Hacking Official [Source Release] ReiNand CFW

[SomeGamer]

I´m not sure what I am doing wrong, i got ReiNand working with right firmware.bin and ReiNand 3.2 (no beta) on emuNand 10.5 one time, after that i try to boot into it but it stucks everytime on the splash screen. Any Idea?

Are you using autoboot?

 

[Psi-hate]

@Reisyukaku A few people and myself have gotten a9lh on our (n)3ds' and a thread came out just a moment ago with a explicit tutorial to dump otp so I'm sure a lot of people are going to be getting a9lh soon. We were wondering if you'd like to help us over at #cakey to help solve some problems such as arm11 or just help get a payload running successfully. Thanks!

 

[Aroth]

@Reisyukaku A few people and myself have gotten a9lh on our (n)3ds' and a thread came out just a moment ago with a explicit tutorial to dump otp so I'm sure a lot of people are going to be getting a9lh soon. We were wondering if you'd like to help us over at #cakey to help solve some problems such as arm11 or just help get a payload running successfully. Thanks!

You do realize the OTP is console unique and your specific dump can ONLY be used for arm9loaderhax on your console right?

Unless something changed to make getting to 3.0 or lower on a N3DS and then back to 9.2 a LOT easier and a lot less likely to brick the console, I highly doubt we will see a large number of people using arm9loaderhax any time soon.

--------------------- MERGED ---------------------------

While not required in a technical sense, a hardmod is strongly recommended.

For now, this guide is only theoretically possible without a hardmod. Quite a bit more testing will be needed before this is even relatively safe to use without one.

If you are going to attempt this without one (do not - random hard bricks can and will happen, sometimes to a fault not of your own), follow all instructions to the letter and hope you are incredibly lucky. If you try this without a hardmod, do not complain when you end up with a multiple hundred dollar paperweight.

Very first lines in the "tutorial", with emphasis added to the point people need to be most aware of.

So yeah this is nothing new. Someone was just kind enough to write up the process as simply as possible. The process itself is still not simple nor is it something the average user should be attempting to do.

 

[Reisyukaku]

@OctopusRift requested I make a video of reinand from coldboot, so yea, this demonstrates the speed of arm9loader hax lol.. i think it only takes 2 seconds longer than a normal sysnand boot.

 

[Rosselman]

@OctopusRift requested I make a video of reinand from coldboot, so yea, this demonstrates the speed of arm9loader hax lol.. i think it only takes 2 seconds longer than a normal sysnand boot.

Not to mention the sweet, sweet bootrate.

 

[Shadowtrance]

@OctopusRift requested I make a video of reinand from coldboot, so yea, this demonstrates the speed of arm9loader hax lol.. i think it only takes 2 seconds longer than a normal sysnand boot.

So when can we expect to see an a9lh compatible version for those of us that DO have a9lh setup now?

 

[Reisyukaku]

So when can we expect to see an a9lh compatible version for those of us that DO have a9lh setup now?

I just commited an update since i had to rewrite the start.s MPU settings. So if you compile that normally, it'll work on normal cakehax entry. To get it to run on a9lh, you need to comment out loadSplash in main.c because since you're running it before kernels are setup, LCD isnt initialized. So simply comment that out, compile, and you only need the code that would be at 0x12000 of the dat (because everything prior is rop stuffs). So i found the fastest way to get that is just go into the build folder and find main.bin and rename to arm9loaderhax.bin and put on root of SD. x3
I'll leave a build here in this post but just for future updates, comment out splash screen until i figure out how to run arm11 code before kernels lol.

 

[Apache Thunder]

Until an arm9 hook is added. Perhaps someone can make a simple CIA homebrew that swaps out alternate payloads then triggers a reboot. It would be usefull for switching to/from emunand.

 

[Shadowtrance]

I just commited an update since i had to rewrite the start.s MPU settings. So if you compile that normally, it'll work on normal cakehax entry. To get it to run on a9lh, you need to comment out loadSplash in main.c because since you're running it before kernels are setup, LCD isnt initialized. So simply comment that out, compile, and you only need the code that would be at 0x12000 of the dat (because everything prior is rop stuffs). So i found the fastest way to get that is just go into the build folder and find main.bin and rename to arm9loaderhax.bin and put on root of SD. x3
I'll leave a build here in this post but just for future updates, comment out splash screen until i figure out how to run arm11 code before kernels lol.

Cool. Now if only i could get manual injecting of a9lh on my 10.3 backup to work. haha Just tried, insta bootrom error on power up.

 

[Februarysn0w]

Sorry. I have noob technical question about use arm9loaderhax.bin
So...Just comment out "splash" and build latest commit successfully. but How can I load this loader like Reisyukaku's video?

Sorry for my noob question.

 

[Aroth]

Sorry. I have noob technical question about use arm9loaderhax.bin
So...Just comment out "splash" and build latest commit successfully. but How can I load this loader like Reisyukaku's video?

Sorry for my noob question.

you need to be able to use arm9loaderhax, which requires dumping the OTP register of the system you wish to use it on. Dumping this register requires downgrading the system to 2.x or lower, which is nearly impossible to do without a hard mod to dump the nand beforehand and restore it in the event of a brick. The process for downgrading a N3DS and then upgrading back to 9.2 is prone to random unexplainable and unexpected bricks. They happen even if you do EVERYTHING exactly right. This is why it is recommended that you have a hard mod and use it to dump the nand while still on 9.2 and then restore that nand after you dump the OTP register, rather than try to update back to 9.2.

 

[Februarysn0w]

you need to be able to use arm9loaderhax, which requires dumping the OTP register of the system you wish to use it on. Dumping this register requires downgrading the system to 2.x or lower, which is nearly impossible to do without a hard mod to dump the nand beforehand and restore it in the event of a brick. The process for downgrading a N3DS and then upgrading back to 9.2 is prone to random unexplainable and unexpected bricks. They happen even if you do EVERYTHING exactly right. This is why it is recommended that you have a hard mod and use it to dump the nand while still on 9.2 and then restore that nand after you dump the OTP register, rather than try to update back to 9.2.

oh....Thank you. fully understood.

 

[Shadowtrance]

n3ds process is fuuuuuuuuuuuuuuuuun to do! haha

 

[gameking66]

The OTP should be 256 bytes, yeah?

 

[ihaveahax]

The OTP should be 256 bytes, yeah?

yes, that's the size of two of my OTP dumps.

 

[gameking66]

yes, that's the size of two of my OTP dumps.

Sweet I guess one of mine is dumped. Got worried because the arm11.bin just continued flashing and I thought it was supposed to stop once it was done.

I'm not touching my girlfriend's 2DS since bricking the one I got her for valentines day would be pretty rude, but I'm tempted... O3DS' should be pretty safe using the softmod method alone since it doesn't have issues downgrading.

 

[Ninoh-FOX]

I make downgrade to sys 2.0.0-2EUR my n3ds, but not boot (only blue led on), then, How I can extract OTP in new? (I have hardmod, I am not crazy)

 

[ihaveahax]

I make downgrade to sys 2.0.0-2EUR me n3ds, but not boot (only blue led on), then, How I can extract OTP in new (I have hardmod, I am not crazy)

I think I read somewhere that the 2.0.0-2E pack is incomplete. you might want to restore a NAND dump.

 

[Ninoh-FOX]

I think I read somewhere that the 2.0.0-2E pack is incomplete. you might want to restore a NAND dump.

I think I have not explained, talk to extract the code of New 3DS, quiet, logically have backing nand.

 

[Psi-hate]

--------------------- MERGED ---------------------------



Very first lines in the "tutorial", with emphasis added to the point people need to be most aware of.

So yeah this is nothing new. Someone was just kind enough to write up the process as simply as possible. The process itself is still not simple nor is it something the average user should be attempting to do.

Eh, dumping the otp isn't hard on o3ds especially as I did it without a hardmod or guide. On N3DS I won't touch it without a hardmod so I'm sending it in soon.