And... What locks reading from that region at boot? The Native_firm?
yes; this is why we can go to versions before 3.0 to get the OTP.And... What locks reading from that region at boot? The Native_firm?
Yes, at least if you can follow a guide without skipping any step.And today,installing A9LH is safe?
And today,installing A9LH is safe?
Oh, don't worry, it's a technical detail that won't affect common users/developers and most likely not even bootrom researchers; but when you make consoles by the tens of thousands, a fixed rom + a small prom is cheaper and more reliable than a larger prom!Oh my mistake, I thought it was actually within the bootrom.
whats afaik??It's in the bootrom, which hasn't been decrypted yet afaik.
Unless we end up getting some kind of a bootrom exploit, or some other "miracle" hack comes about, downgrading to 2.1 will remain the only realistic option to get the OTP, and @d0k3's tools have proven time and again to be safe. As long as you can follow directions, the entire process is about as safe as it can possibly be, especially now since Hourglass9 is out, which should remove a lot of human error from the NAND restoration parts.
I don't fully understand what they're doing there, but it says this:Do you know if anyone has looked at applying Tempesthax to the 3DS? I know it already has to several different kinds of encryption software on both the iPhone and Android to extract ECDSA keys.
Wouldn't that mean we would need to know the encryption/decryption key used to protect OTP in order to have any hope of discovering it using the method? Also, the equipment needed is so specialised, whereas currently OTP can be captured using a relatively safe method.fully extract decryption keys, by measuring the laptop's electromagnetic emanations during decryption of a chosen ciphertext
I don't fully understand what they're doing there, but it says this:
Wouldn't that mean we would need to know the encryption/decryption key used to protect OTP in order to have any hope of discovering it using the method? Also, the equipment needed is so specialised, whereas currently OTP can be captured using a relatively safe method.
I see. But still, wouldn't those keys be per-console, and hence the same elaborate process would be needed to capture them each time?No, the whole point of what they did is to extract the keys. Known/chosen plaintext means that you know (or can control) what is being encrypted or decrypted. Also, the point of using something like that would be to get the Bootrom keys or other keys we don't have, not OTP. You know, like the ones that would be needed to install CIA files or system titles directly, which would allow downgrading to any firmware via hardmod. Or decrypting games without the need for a 3DS and decrypt9.