Please tell me that you don't actually think you're funny.Please tell this is just a language gap and when you said "he" you meant "it"
Please tell me that you don't actually think you're funny.Please tell this is just a language gap and when you said "he" you meant "it"
That wasn't sarcasm on my part :/ they way you worded that it sounded like you managed to pull bootrom keysPlease tell me that you don't actually think you're funny.
That wasn't sarcasm on my part :/ they way you worded that it sounded like you managed to pull bootrom keys
the arm9loaderhax keyfinder should do just fine on devkits, actually. The method is essentially the exact same, downgrade to low FW, grab OTP, decrypt secret sector, use the key bruteforcer to find a new key (using the dev FW), encrypt secret sector with new key #2, add stage1 at the proper place and flash it all to the deviceRei does indeed have devkits. I assume they're hacked, but then again, I don't know.
People seem to underestimate the difficulty of modifying devkits though. Right now, according to people I talk with on #Cakey the most ideal exploit on devkits at the moment is MSET. You can't necessarily a9lh a devkit. The secret sector is different, and the method of calculating keys to clobber is more than likely different.
This is made worse by the large majority of people who have devkits being NDA'd.
the arm9loaderhax keyfinder should do just fine on devkits, actually. The method is essentially the exact same, downgrade to low FW, grab OTP, decrypt secret sector, use the key bruteforcer to find a new key (using the dev FW), encrypt secret sector with new key #2, add stage1 at the proper place and flash it all to the device
"dev FW"? NATIVE_FIRM and SAFE_MODE_FIRM are the same across all devices, retail as well as dev, as far as I'm aware.the arm9loaderhax keyfinder should do just fine on devkits, actually. The method is essentially the exact same, downgrade to low FW, grab OTP, decrypt secret sector, use the key bruteforcer to find a new key (using the dev FW), encrypt secret sector with new key #2, add stage1 at the proper place and flash it all to the device
iirc, dev FW is signed differently, meaning they won't be able to run on retail, and vice versa, which means for a9lh on a dev unit, you'll need to use one of their FWs"dev FW"? NATIVE_FIRM and SAFE_MODE_FIRM are the same across all devices, retail as well as dev, as far as I'm aware.
Why?Please tell this is just a language gap and when you said "he" you meant "it"
Re-reading this thread I feel the same so let's keep it on topic please I'm really enjoying reading this.When this thread isn't just memes and shitposts, I feel like I'm learning stuff. I have little to no knowledge of low-level hardware/software, so this is all a really interesting read. If there's anything to test hardware-wise, I have a O3DS XL that I killed with a failed hardmod, so if that could be of use to anyone, just let me know.
I'm pretty sure they're locked still.What about those Blue BootROM screens? Are the BootROMs locked after or before those can happen?
They're probably locked... We won't know until we either A. Exploit it from that blue screen or B. Get it through other means and RE the blue screen codeWhat about those Blue BootROM screens? Are the BootROMs locked after or before those can happen?
Some of the bootrom is unprotected, and you're correct that it contains mostly functions used in protected bootrom.Isn't the code section of the bootroms accesible? Maybe they have some sort of debug port so they can make tests if an unit is broken.
Btw what would bootromhax do for us
Ooo so basically give us cias like a month before release due to us being able to decrypt titlesgive us the secret keys so we can decrypt and encrypt stuff that can usually only be done on the 3ds on a computer
Ooo so basically give us cias like a month before release due to us being able to decrypt titles