Hacking Emunand 9.6+ on N3DS

[Ailuros27]

I hate to keep creating new threads, but since the site's search feature won't let me search strings shorter than five characters I don't know what to do. Google never seems to give very relevant results even when limited to this domain.

My question is this: After Smealum's appearance at that hacking conference, I thought I remembered word going around that some of the info they revealed could theoretically be used to solve the problem of emunand only going up to 9.5 on the New 3DS? Was that info mistaken, and if not, then does anyone know if someone is confirmed to be working on that? I don't expect a release date or anything, but it would be nice to know the prospects of that happening, and if anyone is actively working on it.

 

[Quantumcat]

I hate to keep creating new threads, but since the site's search feature won't let me search strings shorter than five characters I don't know what to do. Google never seems to give very relevant results even when limited to this domain.

My question is this: After Smealum's appearance at that hacking conference, I thought I remembered word going around that some of the info they revealed could theoretically be used to solve the problem of emunand only going up to 9.5 on the New 3DS? Was that info mistaken, and if not, then does anyone know if someone is confirmed to be working on that? I don't expect a release date or anything, but it would be nice to know the prospects of that happening, and if anyone is actively working on it.

We will find out when Gateway release their promised update supporting 10.3. If their update actually supports 10.3 then it is likely the 9.6+ issue is solved. If they just provide a way to downgrade then it won't be solved. As far as I know nobody is working on it except possibly Gateway (they always keep their hand close to their chest so we never know what they're really doing until they release stuff).

 

[Tony_93]

We will find out when Gateway release their promised update supporting 10.3. If their update actually supports 10.3 then it is likely the 9.6+ issue is solved. If they just provide a way to downgrade then it won't be solved. As far as I know nobody is working on it except possibly Gateway (they always keep their hand close to their chest so we never know what they're really doing until they release stuff).

I don't know why, but I feel that their "10.3 support" is a downgrade method too.

I think I'll wait for their downgrade method if that's the case.

The one from 9.2 to 4.x was pretty reliable.

 

[Quantumcat]

I don't know why, but I feel that their "10.3 support" is a downgrade method too.

I think I'll wait for their downgrade method if that's the case.

The one from 9.2 to 4.x was pretty reliable.

Hopefully the same thing happens now that happened in 2014/15 - first was a downgrade method, then a month or so later the firmware you could downgrade from was actually supported without downgrade.

 

[Ailuros27]

But it is theoretically possible with the kind of kernel access memchunkhax2 has and the info from the conference, right?

 

[Tony_93]

Smea and the guys talked about how they did to get a common key using the wii u, get another from the 8.1J N3DS and brute force the key generator.

But they didn't share methods and tools used...

So, I think having someone replicating all that successfully from scratch again requires a godly knowledge the average people around here doesn't have...

 

[Ailuros27]

Oh. I thought they released that info. Or that I heard someone had knew of a way to get said keys if they sacrificed an N3DS.

 

[Deleted-236924]

But it is theoretically possible with the kind of kernel access memchunkhax2 has and the info from the conference, right?

memchunkhax2 gives you ARM11 but you also need ARM9 for full access.
GW may be able to get ARM9 by exploiting ntrcardhax.

 

[Ailuros27]

So there's not much hope of being able to play legit cartridges on a downgraded N3DS any time soon, then?

 

[fmhugo]

maybe
https://twitter.com/RxTools/status/683647459575349248

 

[Quantumcat]

Oh. I thought they released that info. Or that I heard someone had knew of a way to get said keys if they sacrificed an N3DS.

*pictures people in Pacific Islander clothing dancing around a marble slab with an N3DS tied to it, surrounded by tiki torches, with one guy wearing a big headdress holding a knife chanting to the gods to give him the Holy Knowledge of the Keys*

 

[Ailuros27]

*pictures people in Pacific Islander clothing dancing around a marble slab with an N3DS tied to it, surrounded by tiki torches, with one guy wearing a big headdress holding a knife chanting to the gods to give him the Holy Knowledge of the Keys*

Yes, like that.

 

[Xenon Hacks]

Smea and the guys talked about how they did to get a common key using the wii u, get another from the 8.1J N3DS and brute force the key generator.

But they didn't share methods and tools used...

So, I think having someone replicating all that successfully from scratch again requires a godly knowledge the average people around here doesn't have...

We will have 10.3 eventually http://gbatemp.net/threads/aes-key-scrambler.406951/

 

[Deleted User]

*pictures people in Pacific Islander clothing dancing around a marble slab with an N3DS tied to it, surrounded by tiki torches, with one guy wearing a big headdress holding a knife chanting to the gods to give him the Holy Knowledge of the Keys*

Not sure if bizarre ritual or sequel to Super Mario Sunshine....

 

[Ailuros27]

Thank you all. I've already downgraded my old 3DS and am using it to feel out how best to set things up when I finally downgrade my N3DS XL with all my stuff on it. Now I'll wait for KTM just to idiot proof things a bit more, and then downgrade. I can still play 9.6+ legit games on my O3DS' emunand, so I think I'll go for it once KTM is released.

 

[cvskid]

Aren't 9.6+ games firmware spoofed so you wouldn't need emunand past 9.5?

 

[Aroth]

I hate to keep creating new threads, but since the site's search feature won't let me search strings shorter than five characters I don't know what to do. Google never seems to give very relevant results even when limited to this domain.

My question is this: After Smealum's appearance at that hacking conference, I thought I remembered word going around that some of the info they revealed could theoretically be used to solve the problem of emunand only going up to 9.5 on the New 3DS? Was that info mistaken, and if not, then does anyone know if someone is confirmed to be working on that? I don't expect a release date or anything, but it would be nice to know the prospects of that happening, and if anyone is actively working on it.

But it is theoretically possible with the kind of kernel access memchunkhax2 has and the info from the conference, right?

No. Not gonna happen. Mch2 only gives arm11 access and by the time that arm11 is even initialized the keys have been cleared from the part of the memory we can access. In order to get the keys we need arm9, and likely access to it very early in the boot cycle as the keys are cleared almost as soon as arm9 is initialized.

So there's not much hope of being able to play legit cartridges on a downgraded N3DS any time soon, then?

Not without GW no.

--------------------- MERGED ---------------------------

Aren't 9.6+ games firmware spoofed so you wouldn't need emunand past 9.5?

They can be, but I think the person in question was talking about playing from the cart.

 

[Ailuros27]

What do you mean by "not without GW"? Do you mean the physical card, or them actually doing the grunt work?

 

[Deleted-236924]

They can be, but I think the person in question was talking about playing from the cart.

If your cfw uses a much higher native_firm with firmlaunch then it should work fine no?
Or can cfw somehow not firmlaunch a native_firm above 9.5?

I know that rxTools 3.0 supports N3DS as well as O3DS, and cdn_firm.py generates the same firmware.bin regardless of if you use an O3DS or an N3DS. At least it does on 9/28 nightly, I know with later nightlies they started changing the way firmware files worked and all.

Does 9/28 nightly work with N3DS or was N3DS support added much later when they changed the way firm worked?

Cause if the same firmware.bin can be used for firmlaunch on both O3DS and N3DS then it should allow you to run a game from a cartridge without it telling you it needs to update no?

 

[Aroth]

What do you mean by "not without GW"? Do you mean the physical card, or them actually doing the grunt work?

The physical cart. Part of what GW's software does is spoof the kernel version so that the check done by the exheader passes. Reinand and rxTools do not do this, which is why when you try to run a cia (or updated cia) that "requires" a firmware above 9.5 the game hangs on the 3DS logo. I am 99% sure the same would happen with a retail cart even if the CFW you use manages to patch the service call that decides whether to prompt to install the update on the cart.

--------------------- MERGED ---------------------------

If your cfw uses a much higher native_firm with firmlaunch then it should work fine no?
Or can cfw somehow not firmlaunch a native_firm above 9.5?

No one can launch the 9.6+ native_firm for the N3DS because we don't have the keys needed to decrypt it.