Hacking NTRboot BSOD

Majickhat55

The Red Woman
Member
Joined
Mar 28, 2016
Messages
4,936
Trophies
1
Age
36
Location
Asshai
XP
2,958
Country
United States
Hmm, I didn't consider that. You probably do need a partition table for GM9 to know where to write the ctrnand backup.
Without a NAND chip or at least parts of the original chip, it might be impossible to create a working emunand, I think there are some things like NAND CTR and NAND CID that are required to encrypt/decrypt the NAND, at least if yellows8's crypto tools are to be trusted.
Those should be obtainable even if the NAND chip is failing/faulty though, as long as it's not completely fried.
Hmm well that would indeed be pretty cool if we could essentially generate a complete NAND partition in the future, without a working chip. Though what could you actually do with it? I assume it would be like a bloatfree version of windows without drivers, where it loads but that's it. It can't access the consoles ACTUAL NAND because it doesn't exist if it's fried/missing entirely. Or would you somehow be able to use a parsing tool from bootrom that can restore missing titles if they're present on the SD card, to work in tandem with assumed created "half-NAND"? Sorry, I'm just thinking out loud now....
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
23,207
Trophies
4
Location
Space
XP
13,730
Country
Norway
Hmm well that would indeed be pretty cool if we could essentially generate a complete NAND partition in the future, without a working chip. Though what could you actually do with it? I assume it would be like a bloatfree version of windows without drivers, where it loads but that's it. It can't access the consoles ACTUAL NAND because it doesn't exist if it's fried/missing entirely. Or would you somehow be able to use a parsing tool from bootrom that can restore missing titles if they're present on the SD card, to work in tandem with assumed created "half-NAND"? Sorry, I'm just thinking out loud now....
The ctrtransfer contains all the 3DS-mode stuff, but DS/DSi-mode could be a problem, they won't work without the original header intact on NAND. The TWL (DSi) partitions on NAND would have to be recreated as well, but that should be possible in a similar way as a ctrtransfer since we have the keys, only the header would be a problem.
 
  • Like
Reactions: Majickhat55

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,237
Headers are transferable, and once upon a time no matching twl header was bad, but with sighax you should be able to generate a matching twl header and sighax sign it rather than depending on a donor that breaks twl firm.. ....but again the tools don't really exist and I hope nobody actually has a 3ds with the nand removed,

But further thinking out loud makes me think you could probably link the power button to start,select,x and the lid sensor and have the power button perform ntrboothax automatically as long as the both cart is in XD
 
Last edited by gamesquest1,
  • Like
Reactions: Majickhat55

Majickhat55

The Red Woman
Member
Joined
Mar 28, 2016
Messages
4,936
Trophies
1
Age
36
Location
Asshai
XP
2,958
Country
United States
So in theory it's quite possible if those headers are only region specific and not console unique and they can be dumped/injected along with the TWL partition.... Which I assume if a CTRNAND isn't console unique those aren't either.

If that became a thing for people with fried chips, would it essentially work "normally" albeit loaded through *HaX* each boot? Would the system consider that the ACTUAL NAND or an emuNAND?
 

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,237
So in theory it's quite possible if those headers are only region specific and not console unique and they can be dumped/injected along with the TWL partition.... Which I assume if a CTRNAND isn't console unique those aren't either.

If that became a thing for people with fried chips, would it essentially work "normally" albeit loaded through *HaX* each boot? Would the system consider that the ACTUAL NAND or an emuNAND?
The actual header is not even region specific, it is model specific though, so you have a o3ds header or n3ds, and while the encryption might use some part of the nand id for encrypting/decrypting, I'm assuming that might just defaults to zeros or garbage if it can't read it, and simply generating xorpads in decrypt9 would give you what the console would be expecting in the events of having no nand seed

That said I'm still hoping nobody has a nandless console and I would hope they could just take the piss and bin it if they do :rofl2:
 
Last edited by gamesquest1,
  • Like
Reactions: Majickhat55

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Veho @ Veho: Mkay.