Hardware nand flash dump (3ds xl)

charlie22911

Member
Newcomer
Joined
Aug 29, 2013
Messages
9
Trophies
0
Age
35
XP
139
Country
United States
so the encryption is doublechecked by an encrypted wifi connection??


It's likely that all traffic is passed over a secure connection similar to SSL\TLS, it may even be SSL\TLS. I'm pretty new to the 3DS scene so I'm still catching up, I've personally not captured 3DS traffic as I'm sure such a trivial option has been explored by more capable people already; I may have a try when I get back from overseas and have more time however.
I believe that successful hacking with this handheld generation will only happen through hardware attacks, but that's not to say we can't do neat things using other methods.
 
  • Like
Reactions: Rydian

elMagnate

Well-Known Member
Newcomer
Joined
Mar 8, 2013
Messages
95
Trophies
1
Age
38
XP
176
Country
Netherlands Antilles
Wow guys, I'm so interested in this. It looks a good enough solution for having both retail games with (or without) online capabilities on newer firmware, and pirated ones on the Gateway in 4.5.

I have version 4.5, thank God.
Other than that, a good tutorial with detailed high res images would be excellent. I won't risk my 3DS Xl if I'm not following a guide thoroughly.

Aside from wires, soldering iron, a solder (i have a cheap one, and won't be buying a $100 soldering station for this, I'd rather buy a 2nd 3DS) and Multimeter (which also I don't have, but shouldn't be too expensive, do I need something more? Well apart from the Micro SD to SD adapter and SD reader.

I have very basic soldering skills (I soldered succesfuly a PAL Mega Drive to work at 60Hz, which seemed more simple than this), but I can practice in an old external DVD drive to get better skills. I just hope that my cheap solder is enough, or if it's not, a not very expansive one can make the work (€10-20?)
 

vini9157

Well-Known Member
Newcomer
Joined
May 2, 2013
Messages
93
Trophies
0
Age
33
XP
75
Country
Brazil
Wow guys, I'm so interested in this. It looks a good enough solution for having both retail games with (or without) online capabilities on newer firmware, and pirated ones on the Gateway in 4.5.

I have version 4.5, thank God.
Other than that, a good tutorial with detailed high res images would be excellent. I won't risk my 3DS Xl if I'm not following a guide thoroughly.

Aside from wires, soldering iron, a solder (i have a cheap one, and won't be buying a $100 soldering station for this, I'd rather buy a 2nd 3DS) and Multimeter (which also I don't have, but shouldn't be too expensive, do I need something more? Well apart from the Micro SD to SD adapter and SD reader.

I have very basic soldering skills (I soldered succesfuly a PAL Mega Drive to work at 60Hz, which seemed more simple than this), but I can practice in an old external DVD drive to get better skills. I just hope that my cheap solder is enough, or if it's not, a not very expansive one can make the work (€10-20?)


i used an 40w cheap solder to my 3ds, so i think u are ok with yours, also the xl procedure is very easy, the dots is very big
 

elMagnate

Well-Known Member
Newcomer
Joined
Mar 8, 2013
Messages
95
Trophies
1
Age
38
XP
176
Country
Netherlands Antilles
How does the end result looks on the 3DS XL. Do you have the case broken somewhere, or taped hanging cables?
 

vini9157

Well-Known Member
Newcomer
Joined
May 2, 2013
Messages
93
Trophies
0
Age
33
XP
75
Country
Brazil

vini9157

Well-Known Member
Newcomer
Joined
May 2, 2013
Messages
93
Trophies
0
Age
33
XP
75
Country
Brazil
Can you do that on an XL? That pic looks like a regular 3DS.


man the xl also have the battery cover, and much more space to make the bottom hole

228px-IMG_0986.jpg


460px-IMG_0994cn.JPG
 

charlie22911

Member
Newcomer
Joined
Aug 29, 2013
Messages
9
Trophies
0
Age
35
XP
139
Country
United States
For the OG 3DS I highly recommend 30AWG kynar wire for your CLK source, the space between the screen and motherboard is very tight and anything larger will stress the screen. Of course you won't have to worry about this if you dont plan to add a permanent connector as I have done to my two. The XL is *much* easier to work with.

I don't have any fancy equipment or any special skills, just a $5 15w iron with alloy rosin core solder and my eyeballs!

 

PercentSevenC

Well-Known Member
Newcomer
Joined
Sep 12, 2009
Messages
89
Trophies
0
XP
133
Country
United States
What I want to know is if it would be possible (in theory) to use a ROM and Gateway-style firmware spoofing to "update" the DS to a different region. For example, say you have an American 3DS on 4.4U and want to play Japanese games. You would find a Jap ROM with 4.5J, run it using firmware spoofing, and let it install the 4.5J update. Now your American 3DS is running 4.5J. If you took a NAND dump beforehand you could then swap back and forth between regions.

Feasible? Or would the 4.5J update fail for some reason?
 

Devin

"Local Hardware Wizard"
Member
Joined
Aug 17, 2009
Messages
5,955
Trophies
2
Age
29
Location
The Nexus
XP
4,538
Country
United States
What I want to know is if it would be possible (in theory) to use a ROM and Gateway-style firmware spoofing to "update" the DS to a different region. For example, say you have an American 3DS on 4.4U and want to play Japanese games. You would find a Jap ROM with 4.5J, run it using firmware spoofing, and let it install the 4.5J update. Now your American 3DS is running 4.5J. If you took a NAND dump beforehand you could then swap back and forth between regions.

Feasible? Or would the 4.5J update fail for some reason?

There'd be no way to run the 4.5J update. As the firmware spoofer, and region free features of the GW3DS are in the same update. The 3DS won't prompt you for an update.
 

PercentSevenC

Well-Known Member
Newcomer
Joined
Sep 12, 2009
Messages
89
Trophies
0
XP
133
Country
United States
Right, I realize it wouldn't be possible with the Gateway in its current implementation. But in theory, could one, using the same exploit, have the 3DS report a firmware of a lower version, allowing the update prompt to occur? E.g. have it report 4.4J instead of 4.4U. Or am I completely misunderstanding things?
 

redkeyboard

Well-Known Member
Member
Joined
Jan 8, 2013
Messages
640
Trophies
1
Age
44
XP
431
Country
United States
I don't believe that's how Gateway works. I think it just disables the checks the 3DS does to make sure it has the firmware version or the check it does for the region.
 

Coto

-
Member
Joined
Jun 4, 2010
Messages
2,979
Trophies
2
XP
2,564
Country
Chile
What I want to know is if it would be possible (in theory) to use a ROM and Gateway-style firmware spoofing to "update" the DS to a different region. For example, say you have an American 3DS on 4.4U and want to play Japanese games. You would find a Jap ROM with 4.5J, run it using firmware spoofing, and let it install the 4.5J update. Now your American 3DS is running 4.5J. If you took a NAND dump beforehand you could then swap back and forth between regions.

Feasible? Or would the 4.5J update fail for some reason?

but writing to nand like that:

1. a power off or write error would render your NAND dead, the only * possible* way to bring it back would be to reflash NAND and pray the SD microcontroller pages crc are valid so you would rewrite last good firmware: bad idea

2. to move to a different region, you need to re encrypt a proper signature for firmwares. Or find a correct way to load decrypted data in a chain payload
 

PercentSevenC

Well-Known Member
Newcomer
Joined
Sep 12, 2009
Messages
89
Trophies
0
XP
133
Country
United States
I don't believe that's how Gateway works. I think it just disables the checks the 3DS does to make sure it has the firmware version or the check it does for the region.
Ah, that makes sense.

2. to move to a different region, you need to re encrypt a proper signature for firmwares. Or find a correct way to load decrypted data in a chain payload
I guess I misunderstood how the firmware encryption is set up, then. Sorry, I'm still new to this stuff.
 

Arnold0

Well-Known Member
Member
Joined
Oct 1, 2011
Messages
398
Trophies
0
Age
30
Location
Vire, France
Website
arnold0.com
XP
341
Country
France
Just saying, the error
BOOTROM 8046
ERRCODE 00F800FE
00000000 00000000
00000400 00000000
Is not when you have a problem, because I have this on mine and dumping seams to be working fine.
(I'm too noob, when I did it, I broke a connector on the mobo, luckily it's the connector which is used to takes photos but yea...)
Some pictures :
4gkaX.JPG]

4gkc4.JPG]

4gkdy.JPG]

4gkti.JPG]

4gkwN.png]

Hope someday a 6.2 dump will be usefull...
 

Arnold0

Well-Known Member
Member
Joined
Oct 1, 2011
Messages
398
Trophies
0
Age
30
Location
Vire, France
Website
arnold0.com
XP
341
Country
France
It seams the code means nothing...
In gueux french forum someone has 00000002 and it worked.
I had 00000400 and I could read (but not write)
I had 00000008 with other PC and card reader. Could read and write.
I updated the card reader driver on my PC and it goes from 00000400 to 00000200. I can read, I will try to write after I have at least 2 copy of the dump done with this code with the same MD5.
 

elMagnate

Well-Known Member
Newcomer
Joined
Mar 8, 2013
Messages
95
Trophies
1
Age
38
XP
176
Country
Netherlands Antilles
I'd like to know if E-Shop games will work this way? I mean, with a 4.5 without the e-shop games version and "the last firmware" with those games? I'd like to play Mighty switch force (2).

I think it may be possible to do it if I nand dump the last firmware with the games aswell, right? If I do a regular update with interenet or with a card it may not work, but if I flash the nand of the version where I bought the game, I think it can workt that way.

It's a bit more hassle, but if it works is alright
 

Arnold0

Well-Known Member
Member
Joined
Oct 1, 2011
Messages
398
Trophies
0
Age
30
Location
Vire, France
Website
arnold0.com
XP
341
Country
France
I belive, if you dump 4.5, update and buy the game, dump 6.2, downgrade to 4.5 it will work but I don't think the game will show in 4.5 and will have to flash 6.2 to see and play it. Maybe I'm totaly wrong so the best to do is just to try. If you have 3DS XL it seams easy to do. If you have 3DS, do it with caution (Otherwise you may do as I do and broke the camera connector...)
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,721
Trophies
2
XP
8,471
Country
Tuvalu
I belive, if you dump 4.5, update and buy the game, dump 6.2, downgrade to 4.5 it will work but I don't think the game will show in 4.5 and will have to flash 6.2 to see and play it. Maybe I'm totaly wrong so the best to do is just to try. If you have 3DS XL it seams easy to do. If you have 3DS, do it with caution (Otherwise you may do as I do and broke the camera connector...)
this sounds right, there must be something going on in the memory of the 3ds, not just the sd card. buying the game and going to a dump where the game was not bought, well, i guess the game will not be 'activated'.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Did you pee in the water