Hardware nand flash dump (3ds xl)

[Razorbacktrack]

Yay! Just finished my solderless 3DS XL flash kit
Ordered a White 3DS XL yesterday from amazon.de. Version 4.4 !

I desoldered 4 pogo pins from an old xecuter modchip.


This is my board layout... ugly but works

I have not yet made pics of the final board because it is currently in use and I don't want to change a running system


I marked the spots in red where I put my pogo pins.

The flasher leaves NO TRACE

I'm ready for the Gateway reviews!
Hopefully the Gateway exploits can be modified for use with the internal SD in the near future...

I followed the community for a long time, but never registered... First post. Hope you like it

We want to see the final solution!

 

[williamcesar2]

Yay! Just finished my solderless 3DS XL flash kit
Ordered a White 3DS XL yesterday from amazon.de. Version 4.4 !

I desoldered 4 pogo pins from an old xecuter modchip.


This is my board layout... ugly but works

I have not yet made pics of the final board because it is currently in use and I don't want to change a running system


I marked the spots in red where I put my pogo pins.

The flasher leaves NO TRACE

I'm ready for the Gateway reviews!
Hopefully the Gateway exploits can be modified for use with the internal SD in the near future...

I followed the community for a long time, but never registered... First post. Hope you like it

I have the original 3ds. Can I make it also huh ?

 

[Razorbacktrack]

I don't think so

You must solder the CLK point under the CARD slot or in a veeeery small point

 

[0nethe]

Yay , after tryning to do soldering on my 4.5 3DS, it'is not powering on anymore damn.
I keep check the motherboard and the soldering point but can't just say what 's wrong.
Maybe I did not put one cable ( screen , or camera or something else correctly that prevent it to go on). SIGH !!!

Update:
So damn happy, I put back my console to life !!!
Thank to youtube !!!

 

[TheBerryBeast]

Something is obviously shorting...

 

[justinkb]

nice little project this was.

looks like i'm all set for downgrading, dumping the nand four times and verifying checksums.

out of interest, got about 5.6MB/s reading speed on the nand dumps.

is it me or are the nand dumps really just filled with a lot of 0x00 areas?

a simple gzip compresses it to 20% of its size! given that the non-0x00 encrypted areas should be virtually uncompressible, that just shows how much of the nand is empty.

it's too bad this thing wasn't public knowledge sooner, we could have members with nand dumps for all released firmware versions... increasing chances of finding exploits. i'll be sure to dump my nand and back it up for every available ninty update as soon as it's released... maybe they'll screw up

PS. anyone else's 3DS reset to january 1st after starting up for the first time after having the nand dumped?

PPS. it's too bad AES can't really be bruteforced... if only we had a way to extract the key, we'd be done now :-P

PPPS. not sharing pics, I'm embarassed of my work, I did it half asleep last night ;-)

 

[pasc]

Can't see those pictures anymore, can you reup them ?

This is my work:

Spoiler

I believe someone did a mod where he had 4 solder points around the Headphone jack like this:

+__+
_(_)
+ __+ (+ = Solderpoint, ( ) = 3,5mm Headphone jack from the 3DS itself)

Is there anyone that can explain this to me ?

 

[piktaz]

Can someone confirm please that the wires are soldered correctly here? The drawing is right, but the wires look like if they are soldered to DAT0 (#7), GND (#6), CLK (#5), GND(#3). Thanks.

 

[justinkb]

i soldered it the same as Gonzo and it works fine. I'll leave further explanation to Gonzo as to the apparent discrepancy of the diagram vs. soldering. I think the issue is how the silver bottom pins correspond to the gold top tabs.

 

[n1ghty]

Can someone confirm please that the wires are soldered correctly here? The drawing is right, but the wires look like if they are soldered to DAT0 (#7), GND (#6), CLK (#5), GND(#3). Thanks.

I also soldered it the same as Gonzo. Pad #3 is not used by the adapter. GND is only on #6.

 

[Gonzo]

Can someone confirm please that the wires are soldered correctly here? The drawing is right, but the wires look like if they are soldered to DAT0 (#7), GND (#6), CLK (#5), GND(#3). Thanks.

My wiring is correct, because of the bridge between #3 and #6. Try it yourself with a multimeter...

I have the original 3ds. Can I make it also huh ?

I don't think that it's possible, the CLK point is concealed by the cardridge connector.

 

[williamcesar2]

I don't think that it's possible, the CLK point is concealed by the cardridge connector.

is there any solution for it ?

 

[0nethe]

Is there an alternative point for the CMD and the Data0 ( or maybe I can use Data 1 or 2 or 3 point ?) because after my 3DS refused to turn on, in panic, I completely screw up the golden cercle for those 2 point while desoldering
Or is there a way to fix it ?

 

[lightenup]

Please at least look at some basic soldering tutorials and try soldering and desoldering cables on some obsolete/old PCB before you attempt to do it on your 3ds. erm.. maybe somone really should do a picture tutorial with some basic advice.

Is there an alternative point for the CMD and the Data0 ( or maybe I can use Data 1 or 2 or 3 point ?) because after my 3DS refused to turn on, in panic, I completely screw up the golden cercle for those 2 point while desoldering
Or is there a way to fix it ?

You cannot use DAT1-3 instead of DAT0. DAT0 is essential, DAT1-3 not.
That golden circle is a pad, and usually you can still solder to the trace that lead to the pad... but it requires some skill and mighty tiny wires. In case no one else comes up with alternative solder points (more or less unlikely because the board is multilayered you only route signals to top and bottom layer if you really need to), you should try to get in touch with your local electronics freak who probably can help you out there.

 

[Cyberdrive]

I wonder if it's possible to solder wires from those 4 points to existing 3DS XL connectors without interfering with their original functionality.

Namely, we have SD reader, headphones, gamecard and charger connectors.
Admittedly, I don't know much about electronics, but out of these 4 only SD reader seems somewhat suitable to me, considering that it has 2 unused pins (leftmost and rightmost, pins #8 and #9) and 2 ground pins (#3 and #6).
So we already have GND, 2 free pins for 2 of CMD/DAT0/CLK signals and one wire remaining without pin.

Basically, my question is: will SD cards work if we disconnect pin 3 from ground and use it to connect the last wire (CMD, DAT0 or CLK)?
Because if they will, we'll be able to use simple "double SD adapter" for dumping/flashing through SD slot, leaving the original case intact.
If not, are there another ways to utilise SD slot or other connectors while retaining their existing functionality?

See http://en.wikipedia.org/wiki/Secure_Digital#Technical_details for pin layouts.

 

[Gonzo]

I wonder if it's possible to solder wires from those 4 points to existing 3DS XL connectors without interfering with their original functionality.

Good thought but it's not feasible with just 2 unused pins of the sd slot.

But we could take the pins for a special usage:
It should be possible to modify a sd-card that it has a short-cut between the two pins (or only one pin against GND). This could be used to switch between two eMMC chips. For example insert normal SD-card (A) to start from internal eMMC Flash with latest firmware, or switch to a pickaback eMMC flash with a special SD-card (B) starting fixed firmware 4.5. But this would need some more complicated modifications (a second flash chip and some logic gate for the switching).

 

[nitehack]

I have a question
If I want to downgrade my 6.2 3DS to a lower
Do I need the smaller version mine? Or is there some way to downgrade version without having to have done in a past copy of the nand?
Sorry for my english.
Greetings!

 

[Gonzo]

Sorry, it is not possible to flash an image which hasn't be dumped before on your own 3DS.

 

[nitehack]

Sorry, it is not possible to flash an image which hasn't be dumped before on your own 3DS.

Ok thanks for the info

 

[Spzjulien]

I have a question
If I want to downgrade my 6.2 3DS to a lower
Do I need the smaller version mine? Or is there some way to downgrade version without having to have done in a past copy of the nand?
Sorry for my english.
Greetings!

u need past copy first !