Hacking Failures regarding NAND Switching: Help?

[drfsupercenter]

So I thought I'd try and experiment with region changing a bit, and I don't understand what's going wrong here.

I now have both a US region 3DS XL and Japanese region 3DS LL, both on exploitable firmware. And they both have the same size NAND (I know there are two types)

First, I tried using rxTools - decrypted the partitions, then swapped contents and injected emuNAND partitions from the US system on my Japanese system. Tried to boot emuNAND, got blackscreened ("bricked")

Next, I took a sysNAND dump, generated a NAND FAT16 xorpad, copied both from both systems on my computer. Used 3DS FAT16 Tool to extract the partition from the NAND dump, xored both. xored the US decrypted FAT16 with Japanese xorpad, re-injected, used emuNAND Tool to inject.

Still bricked.

What I don't get is why it causes a brick. I thought the xorpad was the main difference between NANDs on different systems - otherwise it's just a folder with files in it. I would understand if the firm0/firm1 weren't compatible, but both systems are XLs so I can assume that isn't the case.

Any other ideas?

 

[cearp]

sure i got the same result when i tried this months ago, others too i am sure
there is more unique info than just the fat16 partition. there are a few partitions in nand that would need to be swapped.
i imagine if all were done properly it would work fine.

 

[drfsupercenter]

So how does one "do it properly"?

 

[cearp]

So how does one "do it properly"?

well just like i said, the ctr fat16 partition is not enough. we need to dump/extract/decrypt all the partitions, and at the moment i don't think that is possible
(we need something to generate xorpads for them all, once we have this publically then it would be just the same like you did)

 

[drfsupercenter]

Well, rxTools can decrypt firm0 and firm1 as well, and I thought ctrnand was the FAT16 folder?

Either way, I thought it decrypted it all.

 

[Psi-hate]

Well, SALT/KARL3DS has a huge ton of decryption options, so possibly we can use those when they release.

 

[innercy]

u sure u have injected secureinfo_a?
https://gbatemp.net/threads/release-3ds-nand-secureinfo-tool-for-region-change.383792/

 

[cearp]

u sure u have injected secureinfo_a?
https://gbatemp.net/threads/release-3ds-nand-secureinfo-tool-for-region-change.383792/

that is in the ctr nand partition, no need to do that if you would be swapping out the whole nand.

 

[gamesquest1]

not sure if this is what you need.....there could be more to it that im overlooking though

B. File Modification
1. Open your "movable.sed" file from the source system in you favored hex editor (such as "HxD").
2. Once open, you will want to remove the last 0x20 bytes from the file (actually shrinking the size of the file from 0x140 to 0x120).
3. At the beginning of the file, clear the 4 BYTES after the 'SEED' value (each byte should consist of two hex-based numbers, such as '00' or 'AF'; when clear, the value for that byte should show '00'/'.').

• For example, the beginning of your file after modification should show '53 45 45 44 00 00 00 00' or "SEED...."

4. Save changes to your "movable.sed" file and close it (Recommend saving in a new copy of the file in case any mistakes are made!).
Note: Thanks to motezazer for the instructions on this step! (This was the most important step of this process!)

 

[cearp]

not sure if this is what you need.....there could be more to it that im overlooking though

what is this supposed to do?

 

[drfsupercenter]

that is in the ctr nand partition, no need to do that if you would be swapping out the whole nand.

Yeah, exactly. movable.sed is also part of it.

I could try editing the movable.sed file I suppose, though.