Full Guide Release!

https://plailect.github.io/OTP/

All regions now supported!

If you appreciate this guide and the work I put into maintaining it, I accept donations through both Bitcoin and PayPal.

If you felt like the guide helped you out then I'd really appreciate it! If I get enough I may buy a 2DS for testing hardware stuff so I don't break another N3DS.

If the guide didn't help you out then I'm really sorry about that

 

[Aurora Wright]

You surely did a lot to ensure you were flashing the right things, I think it would be great if you make a tutorial describing your method and your security measures as well

After downgrade, dump EmuNAND's FIRM0 and FIRM1 with Decrypt9, and check that the first 0xDB000 bytes have a sha1 of A61412B6C3A7FA1A9F8E9F9945714270356506FF.
Then, when you decrypt ctr.bin, calculate the hash of the first 794.624.000 bytes.
Re-inject it with the 0x4 xorpad, and then re-extract it (with the 0x4 xorpad), and check if the hash is the same.
Where to do this varies in all the different hex editors ^^

 

[Plailect]

After downgrade, dump EmuNAND's FIRM0 and FIRM1 with Decrypt9, and check that the first 0xDB000 bytes have a sha1 of A61412B6C3A7FA1A9F8E9F9945714270356506FF.
Then, when you decrypt ctr.bin, calculate the hash of the first 794.624.000 bytes.
Re-inject it with the 0x4 xorpad, and then re-extract it (with the 0x4 xorpad), and check if the hash is the same.
Where to do this varies in all the different hex editors ^^

Similar steps will be added in the future.

--------------------- MERGED ---------------------------

Thanks, restoring a backup now. File needs to be called NAND.bin just so everyone knows.



Not sure if we can, I just dumped it three times to make sure it was exactly the same each time. It was. Btw, don't you mean a9f.bin?

Cubic ninja makes OTP.bin, the browser makes a9f.bin

 

[dark_samus3]

Thanks, restoring a backup now. File needs to be called NAND.bin just so everyone knows.



Not sure if we can, I just dumped it three times to make sure it was exactly the same each time. It was. Btw, don't you mean a9f.bin?

not if he's using cubic ninja

 

[Audioboxer]

After downgrade, dump EmuNAND's FIRM0 and FIRM1 with Decrypt9, and check that the first 0xDB000 bytes have a sha1 of A61412B6C3A7FA1A9F8E9F9945714270356506FF.
Then, when you decrypt ctr.bin, calculate the hash of the first 794.624.000 bytes.
Re-inject it with the 0x4 xorpad, and then re-extract it (with the 0x4 xorpad), and check if the hash is the same.
Where to do this varies in all the different hex editors ^^
Browser payload is stable and many people had it working fine, but it's still private for now (it will be released soon).

@Plailect released it on the last page. I'm currently restoring my 9.2 NAND.

 

[Xenon Hacks]

Good news my OTP dump hashes match so I have it now. The big question though is what do I do with it?

 

[dark_samus3]

Good news my OTP dump hashes match so I have it now. The big question though is what do I do with it?

use it to compile the a9lh installer ofc

 

[mashers]

use it to compile the a9lh installer ofc

Is there a tutorial on how to do this?

 

[Audioboxer]

I'm back on 9.2. *phew*

Thanks everyone involved.

 

[dark_samus3]

Is there a tutorial on how to do this?

1. Stick a few files in the data_input directory
2. run make
3. ???
4. profit

 

[Xenon Hacks]

1. Stick a few files in the data_input directory
2. run make
3. ???
4. profit

Yup i'll just wait for clearer steps I dont even have a dev environment setup

 

[mashers]

1. Stick a few files in the data_input directory
2. run make
3. ???
4. profit

Where does the data_input directory come from? I.e. where is the archive or repo? And what files go in there, and what do you do with it once it's built?

 

[Xenon Hacks]

Where does the data_input directory come from? I.e. where is the archive or repo? And what files go in there, and what do you do with it once it's built?

Now your asking to get spoonfed but dont worry im just as clueless im surprised these people have this amount of patience with us seeing as we are intruding on their super secret hacker turf.

 

[dark_samus3]

Where does the data_input directory come from? I.e. where is the archive or repo? And what files go in there, and what do you do with it once it's built?

https://github.com/delebile/arm9loaderhax

 

[Plailect]

1. Stick a few files in the data_input directory
2. run make
3. ???
4. profit

Unless you're on Linux. The compile is broken for you on Linux. :/

 

[mashers]

Now your asking to get spoonfed but dont worry im just as clueless im surprised these people have this amount of patience with us seeing as we are intruding on their super secret hacker turf.

I don't expect to be spoon fed, but a GitHub link would be helpful

Edit - it got posted while I was writing

 

[Xenon Hacks]

I don't expect to be spoon fed, but a GitHub link would be helpful

I had the link for ar9lh but as far as im concerned it's gibberish to me.

 

[dark_samus3]

Unless you're on Linux. The compile is broken for you on Linux. :/

Yes, I'm working on fixing the colossal mess that is arm9loaderhax installer

 

[mashers]

I had the link for ar9lh but as far as im concerned it's gibberish to me.

Just had a look at the readme. Looks fairly straightforward. I think you just put new3ds10.firm, new3ds90.firm, secret_sector.bin and the otp.bin, run make, and that generates the installer 3dsx. What the installer installs and what you do next isn't clear to me from the readme.

 

[Audioboxer]

Don't worry guys, none of you are as stupid as me. I have no idea what to do now that I have my OTP. Trying to figure out arm9loaderhax.bin and Rei.

It's probably a miracle I just downgraded, got OTP and then managed to get back to 9.2 without a hard mod

 

[dark_samus3]

Just had a look at the readme. Looks fairly straightforward. I think you just put new3ds10.firm, new3ds90.firm, secret_sector.bin and the otp.bin, run make, and that generates the installer 3dsx. What the installer installs and what you do next isn't clear to me from the readme.

Installer just injects everything into NAND... you get the .3dsx and just run that from *hax on a <9.3 system

EDIT: keep in mind the installer fails to work when compiled in linux, and will also probably fail when compiled from a Mac