Blah, did not see this post. Oh well.
There is a second key used for FIRM: the encryption key. This is system-specific, and I'm guessing it's derived from the OTP. Of course, due to the XOR plaintext vulnerability, the FIRM key isn't strictly needed as long as you have the plaintext FIRM.
Actually, current "CFW"s are not custom firmwares, but patchers. This would allow us to have a proper, real custom firmware.
Again, this could be done right now. The only difference would be loading from the FIRM partition instead of SD. (Chances are initial sighax implementations will simply chainload arm9loaderhax.bin anyway.)
well essentially since we are able to install legit signed with k11 hax we should be able to self sign with sighax meaning we can install custom software and install stuff ourselves. we can make all the exploitable software we want and can essentially open a whole new world for devs (expect many bricked 3ds)
only difference would be the need for k11 alone rather than k9
Either way, there is NOT full control over the system without the BootROM exploit. Either way, my point was, current "CFW"s are not CFWs.
you still need completely write access to the NAND, k11 permissions won't get you that, only k9, dsiware or hardmod will work for that. I don't where your getting your info but your spreading alot of missinformation
k11 lets us install properly signed stuff so if we can trick it to think its properly installed (sighax) yes we can
arm11 kernel access lets you install cia's that have a legitamate signature, the signature is generated using console specfic info that none has cracked yet but legit cia's use a universal ticket ie. ones from preinstalled games which are not console specfic since nintendo installs these en masse when manufacturing their bundle consoles. To use sighax you have to be able to write to NFIRM and arm 11 kernel access those not have these permission. In short if you don't have hardmod, have dsiware or are on 11.0+ this is useless to you
i see thanks for clarifying this (im new to the 3ds scene so i dont understand everything but am willing to learn if someone knows)
so it seems we are getting some information from the thread so id say yes there is progress
no problem, the bootrom key is purely used to sign boot0 nothing else, this was done intentionally since signing everything with 1 key is a terrible idea. Most of the other keys are contained in your otp for various other things but not for title installs or bootrom, otp is only used at the beginning of boot just after bootrom and once arm 9 is finished booting it gets locked away permanently
so essentially only system patches are achievable (aka things like luma3ds) using otp? but the bootrom key would be like actual firmware (all the way down to arm9 arm7 arm11) anything it can handle?
so we could technically patch the boot0 to load our otp automatically?
A9LH can be used for a full OS replacement. It hasn't been done yet (besides the Linux PoC) because no one has bothered.
also too risky bricks are everywhere xD however restore should be easily possible
K3Nv2
Psionic Roshambo
Sicklyboy
Xdqwerty
@
K3Nv2:
@
SylverReZ:
@
Psionic Roshambo:
@
K3Nv2:
