Homebrew [Coming Soon] OTPless A9LH installation on N3DS (no 2.1 downgrade)

vb_encryption_vb

vb_encryption_vb

That hardmod guy....
Member
Level 10
Joined
Nov 21, 2015
Messages
1,995
Trophies
2
Age
41
Location
Acworth, GA
XP
1,943
Country
United States
And I have the first bricked console being shipped to me using this method.... It was bound to happen and it has.

N3DS running 9.2, bricked using the unsafeal9h installer... Good thing they had a backup.
 
  • Like
Reactions: fodder
Y

yuu.hack

Member
Newcomer
Level 4
Joined
Oct 18, 2013
Messages
19
Trophies
1
Age
35
XP
452
Country
Malaysia
fodnow said:
Run luma with HBL, there's a .3dsx i think, and yeah, I had the same issue

Also a tip- immediately after you click the luma program in HBL, press select and edit the luma settings to indicate which nand you're on (select boot into sysnand, and enable the option to show a string in the system settings, this will let you be sure you're in luma), forgot the exact option, but it should be pretty straight forward. and make SURE you have EVERYTHING you need before installing a9lh, specifically arm9loaderhax.bin on the root

You also need to set an option in Luma to boot into Sysnand, and not emunand

You've been following this: https://github.com/Plailect/Guide/wiki/Part-3-(A9LH) correct?
Click to expand...

Yes i'had been following that url. Thanks for the tips! I will try following ur step to see if it works.
 
O

OrGoN3

Well-Known Member
Member
Level 12
Joined
Apr 23, 2007
Messages
3,241
Trophies
1
XP
3,260
Country
United States
vb_encryption_vb said:
And I have the first bricked console being shipped to me using this method.... It was bound to happen and it has.

N3DS running 9.2, bricked using the unsafeal9h installer... Good thing they had a backup.
Click to expand...

Dumb. If they had waited 3 days they would've been able to use SafeA9LHInstaller with this feature.
 
  • Like
Reactions: Deleted User and fodder
Y

yuu.hack

Member
Newcomer
Level 4
Joined
Oct 18, 2013
Messages
19
Trophies
1
Age
35
XP
452
Country
Malaysia
fodnow said:
Run luma with HBL, there's a .3dsx i think, and yeah, I had the same issue

Also a tip- immediately after you click the luma program in HBL, press select and edit the luma settings to indicate which nand you're on (select boot into sysnand, and enable the option to show a string in the system settings, this will let you be sure you're in luma), forgot the exact option, but it should be pretty straight forward. and make SURE you have EVERYTHING you need before installing a9lh, specifically arm9loaderhax.bin on the root

You also need to set an option in Luma to boot into Sysnand, and not emunand

You've been following this: https://github.com/Plailect/Guide/wiki/Part-3-(A9LH) correct?
Click to expand...

Ok got same problem. I had followed ur instruction to run luma3ds through hbl. At luma3ds option screen, still no respond after i pressed button to choose an option. Up/down button also not responding. Seems like the screen just hang. Did i miss anything that should have been done before running luma?
 
fodder

fodder

STARMAN
Member
Level 4
Joined
Aug 3, 2014
Messages
863
Trophies
0
XP
544
Country
United States
yuu.hack said:
Ok got same problem. I had followed ur instruction to run luma3ds through hbl. At luma3ds option screen, still no respond after i pressed button to choose an option. Up/down button also not responding. Seems like the screen just hang. Did i miss anything that should have been done before running luma?
Click to expand...
Wait what? In the Luma options screen it hangs? Try redownloading Luma if that's the case, all you really have to enable is the load to sysnand setting, and once in the Sysnand with Luma loaded, you open HBL thru whatever method you please, and run the A9LH installer
 
Y

yuu.hack

Member
Newcomer
Level 4
Joined
Oct 18, 2013
Messages
19
Trophies
1
Age
35
XP
452
Country
Malaysia
fodnow said:
Wait what? In the Luma options screen it hangs? Try redownloading Luma if that's the case, all you really have to enable is the load to sysnand setting, and once in the Sysnand with Luma loaded, you open HBL thru whatever method you please, and run the A9LH installer
Click to expand...

I dunno what to called it,either screen hang or the command sent (by pressing button) not responded. Same situation happened when i tried to install a9lh. Do you have emunand before running luma? I have only hbl in my system. It can running any built-in .3dsx normally (including 3dsident,decrypt9) just fine before. I tried launch hbl from both menuxhax & browserhax but still no good. Any suggestion?
 
ManuelKoegler

ManuelKoegler

Well-Known Member
Member
Level 5
Joined
Nov 5, 2015
Messages
397
Trophies
0
Age
29
XP
685
Country
Netherlands
moopas said:
In a sense, yes, but only until you download another arm9loaderhax.bin. a9lh boots milliseconds into your system and runs the aforementioned bin file. If that bin file is not present, then you are out of luck for booting. However, you can get said file in many many places online, and it is not console specific. Found in many guides, and even in basic setting up of Luma. Just relocate a copy of that bin file, place on a fresh SD card, and you should be able to boot, with very slight dependencies, depending on where you got the bin file from, for example, the luma directory, if you got it from the Luma setup.
Click to expand...
I don't think that's all you require for it to work.
Aren't you supposed to also have the console specific optless bin file?
From my understanding, instead of using the actual otp, this runs using the otp hash, which is the otpless bin file I understand correctly, meaning if you haven't backed that up and your sd fails, you're still screwed.


Sent from my iPhone using Tapatalk
 
gamesquest1

gamesquest1

Nabnut
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
once a9lh is installed you cannot be screwed Unless you wipe/corrupt your FIRM partitions (which would screw you even if you had your otp) or if the SD slot stops working.....which again would be just as bad even if you had your otp

other than those you can always drop a different SD card in with a arm9loaderhax.bin file on
 
M

metroid maniac

An idiot with an opinion
Member
Level 11
Joined
May 16, 2009
Messages
2,088
Trophies
2
XP
2,634
Country
ihaveamac said:
otpless works because you can copy key0 to key1, put 10.0 New 3DS FIRM in firm0, put a payload into arm9 memory, reboot, and get the otp hash from there and install proper a9lh.
Click to expand...

So when you try decrypt FIRM 10.0 with key0 instead of the expected key1, it decrypts to a branch to your payload?

I assume this works because RAM isn't cleared between reboots, so you can write your payload at the target of the branch and have it be executed after a reboot.

What address does it jump to?

EDIT: I'm asking because I'm wondering about installing OTPless a9lh from DSi mode.
The 10.0 FIRM downgrade would work from DSiWare, as proven by dgTool.
I'm pretty sure you control arm9 memory so you can write your payload where it needs to be for 10.0 to execute it on a reboot.
All that remains is triggering an MCU reboot, which I believe is what exiting to home menu is.

A DSiWare OTPless install would be useful - it'd be pretty much futureproof if I understand correctly. So is it technically possible?
 
Last edited by metroid maniac,

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Maybe but is it worth it?