Homebrew ARM9Loader -- Technical Details and Discussion

[FenrirWolf]

Is it required to update to 4.5 (or whatever fw) after otp dump, re-gaining *hax and updating to 9.2?
Wouldn't it be sufficient downgrading -> dump otp -> restore sysNAND with hardmod ?

Just asking because some guides are doing it the first way.

Of course it would be sufficient. The other method is for people who are attempting to do it without a hardmod.

 

[dark_samus3]

If you get your otp dumped, with it can you create a whole nand for your 3DS? I mean, does it store all the unique data every console has?

Well, you can't rebuild NAND but if you can get the OTP then you can unbrick... Basically get OTP, manually install a9lh and then if you have a good NAND backup we can just install that using an a9lh payload (I'm working on a NAND restorer for it) o3ds is much harder but probably still possible to do (since we can't bruteforce the OTP, we have to bruteforce the data it ends up using to jump to the payload which is going to take a LOT of tries) but unbricking both should easily be possible... A payload that gets the CTRNAND XORpad would be pretty useful too so I might add some button options for the payload

 

[AHP_person]

Is it required to update to 4.5 (or whatever fw) after otp dump, re-gaining *hax and updating to 9.2?
Wouldn't it be sufficient downgrading -> dump otp -> restore sysNAND with hardmod ?

Just asking because some guides are doing it the first way.

Restoring with a hardmod is totally fine.

EDIT: Ninja'd

 

[Plailect]

Restoring with a hardmod is totally fine.

EDIT: Ninja'd

How's that spider nand writer coming along? I'm getting mixed reports on success with card updates. (Only breaks the browser sometimes on n3ds?)

 

[AHP_person]

How's that spider nand writer coming along? I'm getting mixed reports on success with card updates. (Only breaks the browser sometimes on n3ds?)

@laramie is testing it atm.

 

[Plailect]

@laramie is testing it atm.

Great, let me know when it's stable and we can forgo the card requirement.

 

[FenrirWolf]

It'll be pretty cool once that works. Seems like after that, the downgrade process will be the only real risky part of the ordeal.

 

[daxtsu]

It'll be pretty cool once that works. Seems like after that, the downgrade process will be the only real risky part of the ordeal.

It'd be great if we saw a mod of Cakes or something that could boot 1.x/2.x, if one doesn't already exist. Then we could test our downgrade safely before flashing it to sysNAND.

 

[dubbz82]

Of course it would be sufficient. The other method is for people who are attempting to do it without a hardmod.

IMO, you'd have to be stark raving mad (or have enough money to fry on a new system that you really don't care about frying a 100+ dollar console) to even attempt this without a hardmod, especially this early on...

 

[FenrirWolf]

IMO, you'd have to be stark raving mad (or have enough money to fry on a new system that you really don't care about frying a 100+ dollar console) to even attempt this without a hardmod, especially this early on...

Which is why I'm just hanging around on the sidelines for now. No need to dive in headfirst until I see how many other people crack their heads first <_<

Though I might just end up trying it out on my O3DS XL that I no longer use for the sheer hell of it. (Smash 4 killed its circle pad and I upgraded to an N3DS anyway).

It'd be great if we saw a mod of Cakes or something that could boot 1.x/2.x, if one doesn't already exist. Then we could test our downgrade safely before flashing it to sysNAND.

Hmm. That seems like it would be a useful sort of thing to have. Wonder what it would take to make it work?

 

[dubbz82]

Which is why I'm just hanging around on the sidelines for now. No need to dive in headfirst until I see how many other people crack their heads first <_<

Though I might just end up trying it out on my O3DS XL that I no longer use for the sheer hell of it. (Smash 4 killed its circle pad and I upgraded to an N3DS anyway).

--------------------- MERGED ---------------------------


Hmm. That seems like it would be a useful sort of thing to have. Wonder what it would take to make it work?

I'll probably do it with my o3ds first, once there's actually a practical use for the keys other than just having them for the sake of having them, as I've got an n3ds now, so the o3ds is basically a throwaway system...that being said, I'm not crazy enough to test it until it's at least reasonably well tested, and any potential hangups that might have workarounds have been ironed out.

 

[daxtsu]

Hmm. That seems like it would be a useful sort of thing to have. Wonder what it would take to make it work?

I would guess it's as simple as finding/obtaining the firmware.bin for it, maybe from the 2.x NATIVE_FIRM CIA (just so we can be sure it matches the emuNAND, but I guess this might not be entirely necessary since FIRM doesn't always have to match; I'll let someone more knowledgeable speak on it) and then modifying the code to use the proper offsets, so emuNAND would boot (not to mention all the other crazy stuff you have to do on N3DS).

 

[mitroux]

what's the size of the a9f file? 256bytes(FF) ?

 

[FenrirWolf]

From what I've read, that should be the proper size.

 

[daxtsu]

what's the size of the a9f file? 256bytes(FF) ?

0x100/256 is correct. If you only have 0xFF you're missing one.

 

[mitroux]

0x100/256 is correct. If you only have 0xFF you're missing one.

no , i didn't get FF , i mean the size in a hexadecimal size when opened in a hexeditor

 

[Apache Thunder]

I'm going to start the super risky process of downgrading my o3DS XL to 2.x for OTP dump. I started from a factory reset 9.2 emunand (manually removed system save data and movable.sed) launched via CakesFW with survive reboots patch disabled. Then installed CIA version of latest sysupter and downgraded it to 2.x. It went off without a hitch. Though I did have to do it a second time since it errors out once it gets to the TWL titles. sysupdater doesn't handle isntalling TWL titles correctly so remove them from the updates folder prior to downgrading!

I did confirm that the FIRM partitions downgraded correctly. (compared them with FIRM extracted from native_firm cxi) I haven't attempted to boot it from sysnand yet. My nand mod isn't working right now and I need a way to get back to 9.2 after I get OTP. I do not have Cubic Ninja or an official game with a 4.x update. So I'll have to rely entirely on spiderhax to restore a nand backup once done.

So for now I've put the process on hold until a working spiderhax payload that restores a nand backup is available. As far as I can tell Gateway's launcher does not work on 2.x. Someone tested that for me and confirmed that gateway's llauncher won't load on a 2.x system.

 

[RednaxelaNnamtra]

What do you guys think about adding something between arm9loaderhax and the payload. I think about something like an updatable bootloader, that would be loaded to a different address, and create the brahma like setup. After we got something like screen initialisation working, it would be easier to update this binary, than reinstalling the full arm9loaderhax.
If we fix everthing firm needs to launch inside this bootloader, the cfws would not need to be modified to work with arm9loaderhax.

 

[FenrirWolf]

In other words, it would be something akin to CTRBootManager, except launched from a9lh instead of MenuHax?

 

[MassExplosion213]

What do you guys think about adding something between arm9loaderhax and the payload. I think about something like an updatable bootloader, that would be loaded to a different address, and create the brahma like setup. After we got something like screen initialisation working, it would be easier to update this binary, than reinstalling the full arm9loaderhax.
If we fix everthing firm needs to launch inside this bootloader, the cfws would not need to be modified to work with arm9loaderhax.

There is...look at stage0x5C000.