confusing

 

[Myria]

No, this does not dump OTP.bin, and cannot dump OTP.bin -- it's called OTPless for a reason!

Does it dump the hash of the OTP, which for most purposes is just as good?

 

[mathieulh]

Isn't this kind of silly? My implementation relies on exactly one instruction still being in memory post-reboot -- that's really very safe, considering the RAM uncleared on reboots flaw is well-tested. Everything else is loaded from NAND per normal A9LH (in fact, the single instruction I rely on being in RAM is just a branch to normal A9LH payload).

I do agree bruteforce free hardmod a9lh would have been nice, but I also don't see how you could get NAND payload loading out of a single branch? You'd know better than I would, I'm sure, but I don't actually understand the principle there. Unless, of course, you mean you were hoping for a branch to the normal A9LH payload location.

That's what I meant, basically having the whole instruction stored on NAND and loaded to memory by bootrom the way it's currently done.
Despite being very unlikely, considering RAM does corrupt over time when its power is cut, there is a slight chance of the instruction you store in memory to be corrupted during a hard reboot (even if that lasts for less than a second, although the shorter, the less chance of it to occur). If that happens (and it will, it's just a matter of probability, though it may be lower than one in a million device, unfortunately it depends on too many factors to be calculated accurately), you will get a brick.

I am not saying your method isn't sound or shouldn't be done, I am saying it's not 100% safe people should take into account this calculated risk, on the other hand, there are less step involved in your method making it less likely for things to go wrong due to human error. I guess I am just too much of a perfectionist rather than being a practical guy xD

Envoyé de mon SM-G935F en utilisant Tapatalk

 

[LinkBlaBla]

Doe it mean i can downgrade n3ds 11.0? Or it is only for those on 9.2?? Im confuse sorry..

 

[DavidKang]

This is actually a limitation of the tools, not a fundamental limitation. Firmlaunchhax was fixed in 9.5.0, not 9.3.0.

It should be possible to make this work on 9.3.0 and 9.4.0; we'd just need to update the tools for new addresses and to use memchunkhax 2.1 to get ARM11 kernel instead of memchunkhax 1, since memchunkhax 1 was fixed in 9.3.0.

We really ought to update things so we can make 9.4.0 the ceiling version on the major hacks instead of 9.2.0.

I need to buy a Korean New 3DS and Korean Ocarina of Time.

I hope it happens sometime later... No need to hurry though

--------------------- MERGED ---------------------------

but I thought korean New 3DS systems started on 9.6, not 9.3

l'm pretty sure they started with 9.3...
Anyway the point is that it doesn't work on KOR consoles.

 

[VinsCool]

Doe it mean i can downgrade n3ds 11.0? Or it is only for those on 9.2?? Im confuse sorry..

Nope. it means that we don,t need to downgrade to 2.1 for the A9LH installation.
No new downgrade methods.

 

[dark_samus3]

Sure, but if we have NAND access (which is required anyway) couldn't we just replace it with the current one?

only if we have the OTP, or the hash of the first 0x90 bytes.... and since it would patch this method, you'd have to go back to the old way of obtaining the OTP.... it has other implications as well, which I won't mention here

 

[Deleted-394630]

This is awesome! So there won't be anybody complaining:
"onos i briks me 3d's by cloosing it y u no warn meh gosh su illegel I tell me dad who is nintend owner and he ban u from turnin on ur 3d s Y u such a lier u have no skill i program beter than u i made super mario 3ds cart."

 

[Garblant]

Do you know how many Hardmodded N3ds user have tested this so far?

EDIT: I have a 9.2 Menuhax, Luma3ds cfw N3dsxl, I'm probably going to use this after you're done developing this.

 

[sj33]

Why on earth are some end users in here actually doing this as their first A9LH install? It says quite clearly in the OP that people shouldn't be doing it. This is for testing purposes for people who know what they are doing, everybody else should just use Plailet's guide.

 

[Garblant]

Why on earth are some end users in here actually doing this as their first A9LH install? It says quite clearly in the OP that people shouldn't be doing it. This is for testing purposes for people who know what they are doing, everybody else should just use Plailet's guide.

Yep,I know. I'm just patiently waiting for it to be completed...

 

[sj33]

Yep,I know. I'm just patiently waiting for it to be completed...

Any reason to not just use Plailet's guide, though? Not having to downgrade to 2.1 is a great development in terms of optimising and simplifying the A9LH install process and overall making it better, but there's no real reason for people to actually wait for this to be finished. The current method isn't risky.

 

[Exeat]

Nope. it means that we don,t need to downgrade to 2.1 for the A9LH installation.
No new downgrade methods.

But you still need to downgrade to 9.2

 

[d3m3vilurr]

I hope it happens sometime later... No need to hurry though

--------------------- MERGED ---------------------------



l'm pretty sure they started with 9.3...
Anyway the point is that it doesn't work on KOR consoles.

No. not exists 9.3.
Very first kor n3ds has 9.6(maybe 9.5 i can't remember well, they have latest firm at that time).
I guess, 9.3 only used for device authentication of Korea Gov. (nintendo korea try device authentication, latest firm was 9.3)

I don't know, can mix firmware dg pack <= 9.4 for the kor n3ds(i guess it can't).
but actually we cannot find 9.3 kor n3ds in market.

 

[Myria]

No. not exists 9.3.
Very first kor n3ds has 9.6(maybe 9.5 i can't remember well, they have latest firm at that time).
I guess, 9.3 only used for device authentication of Korea Gov. (nintendo korea try device authentication, latest firm was 9.3)

I don't know, can mix firmware dg pack <= 9.4 for the kor n3ds(i guess it can't).
but actually we cannot find 9.3 kor n3ds in market.

I need to find a way to acquire a Korean N3DS here in America.

 

[Clector]

Well NATIVE_FIRM is the same for all regions, but 9.2.0-X NATIVE_FIRM or even 9.4.0-X one doesn"t work in 9.6.0-X.
@Myria You should try in eBay, I"m personally trying to find a way to acquire one of the Taiwanese Japan region 3DS that have limited Internet connectivity:https://gbatemp.net/threads/request...es-with-limited-internet-connectivity.437120/

 

[d3m3vilurr]

I need to find a way to acquire a Korean N3DS here in America.

i guess, you can use http://global.gmarket.co.kr/ but i don't know, device version & shipping fee.

Well NATIVE_FIRM is the same for all regions, but 9.2.0-X NATIVE_FIRM or even 9.4.0-X one doesn"t work in 9.6.0-X.
@Myria You should try in eBay, I"m personally trying to find a way to acquire one of the Taiwanese Japan region 3DS that have limited Internet connectivity:https://gbatemp.net/threads/request...es-with-limited-internet-connectivity.437120/

checked ebay, too expensive.. $350.. wtf :/

 

[Redirr]

OK!!! So i decide to give it a try...

So here is my step by step. (Dont follow this, its just what i did)

New Nintendo 3DS XL (RED) Original OFW 11.0
1. Systransfer from old3ds, Fieldrunner, dump and, restore nand. etc. DSiWareHAX, formated system etc.
2. Boot HomeBrew Launcher with OOTHAX, Pre-Setup Menuhax to 9.2.0-20U
3. Donwgrade from 11.0 to 9.2 direcly.
4. First Run, error. Restarted and boot direcly to homebrew launcher, i alredy left it setup for 9.2 remember
5. Second run downgrade complete and fast ( like always happens wiith new3ds).
6. Restarted and boot directly to HBL because of menuhax
7. Run UnsafeA9LHInstaller, press Select. Done!!

8. Copied "arm9loaderhax.bin" to microSD. Boot and setup FBI installer inject.

Error : Black screen. Wont boot sysnand.
Deleted "Nintendo 3DS" folder, because was conflicted with menuhax. Done!!!

Forget this :
9. Installed sysupdater and installed 11.1.0-34U offline files!!!

So, Luma3DS, ARM9LoaderHAX, sysNAND updated.

Never was so easy!!!!!

 

[DavidKang]

I need to find a way to acquire a Korean N3DS here in America.

It will be pretty hard to find one in America... unless you personally know someone in Korea or buy it from Gmarket(one of the biggest online stores in Korea) like d3m3vilurr said. Of course, then the firmware won't be predictable.