The ones used to decrypt games wouldn't be but presumably at least some of the ones needed to install things are. Even so, apparently the equipment required is fairly cheap and I could see some of the people who do hardmods getting said equipment should such an attack for the 3DS be developed so they could downgrade even once Ninty blocks the current hardmod downgrade method.
The ones used to decrypt games wouldn't be but presumably at least some of the ones needed to install things are. Even so, apparently the equipment required is fairly cheap and I could see some of the people who do hardmods getting said equipment should such an attack for the 3DS be developed so they could downgrade even once Ninty blocks the current hardmod downgrade method.
The 3DS employs a system of memory which is called "Memory-mapped I/O".
Devices external to the system memory, can show up in the addressable memory space because of this architectural decision.
The bootrom and OTP are among two devices which connect to this memory space, temporarily, while the system is starting up.
The bootrom has two zones with differing protection bits, and the OTP is another zone on another unit.
What happens is, after the protected bootrom has done its job (initializing keyslots with data from the OTP area, and some other low-level initializations) it "locks the key inside the door", so to speak - by setting a certain bit on a register, the bootrom is now no longer mapped into memory space, and it is effectively, disconnected from the CPU, permanently, until the CPU resets itself.
The same happens with the OTP area, only much later - it's the responsibility of the ARM9loader (New3DS) or the NATIVE_FIRM (Old3DS family) to set the bit in the protection register, to disconnect the OTP area from memory.
Devices external to the system memory, can show up in the addressable memory space because of this architectural decision.
The bootrom and OTP are among two devices which connect to this memory space, temporarily, while the system is starting up.
The bootrom has two zones with differing protection bits, and the OTP is another zone on another unit.
What happens is, after the protected bootrom has done its job (initializing keyslots with data from the OTP area, and some other low-level initializations) it "locks the key inside the door", so to speak - by setting a certain bit on a register, the bootrom is now no longer mapped into memory space, and it is effectively, disconnected from the CPU, permanently, until the CPU resets itself.
The same happens with the OTP area, only much later - it's the responsibility of the ARM9loader (New3DS) or the NATIVE_FIRM (Old3DS family) to set the bit in the protection register, to disconnect the OTP area from memory.
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
-
-
-
@
Xdqwerty:
A-WELL-A BIRD, BIRD, BIRD, B-BIRD'S THE WORD
A-WELL-A BIRD, BIRD, BIRD, B-BIRD'S THE WORD
A-WELL-A -
-
-
-
-
-
-
-
-
-
-
-
-
-
