The "Clarification Thread - What is going on?" thread which describes all the recent findings specifically says that none of them allow greater than 9.5 EmuNAND on N3DS. Yet now we have Gateway providing it, and since other firmwares have it in progress this isn't something special that only Gateway has. Was there some additional exploit, on top of all the ones described in that thread, which allows N3DS EmuNAND? (And is this something that Nintendo could easily block for future firmwares just like they blocked greater than 9.5, or is it something that we'll probably still be able to have in the future, like EmuNAND on old 3DS?)
D
Deleted User
Guest
The exploit was likely used to find the keys using the provided algorithm that was demoed at the talk smea and company held. Nintendo can't block it again without a new hardware revision.
- Joined
- Jun 24, 2007
- Messages
- 12,003
- Trophies
- 3
- Location
- In the Murderbox!
- Website
- www.twitch.tv
- XP
- 16,127
- Country
1. Gateway didn't make it possible, I'll say that tight now.
2. Someone found a way to acquire the keys used to achieve 9.6+ emunand.
There are at least two vulnerabilities that can be used to dump the N3DS keys, they're both detailed here http://3dbrew.org/wiki/3DS_System_Flaws ("Uncleared OTP hash keydata in console-unique 0x11 key-generation" and "CFG_SYSPROT9 bit1 not set by Kernel9"), and no there is nothing Nintendo can do to fix this for any current N3DS.
It's already been confirmed by devs that they obtained them by downgrading a new3DS (yes, I do mean new3DS) to firmware 2.0
Firmware 3.0 and lower didn't clear the keys, so they dumped the OTP registers which provided them with the keys they needed.
At least this is my understanding of things.
Source: various posts littered throughout the reiNAND thread.
Firmware 3.0 and lower didn't clear the keys, so they dumped the OTP registers which provided them with the keys they needed.
At least this is my understanding of things.
Source: various posts littered throughout the reiNAND thread.
I didn't understand jack shit of what you guys just said, but anyways...
wohoo emu 10.3! ⸜₍๑•⌔•๑ ₎⸝
wohoo emu 10.3! ⸜₍๑•⌔•๑ ₎⸝
BTW, if anyone wants to dump O3DS JPN OTP, he/she can buy a brand new New Love Plus O3DS exclusive pack (2.1.0-4J) for this, since nobody have done this thing before.
(For I know, O3DS USA/EUR OTP have already been dumped but JPN is not.)
(For I know, O3DS USA/EUR OTP have already been dumped but JPN is not.)
CFG_SYSPROT9 was unset before 3.0, 3.0 is the version which actually fixed the vulnerability. So the entire OTP can be dumped on any 3DS (including N3DS) at 2.x and below. There's also the fact that the SHA registers which hash OTP weren't cleared before K9L handed off to ARM9 kernel, so that makes two vulnerabilities. I executed k9lhax and exploited that one in May for my N3DS, so I personally find it easier to do this than to downgrade. It doesn't really matter which you get though, the OTP or the hash, because both give you the same result in terms of deriving keys.
Last edited by shinyquagsire23,
Similar threads
-
- Portal
-
-
-
@
K3Nv2:
I'm beefing with a neighbor currently each time I ask him for help with something he makes bs excuses then ignores my calls text but seems to randomly speak when I'm done with the project after doing things to help him -
@
RedColoredStars:
DiGiorno Crispy Pan Pizza tasted pretty dang close to Pizza hut pan pizza, but Im not sure if theyve been discontinued or not. Havent seen them locally for a couple of months now. -
-
-
-
-
-
@
RedColoredStars:
Never even seen a tiger crust pizza in any stores around here. Walmart, Cub, or otherwise.
-
-
-
@
RedColoredStars:
Last thing I told her is how much I love her, and that Im not leaving her there forever and I promise to come back and take her back home with me.
-
-
-
-
-
-
-
-
-
-
-
-
