Hacking [Release] 3DSafe: In-NAND PIN lock for 3DS

[NightScript]

When you see the option screen, press R.

Then, boot wthout SD card.

Profit $$$$

 

[nooby89]

OK nice.
But can we replace the payload from another ?

 

[NightScript]

What?

The payload is included with ShadowNAND and its Luma3DS.

You can switch the payload but its better not to.

 

[nooby89]

I misspoke, it's possible to switch the emergency.bin for another ?

 

[NightScript]

You can switch the payload but its better not to.

Its because they changed a few things to make it boot from CTRNand

 

[Halvorsen]

Before I install this, could I have clarification on how we can boot without an SD Card? It doesn't make any sense on the Github.

 

[gamesquest1]

Before I install this, could I have clarification on how we can boot without an SD Card? It doesn't make any sense on the Github.

just turn on your console with no SD inserted, the first time you run 3ds safe use the "update nand" option (just press R on the menu, its all pretty clear once you have it up and running) to install the mini cfw, from then on you can just boot the system with no SD card inserted, the menu is text based when in no SD mode, but it all functions pretty much the same as the graphical menu

 

[Halvorsen]

just turn on your console with no SD inserted, the first time you run 3ds safe use the "update nand" option to install the mini cfw, from then on you can just boot the system with no SD card inserted, the menu is text based when in no SD mode, but it all functions pretty much the same as the graphical menu

Kk cool. I'm already using arm9loaderhax v3 with the mini cfw in it already, is there any incompatibilities with using this one?

 

[gamesquest1]

Kk cool. I'm already using arm9loaderhax v3 with the mini cfw in it already, is there any incompatibilities with using this one?

this is a alternative a9lh with the so you will be running 3dsafe instead of a9lh v3 once you install this, pretty sure there will be no issues swapping from the regular a9lh to this, but as always have nand backups etc etc just in-case

 

[Halvorsen]

Last question, haha. I'm installing stage1 and stage2, and SafeA9LHInstaller says it can't verify the integrity. It's still safe, right? Just checking.

 

[NightScript]

Yeah. Its safe.

 

[nooby89]

@mashers I've got a suggestion: For change the password of 3DSafe, I think it would be more safer to type the old password before change it. If you bypass the password with otp.bin, and to change the password, if you have your otp.bin you don't need to type the old password.

 

[mashers]

@mashers I've got a suggestion: For change the password of 3DSafe, I think it would be more safer to type the old password before change it. If you bypass the password with otp.bin, and to change the password, if you have your otp.bin you don't need to type the old password.

I did think about this and considered making it so you had to enter the old PIN before changing it. The problem here is that if you forget the PIN, you can bypass it but then wouldn't be able to change it. To be honest, you shouldn't be walking around with your OTP on your SD card anyway so this problem should never occur. If you're bypassing the PIN, you should then be changing it and immediately deleting the OTP anyway. If you leave it on the SD card, 3DSafe becomes pointless whether you can change the PIN or not.

@gamesquest1 @metroid maniac @ghostpotato @Skyshadow101
I hope you don't mind me tagging you all, but you were all kind enough to report back your test results. Before going to 1.0, I've just uploaded one more beta version. If you could give this a try I would really appreciate it. This version removes the OTP bypass and replaces it with SHA bypass. So, if you could try the following and let me know the outcome I would be really grateful:

1. Update to 3DSafe 0.11
2. Put otp.bin on the root of your SD card and verify that it no longer bypasses the PIN lock
3. Enter 3DSafe settings
4. Press L to dump the sha.bin to the root of your SD card
5. Reboot your 3DS and check it bypasses the PIN lock
6. Delete sha.bin from the SD card, reboot, and ensure the bypass no longer occurs

If you could let me know about each of those steps and whether each worked I would really appreciate it.

 

[WeedZ]

3DSafe is an arm9loaderhax payload which will lock your sysnand with a PIN. The PIN request is displayed as soon as the 3DS is powered on. Because the 3DSafe payload is the A9LH stage1/stage2 payload, it is stored in NAND itself, not on the SD card. The PIN is also stored in NAND, so there is no way to edit or remove the PIN by removing the SD card or modifying files on it. After successfully entering the PIN, arm9loaderhax.bin is loaded from the SD card.

​

If you forget your PIN
Because everything to do with 3DSafe is in NAND, you cannot remove the PIN lock or change the PIN until you have already got past the request for the PIN. For this reason, a bypass is included. This involves getting your console-specific OTP, placing it at /otp.bin on your 3DS SD card, and then booting. 3DSafe will detect the presence of the OTP file and bypass the PIN request, allowing you to change the PIN and boot the console.


You must safeguard your PIN and your OTP.bin
I cannot stress this enough. If you install 3DSafe, forget your PIN and lose your OTP, your 3DS will be a brick. There is absolutely no way to circumvent the PIN request without the OTP.bin. The only thing you would be able to do in this situation would be to hardmod your 3DS and use the hardmod to write a NAND backup which does not have 3DSafe installed (or one in which you know the PIN). If you forget your PIN, lose your OTP.bin and don't have a NAND backup you can restore using a hardmod, your 3DS will be permanently bricked.

I reiterate: BEFORE installing 3DSafe, make two NAND backups, verify that the md5sums match, do the same for your OTP, and then store your NAND backup and OTP in several safe locations. If you don't do this and forget your PIN, your 3DS is BRICKED.


Testing and disclaimer
I have tested this on my EUR n3DS. I make absolutely no guarantee that it will work for anybody else. Since you are writing these payloads to sysNAND, there is a possibility that you will brick your 3DS. I take absolutely no responsibility for this. Do not install this unless you know exactly what you are doing. I highly recommend that you take a NAND backup before installing this, and preferably have a hardmod before installing.


How to Install
Installation instructions can be found here:
https://github.com/mashers/3DSafe/blob/master/README.md


Download link
Download the release from GitHub:
https://github.com/mashers/3DSafe/releases


Credits
This project is based on ShadowNAND by RShadowhand, from which it is forked. All credit for the original payload is inherited from this project and the projects on which it is based in turn. The modifications in 3DSafe are by @mashers.

3DSafe incorporates parts of GodMode9 by @d0k3 for reading and writing the PIN from/to NAND. Credit for the code in 3DSafe which is taken from GodMode9 and modified by mashers is given to d0k and the other contributors to the GodMode9 project. This includes the following components of 3DSafe:

• godmode.c
• godmode.h
• fatfs (modified to mount/read/write 3DS NAND partitions)
• nand

3DSafe also includes an integrated version of SafeA9LHInstaller by @Aurora Wright.

Fuck. Yeah.

 

[metroid maniac]

I'll gladly test the new beta, though it'll be another 6~7 hours before I'm home and have the opportunity to do so.

 

[mashers]

I'll gladly test the new beta, though it'll be another 6~7 hours before I'm home and have the opportunity to do so.

Thank you

 

[Ichigo1000]

I did think about this and considered making it so you had to enter the old PIN before changing it. The problem here is that if you forget the PIN, you can bypass it but then wouldn't be able to change it. To be honest, you shouldn't be walking around with your OTP on your SD card anyway so this problem should never occur. If you're bypassing the PIN, you should then be changing it and immediately deleting the OTP anyway. If you leave it on the SD card, 3DSafe becomes pointless whether you can change the PIN or not.

@gamesquest1 @metroid maniac @ghostpotato @Skyshadow101
I hope you don't mind me tagging you all, but you were all kind enough to report back your test results. Before going to 1.0, I've just uploaded one more beta version. If you could give this a try I would really appreciate it. This version removes the OTP bypass and replaces it with SHA bypass. So, if you could try the following and let me know the outcome I would be really grateful:

1. Update to 3DSafe 0.11
2. Put otp.bin on the root of your SD card and verify that it no longer bypasses the PIN lock
3. Enter 3DSafe settings
4. Press L to dump the sha.bin to the root of your SD card
5. Reboot your 3DS and check it bypasses the PIN lock
6. Delete sha.bin from the SD card, reboot, and ensure the bypass no longer occurs

If you could let me know about each of those steps and whether each worked I would really appreciate it.

Wouldn't it be best if you could still leave the otp bypass alongside the sha bypass? That would probably be helpful considering the majority of people already have the otp. It can also be a backup incase they lose their sha.bin.

 

[metroid maniac]

Wouldn't it be best if you could still leave the otp bypass alongside the sha bypass? That would probably be helpful considering the majority of people already have the otp. It can also be a backup incase they lose their sha.bin.

You can calculate a sha.bin from a otp.bin.
It's just SHA-256, tons of tools exist to calculate it.

 

[mashers]

Wouldn't it be best if you could still leave the otp bypass alongside the sha bypass? That would probably be helpful considering the majority of people already have the otp. It can also be a backup incase they lose their sha.bin.

Somebody did suggest that earlier. I could actually check for OTP.bin before the sha.bin check. If the OTP.bin is found then it could hash it and feed that into the sha checking function. That way it would still work with otp.bin.

 

[nooby89]

I did think about this and considered making it so you had to enter the old PIN before changing it. The problem here is that if you forget the PIN, you can bypass it but then wouldn't be able to change it. To be honest, you shouldn't be walking around with your OTP on your SD card anyway so this problem should never occur. If you're bypassing the PIN, you should then be changing it and immediately deleting the OTP anyway. If you leave it on the SD card, 3DSafe becomes pointless whether you can change the PIN or not.

Yes, you're right. I did not think about it.
Anyways, I found a bug on 0.11 version, on the screen to enter the pin. Every time we tap on a key (like A, B, X, Y L, R etc) the screen «bug».