In the past couple of days I've been developing a brand-new A9LH installer.
It loads all the needed files
from the SD card (no more need to build console-specific installers), and it's really
fast. Other than that, it's way
safer than the original one, as it does the following checks:
- Checks that it's able to encrypt FIRM partitions properly
- If you have a New 3DS and you're doing a first install, it validates your OTP. Sadly I have no way of validating the OTP on an Old3DS.
- If updating from A9LH, it verifies that the NAND keystore is the correct one (just in case) and that FIRM0 is correct before using it.
- Hashes the secret_sector, FIRM0 and FIRM1 from SD (if needed) to verify their integrity.
- Checks that stage1 and stage2 don't exceed a maximum size.
How to use:
- Copy the
3ds folder and the
.dat if making a first install, and run the program from a vulnerable firmware; or load the
.bin using A9LH itself. Press
SELECT for a full install, or to update A9LH if booting from it.
- If you already have A9LH and are thus updating, copy a
payload_stage2.bin (which was originally named
stage0x5C000.bin) and a
payload_stage1.bin to the
a9lh folder on the root of the SD.
- If doing a full (first) install, you
also need to copy these files to the a9lh folder:
firm0.bin (which was
new3ds90.firm),
firm1.bin (which was
new3ds10.firm),
secret_sector.bin (only needed on Old 3DS) and your personal
otp.bin.
Thanks go to everyone in #cakey on IRC, to delebile for his A9LH implementation, and to StandardBus who hardmodded my consoles and made this possible. Code for writing to the screens is from CakesFW.
Download: https://github.com/AuroraWright/SafeA9LHInstaller/releases