Hacking NAND Questions

[Deleted member 313057]

Hello,

I am thinking about backing up my NAND, even though the Nintendo 3DS firmware is at 5.1.0-11U. I have a few questions regarding the NAND for the Nintendo 3DS.

If homebrew becomes possible, will users with the hacked console be able to view their encryption key for the NAND? This will make downgrading to an earlier version much easier, without a previous NAND backup.

Will the NAND key be possible to get for non-hacked 3DS users, since the key is supposedly unique for all consoles?

Are there any known exploit for the firmware 5.1.0-11U? I'm itching to know, because my 3DS supposedly automatically updated itself to that firmware, and I do not have a NAND backup of that firmware.

Thanks,
Chris

 

[gamesquest1]

You would need to solder some wired to the motherboard to get a nand dump, if you do this, if ever a hack is discovered for 5.x you would be able to downgrade to use the exploit.

Smealum already seems to of figured out how to get the unique device key, with this I presume you could indeed downgrade further to 4.x by building a firmware using your consoles encryption key.......which may be handy if the theoretical 5.x hack can only retrieve the keys but not usable for much else......

And finally I don't think 3DS's just automatically update, they will download an update but it's always on you to pick to update or not

 

[Deleted member 313057]

You would need to solder some wired to the motherboard to get a nand dump, if you do this, if ever a hack is discovered for 5.x you would be able to downgrade to use the exploit.

Smealum already seems to of figured out how to get the unique device key, with this I presume you could indeed downgrade further to 4.x by building a firmware using your consoles encryption key.......which may be handy if the theoretical 5.x hack can only retrieve the keys but not usable for much else......

And finally I don't think 3DS's just automatically update, they will download an update but it's always on you to pick to update or not

Yes, I know you need to solder to get the NAND dump. I already have a soldering gun and the things I need to accomplish this. I saw a video on how to do the NAND dump for the 3DS XL, but I am wondering if there is any similar method for the 3DS.

Also, thank you for your information.

 

[obcd]

There is a similar method for 3ds, but one of the signal points is partly under the card slot and difficult to solder (very small)

 

[gamesquest1]

Yeah there is a pinout for both models although the regular 3ds is apparently a bit harder to do
http://3dbrew.org/wiki/Hardware

 

[Deleted member 313057]

There is a similar method for 3ds, but one of the signal points is partly under the card slot and difficult to solder (very small)

Hrm. I am not that good at soldering, so I will not press my luck for that sort of task. I think I'll wait until a vulnerability is discovered for 5.1.0-11U and then soft-dump the NAND.

 

[gamesquest1]

Well good luck I suppose.....there hasn't really been much progress in regards to future hacks but you never know, sticking to 5.1 will atleast give you the best chances of being supported, but still no guarantee.

I'm just glad I looked on 3dsbrew when I got my XL and saw the warning that 4.5 was the last firmware with a known exploit

 

[Deleted member 313057]

Well good luck I suppose.....there hasn't really been much progress in regards to future hacks but you never know, sticking to 5.1 will atleast give you the best chances of being supported, but still no guarantee.

I'm just glad I looked on 3dsbrew when I got my XL and saw the warning that 4.5 was the last firmware with a known exploit

Yea, which is why I'm hoping for a way to find the encryption key for devices that aren't hacked ;(.

 

[Cyberdrive]

You should get a hackable model while they're still around, I think. Especially considering ongoing bricking wave. The longer you wait, the more you'll have to pay in the end.

 

[Deleted member 313057]

Hey again,

I've removed some screws on the side with the battery pack, but it's rather hard to do it with my current equipment. I have three screws removed at the moment. Is there an easier way to remove the back cover? I can't seem to do it with my flat-head screwdriver, even though the size is correct.

Spoiler

 

[gamesquest1]

Usually better with a Phillips screwdriver if they are Phillips screws....you could try putting more pressure on though, just make sure you don't round off the screws or it will be pretty hard to remove if you do
Here's a video to follow if it helps, it's just for disassembly but may help you

 

[Foxi4]

There is a similar method for 3ds, but one of the signal points is partly under the card slot and difficult to solder (very small)

You can use a different terminal on the other side of the PCB. More troublesome when it comes to cable placement and fitting it back into the case, but you don't have to worry about having to de-solder the cart slot or missing the terminal.

http://gbatemp.net/threads/nand-flash-dump-3ds.353263/

Usually better with a Phillips screwdriver if they are Phillips screws....you could try putting more pressure on though, just make sure you don't round off the screws or it will be pretty hard to remove if you do.

The screws are very delicate and he will most likely damage them - I suggest that he returns to the project once he has the appropriate tools.

 

[Cyberdrive]

Hey again,

I've removed some screws on the side with the battery pack, but it's rather hard to do it with my current equipment. I have three screws removed at the moment. Is there an easier way to remove the back cover? I can't seem to do it with my flat-head screwdriver, even though the size is correct.

No idea. Maybe these will help:
http://www.ifixit.com/Teardown/Nintendo+3DS+Teardown/5029
http://www.ifixit.com/Guide/Nintendo+3DS+Motherboard+Replacement/6017

 

[obcd]

Some of the ninty screws have an y shaped hole in them. You need a special tri wing screwdriver to remove those screws. A philips screwdriver has 4 grooves at an angle of 90 degrees. The triwing screws only have 3 grooves at an angle of 120 degrees. You frequently find such screwdrivers on Ebay, but most of them are poor quality. Still, they are better than a flat or philips screwdriver to remove the special ninty screws. If you use the wrong tool, you likely will damage the screw head. Once it's damaged, you can still try to drill it out, but that means you will need a replacement screw afterwards. The best drills for such a delicate operation are left rotating ones. If the drill fixes in the screw hole, it can turn the screw out if you are lucky. A normal drill will rotate it further in.

 

[Arnold0]

Some of the ninty screws have an y shaped hole in them. You need a special tri wing screwdriver to remove those screws. A philips screwdriver has 4 grooves at an angle of 90 degrees. The triwing screws only have 3 grooves at an angle of 120 degrees. You frequently find such screwdrivers on Ebay, but most of them are poor quality. Still, they are better than a flat or philips screwdriver to remove the special ninty screws. If you use the wrong tool, you likely will damage the screw head. Once it's damaged, you can still try to drill it out, but that means you will need a replacement screw afterwards. The best drills for such a delicate operation are left rotating ones. If the drill fixes in the screw hole, it can turn the screw out if you are lucky. A normal drill will rotate it further in.

I already opened 2 3DS and 1XL and none had these screws, all were philips.

 

[obcd]

My mistake. It suprises me they finally decided not 2 use those anymore.
A flatbed screwdriver for philips screws is a bad idea as well.

 

[Thorhian]

Ninty ditched all Tri-wings in the 3DS. I remember seeing the ifixit teardown when the 3DS launched. I have also taken apart several 3DS systems. Good times.....

 

[profi200]

I can't hold on xD

Nope, even smea did not get the keys. He simply uses the AES engine. No one can get the keys with any software. If you don't believe me, read 3dbrew.org.

 

[Deleted member 313057]

Cracked it open. I am going to try to solder once I get the wire connector. Recommend any connectors?

Spoiler