[Release] 3DSafe: In-NAND PIN lock for 3DS

Discussion in '3DS - Flashcards & Custom Firmwares' started by mashers, Sep 7, 2016.

  1. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    Notice: 3dsafe is no longer being maintained

    3DSafe is an arm9loaderhax payload which will lock your sysnand with a PIN. The PIN request is displayed as soon as the 3DS is powered on. Because the 3DSafe payload is the A9LH stage1/stage2 payload, it is stored in NAND itself, not on the SD card. The PIN is also stored in NAND, so there is no way to edit or remove the PIN by removing the SD card or modifying files on it. After successfully entering the PIN, arm9loaderhax.bin is loaded from the SD card.

    pinentry.png
    options.png

    If you forget your PIN
    Because everything to do with 3DSafe is in NAND, you cannot remove the PIN lock or change the PIN until you have already got past the request for the PIN. For this reason, a bypass is included. This involves dumping your (nearly console-specific) sha.bin, placing it at /sha.bin on your 3DS SD card, and then booting. 3DSafe will detect the presence of the SHA file and bypass the PIN request, allowing you to change the PIN and boot the console. 3DSafe includes a simple option to dump the SHA to the SD card during installation, and the full installation instructions include details of what to do with it.


    You must safeguard your PIN and your sha.bin
    I cannot stress this enough. If you install 3DSafe, forget your PIN and lose your sha.bin, your 3DS will be a brick. There is absolutely no way to circumvent the PIN request without the sha.bin. The only thing you would be able to do in this situation would be to hardmod your 3DS and use the hardmod to write a NAND backup which does not have 3DSafe installed (or one in which you know the PIN). If you forget your PIN, lose your sha.bin and don't have a NAND backup you can restore using a hardmod, your 3DS will be permanently bricked.

    I reiterate: BEFORE installing 3DSafe, make two NAND backups and verify that the md5sums match. After installation, dump your sha.bin, and then store your NAND backup and sha.bin in several safe locations. If you don't do this and forget your PIN, your 3DS is BRICKED.


    Testing and disclaimer
    I have tested this on my EUR n3DS. I make absolutely no guarantee that it will work for anybody else. Since you are writing these payloads to sysNAND, there is a possibility that you will brick your 3DS. I take absolutely no responsibility for this. Do not install this unless you know exactly what you are doing. I highly recommend that you take a NAND backup before installing this, and preferably have a hardmod before installing.


    How to Install
    Installation instructions can be found here:
    https://github.com/mashers/3DSafe/blob/master/README.md
    (Main project page deleted, you can use one of the forked project instead, see the download link below)

    Download link
    Download the release from GitHub:
    https://github.com/maorninja/3dsafe/


    Credits
    This project is based on ShadowNAND by RShadowhand, from which it is forked. All credit for the original payload is inherited from this project and the projects on which it is based in turn. The modifications in 3DSafe are by @mashers.

    3DSafe incorporates parts of GodMode9 by @d0k3 for reading and writing the PIN from/to NAND. Credit for the code in 3DSafe which is taken from GodMode9 and modified by mashers is given to d0k and the other contributors to the GodMode9 project. This includes the following components of 3DSafe:
    • godmode.c
    • godmode.h
    • fatfs (modified to mount/read/write 3DS NAND partitions)
    • nand
    3DSafe also includes an integrated version of SafeA9LHInstaller by @Aurora Wright.
     
    Last edited by Cyan, Feb 10, 2017


  2. peteruk

    peteruk GBAtemp Maniac

    Member
    1,377
    611
    Jun 26, 2015
    I saw you posting about this yesterday and didn't see this coming, great job and thanks for sharing :)
     
  3. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    You're welcome :) I was going to wait until I had the PIN stored in NAND before releasing, but I decided it's still useful as-is since the PIN lock does actually work, and someone would have to think to delete pin.txt from the SD card to get around it :D
     
    peteruk likes this.
  4. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    Added a YouTube video demonstration. Yes, my PIN is the cheat code from DKC ;)
     
    peteruk likes this.
  5. migles

    migles Mei the sexiest bae

    Member
    GBAtemp Patron
    migles is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,620
    4,337
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    once this will be possible you need to put an arse door on it (backdoor)
    people can shove the console on an attic for years and when selling the console at garage sales or trying to play again after some time, they will forget the pin..then it is just another electronic waste...
     
    VinLark, Subtle Demise and Hozu like this.
  6. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    The idea is that there is no backdoor. If there's a backdoor, it's useless.

    The code is on GitHub, so if anybody wants to fork it and add a backdoor then that's up to them, but in this release there won't be one.
     
    awtgrduzwt5r9, klear and migles like this.
  7. yacepi15

    yacepi15 GBAtemp Advanced Fan

    Member
    868
    167
    Aug 15, 2015
    @mashers how did you the "New Nintendo 3DS" screen?
    Thanks.
     
  8. dimmidice

    dimmidice GBAtemp Advanced Maniac

    Member
    1,872
    1,261
    Sep 12, 2009
    Belgium
    Can you still import a nand backup without the pin or not? That seems like a pretty safe backdoor. Forget the pin and your data is secure, but you can still import a nand backup (without pin setup) that you have to unpin it.
     
  9. Thunder Kai

    Thunder Kai #TeamRem

    Member
    1,343
    367
    Sep 4, 2015
    United States
    With Rem
    can we use payload GM9 to remove it?
     
  10. osm70

    osm70 GBAtemp Advanced Fan

    Member
    943
    386
    Apr 17, 2011
    Czech Republic
    I am guessing that could remove it, but you need to enter the PIN to even boot into that.
     
  11. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    @yacepi15
    It's a Luma3DS splash screen. Nothing to do with 3DSafe at all :)

    @dimmidice
    Yes, if you overwrite the NAND from a backup then it will remove the PIN. But, since the PIN is asked for before any A9LH payload from SD is launched, you won't be able to restore the NAND backup without entering the PIN first (unless you use a hardmod).

    @Thunder Kai
    I don't know what you mean by using payload GM9. As I said above, if you restore a NAND without it, then it will remove the PIN requirement.

    — Posts automatically merged - Please don't double post! —

    @osm70
    That is correct.
     
  12. dimmidice

    dimmidice GBAtemp Advanced Maniac

    Member
    1,872
    1,261
    Sep 12, 2009
    Belgium
    Ah, that's a shame. Still its a nice release that i'm sure some people will definitely use.
     
  13. osm70

    osm70 GBAtemp Advanced Fan

    Member
    943
    386
    Apr 17, 2011
    Czech Republic
    You remind me of Apple. Both of you are willing to brick a device if you don't know the password.
     
  14. Keylogger

    Keylogger GBAtemp Advanced Maniac

    Member
    1,712
    364
    May 3, 2006
    France
    Nice ^^

    So if I can't remember the PIN, my 3DS is useless if I have no hardmod and a NAND backup?

    EDIT: What spash screen are you using in the video? :O
     
    Last edited by Keylogger, Sep 7, 2016
  15. Hayleia

    Hayleia GBAtemp Maniac

    Member
    1,485
    1,135
    Feb 26, 2015
    France
    On one hand, it sounds like a stupid way to brick. But on the other hand, what's the use of the password if it can be bypassed?
    (Note, you could repeat this exact sentence about arm9loaderhay's passwords, but the point was not to be 100% safe, just to prevent people from booting random payloads by chance).
     
  16. Temarile

    Temarile (ノ◕ヮ◕)ノ*:・゚✧ A9LH ✧゚・: *ヽ(◕ヮ◕ヽ)

    Member
    1,132
    421
    Jan 7, 2016
    Netherlands
    What about a build in reset password function if you press Left 4 times in a row? Or even a silly combination of buttons? Would that be feasible? So you can reset your password if you forgot it, but it is still kinda hidden so you won't be able to do it by accident
     
  17. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    I don't know why this is a problem. Remember that you would have to restore a NAND from the device itself. So if the 3DS were to be stolen, somebody would have to restore YOUR NAND backup using a hardmod. For that to happen, the 3DS thief would have to know where I live, know where I keep my NAND backup, break in to my house and steal it. I think at that point I have bigger problems than my 3DS :P

    I don't know what that has to do with Apple. But the only person who would not know my 3DS PIN would be a thief. And if they've got my property, then I'm absolutely happy for the 3DS to be a brick.

    Too easy to circumvent. Thief google's 3DS PIN code, finds the GitHub page for 3DSafe, and obtains the backdoor combination, rendering the PIN completely useless.

    Let me reiterate: I will not be adding a back door function to this payload. If you don't like the idea of a locked NAND with no way of bypassing the lock, then don't use it.
     
    lonewolf08, Minnow, DrkBeam and 2 others like this.
  18. dimmidice

    dimmidice GBAtemp Advanced Maniac

    Member
    1,872
    1,261
    Sep 12, 2009
    Belgium
    On the subject of bypassing the pin in a sort of safe manner, what about the OTP file? if you put that in a specific place then you can bypass the bin. If you don't have it then it can't be bypassed. You should store that somewhere safely anyway so its convenient.

    Well, it wouldn't be for thieves. Thieves wouldn't be able to use it. It'd be for if you forget the pin. I thought that would've been obvious.
     
    Subtle Demise and Quantumcat like this.
  19. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,153
    Jun 10, 2015
    Kongo Jungle
    I don't know if it's possible to verify that the OTP matches the specific console it's from. And let's face it, anybody who's using this should already have a safe copy of their 3DS NAND and OTP. So why not just store the PIN in a text file in the same place? :rolleyes:
     
  20. yacepi15

    yacepi15 GBAtemp Advanced Fan

    Member
    868
    167
    Aug 15, 2015
    And if your console is stolen with the SD inside... The console will be always unlocked.