Just make sure: This hardware hack is not fixable for nintendo, is it? So this means there is no way for nintendo to stop emuNAND for newer firmwares (at least their "we-just-add-new-keys"-method won't work anymore in the future)?
- Status
only chance would be if there is some major flaw in bootrom, or as motezazer said, if the private signing key is leaked
well as im not in any way an expert in this stuff, assuming it does all it sounds to do it wouldn't really be fixable except AP checks etc built into the FW/Games
Well looks like KARL3DS has beat GW to N3DS emunand support again. (Though not released.) KARL3DS has found tons of new ways to optimize the 3DS. Still can't wait for this!
Yes, KARL will be released soon...
- Joined
- Oct 7, 2007
- Messages
- 4,446
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,822
- Country
Long story short, someone like Gateway only has to do a hardware mod to a n3DS and thus they will always win the cat and mouse game of updating when keys are changed. They can just allow their modified n3DS to update to latest firmware and use the bootrom flaw to dump the new keys. (Assuming it's also NAND modded, they can flash back to a exploitable firmware when done if it's also their test unit) That's from what I understand. For the rest of us, this flaw isn't of much use because it requires hardware modification to execute.
I suppose some kind of mod chip could get released from this for people who want to dump their console unique key. But I can't immediately think of any use that would have.
EDIT:
Well one use is for those stuck on newer firmwares. One could exploit this flaw to get access to console unique keys, then take a decrypted image of older firmware and encrypt it to the console using that key.
Downgrade via special modchip anyone? I can see a market for that.
This pretty much means the entire 3DS ecosystem as it is now is flawed and can't be fixed. Even if Nintendo releases a hardware revision that fixes the bootrom flaw, there will always be a lot of exploitable consoles and once Gateway gets their hands on this, it's game over. The n3DS just came out, so it's out of the question that Nintendo could release another significant hardware revision that would use an encryption scheme not compatible with the last generation (like a n3DSi or something else crazy like that).
I suppose some kind of mod chip could get released from this for people who want to dump their console unique key. But I can't immediately think of any use that would have.
EDIT:
Well one use is for those stuck on newer firmwares. One could exploit this flaw to get access to console unique keys, then take a decrypted image of older firmware and encrypt it to the console using that key.
Downgrade via special modchip anyone? I can see a market for that.
This pretty much means the entire 3DS ecosystem as it is now is flawed and can't be fixed. Even if Nintendo releases a hardware revision that fixes the bootrom flaw, there will always be a lot of exploitable consoles and once Gateway gets their hands on this, it's game over. The n3DS just came out, so it's out of the question that Nintendo could release another significant hardware revision that would use an encryption scheme not compatible with the last generation (like a n3DSi or something else crazy like that).
Long story short, someone like Gateway only has to do a hardware mod to a n3DS and thus they will always win the cat and mouse game of updating when keys are changed. They can just allow their modified n3DS to update to latest firmware and use the bootrom flaw to dump the new keys. (Assuming it's also NAND modded, they can flash back to a exploitable firmware when done if it's also their test unit) That's from what I understand. For the rest of us, this flaw isn't of much use because it requires hardware modification to execute.
I suppose some kind of mod chip could get released from this for people who want to dump their console unique key. But I can't immediately think of any use that would have.
EDIT:
Well one use is for those stuck on newer firmwares. One could exploit this flaw to get access to console unique keys, then take a decrypted image of older firmware and encrypt it to the console using that key.
Downgrade via special modchip anyone? I can see a market for that.
This pretty much means the entire 3DS ecosystem as it is now is flawed and can't be fixed. Even if Nintendo releases a hardware revision that fixes the bootrom flaw, there will always be a lot of exploitable consoles and once Gateway gets their hands on this, it's game over. The n3DS just came out, so it's out of the question that Nintendo could release another significant hardware revision that would use an encryption scheme not compatible with the last generation (like a n3DSi or something else crazy like that).
I think you forgot a little thing...
You need an ARM9 exploit before to inject your payload.
- Joined
- Oct 7, 2007
- Messages
- 4,446
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,822
- Country
I assumed the payload was injected via ram mod? Why does one need a Arm9 exploit if the fault injection is done via a hardware mod? I guess that just rules out people on 9.5+ consoles downgrading.
Though firmlaunchhax still works on 9.4. One could still downgrade quite a few n3DSes out on the market now.
Yes, and you have a magic ARM11 kernel exploit to make firmlaunchhax working on 9.4...
The fault injection is done via a hardware mod, but the payload is not magically in ARM9 internal memory : you must copy it prior your hard reboot with an ARM9 exploit.
PS : the hard mod to inject a fault is not a RAM mod...
EDIT : It's not possible to do a RAM mod to a CPU's internal memory.
)
Well looks like KARL3DS has beat GW to N3DS emunand support again. (Though not released.) KARL3DS has found tons of new ways to optimize the 3DS. Still can't wait for this!
Am I the only one to have see the WulfyStylez post about abandoning the release of Karl3ds ?
I have not seen her in the thread for a long time...
Dazzozo, shinyquagsire23, WulfyStylez, Relys, StapleButter. Nobody has a word to says on what WulfyStylez said about the release ?
Anyway that new exploit is a great news, thanks for your works and your help for the 3DS scene
I think these N3DS-only 9.6 titles were decrypted by using HW NAND swap on softreboot (because no key clear). This is different flaw from bootrom fault glitch.
If you want, I know that the bootrom was dumped (it was indicated on 3dbrew). Happy?
Anyway, whenever you disable the NAND, it freezes, so NAND swap is impossible...
I would like to believe that this is still to be released. Karl is several steps above GW and RXTOOLS in terms of features and knowledge. There's so much that they can't throw away.Am I the only one to have see the WulfyStylez post about abandoning the release of Karl3ds ?
I have not seen her in the thread for a long time...
Dazzozo, shinyquagsire23, WulfyStylez, Relys, StapleButter. Nobody has a word to says on what WulfyStylez said about the release ?
Anyway that new exploit is a great news, thanks for your works and your help for the 3DS scene
1. My friend, 3dbrew says:
If bootrom was dumped, they would know exactly when ARM9 memory get initialized -> this means bootrom is not dumped?
2. I not talking about disable NAND, I talking 2 physical NAND which can be switched by HW mod. Maybe there are other ways to do it, but this is my simple idea
- Status
Similar threads
-
- Portal
-
- Portal
-
-
-
-
-
-
-
@
Psionic Roshambo:
Broken condoms lead to broken hearts, won't someone think of the children!!! Lol+2 -
-
-
-
-
-
-
-
-
@
Xdqwerty:
@SylverReZ, @Psionic Roshambo something like each group of 3 does the exam (dunno how to explain it)+1 -
-
-
-
@
Xdqwerty:
@Psionic Roshambo, More or less those activities where two or more people do a exam instead of 1 (I still don't know how to explain)
-
-
-
-
-
I was gonna say that. lol
