Full Guide Release!

https://plailect.github.io/OTP/

All regions now supported!

If you appreciate this guide and the work I put into maintaining it, I accept donations through both Bitcoin and PayPal.

If you felt like the guide helped you out then I'd really appreciate it! If I get enough I may buy a 2DS for testing hardware stuff so I don't break another N3DS.

If the guide didn't help you out then I'm really sorry about that

 

[Mrrraou]

It'll be much safer and more automated to avoid user error.

--------------------- MERGED ---------------------------


When it's done

I guess that the process could be done on Kernel9 like this (remove useless steps for O3DS/2DS):

1. Make sure WiFi is enabled
   
2. Dumping NAND (2 files: originalNAND, 2.1NAND)
   
3. Extracting CTRNAND
   
4. Generating 0x4 and 0x5 CTRNAND xorpads and FIRM0+FIRM1 xorpads
5. Decrypting CTRNAND with 0x5 xorpad
   
6. Installing CIAs to the CTRNAND, installing the older FIRMs
7. Injecting browser configuration and default page into CTRNAND
   
8. Encrypting CTRNAND with 0x4 xorpad into 2.1NAND
   
9. Patching the NCSD header of 2.1NAND
   
10. Reinjecting into 2.1NAND
11. Preparing Spider 2.1 payloads on the SD
    
12. Flashing NAND with 2.1NAND
    
13. Rebooting
14. User launches Spider 2.1 => Exploiting + RSA_VERIFY => dumping OTP + flashing back originalNAND
15. Done

 

[Plailect]

I guess that the process could be done on Kernel9 like this (remove useless steps for O3DS/2DS):

1. Make sure WiFi is enabled
   
2. Dumping NAND (2 files: originalNAND, 2.1NAND)
   
3. Extracting CTRNAND
   
4. Generating 0x4 and 0x5 CTRNAND xorpads and FIRM0+FIRM1 xorpads
5. Decrypting CTRNAND with 0x5 xorpad
   
6. Installing CIAs to the CTRNAND, installing the older FIRMs
7. Injecting browser configuration and default page into CTRNAND
   
8. Encrypting CTRNAND with 0x4 xorpad into 2.1NAND
   
9. Patching the NCSD header of 2.1NAND
   
10. Reinjecting into 2.1NAND
11. Preparing Spider 2.1 payloads on the SD
    
12. Flashing NAND with 2.1NAND
    
13. Rebooting
14. User launches Spider 2.1 => Exploiting + RSA_VERIFY => dumping OTP + flashing back originalNAND
15. Done

That'd be possible but way more work to put together than I could do in just a couple days. It's a cool idea though.

 

[Svaethier]

I guess that the process could be done on Kernel9 like this (remove useless steps for O3DS/2DS):

1. Make sure WiFi is enabled
   
2. Dumping NAND (2 files: originalNAND, 2.1NAND)
   
3. Extracting CTRNAND
   
4. Generating 0x4 and 0x5 CTRNAND xorpads and FIRM0+FIRM1 xorpads
5. Decrypting CTRNAND with 0x5 xorpad
   
6. Installing CIAs to the CTRNAND, installing the older FIRMs
7. Injecting browser configuration and default page into CTRNAND
   
8. Encrypting CTRNAND with 0x4 xorpad into 2.1NAND
   
9. Patching the NCSD header of 2.1NAND
   
10. Reinjecting into 2.1NAND
11. Preparing Spider 2.1 payloads on the SD
    
12. Flashing NAND with 2.1NAND
    
13. Rebooting
14. User launches Spider 2.1 => Exploiting + RSA_VERIFY => dumping OTP + flashing back originalNAND
15. Done

Those steps are too hard for someone who doesn't know jack about hex editing and stuff like that :/ better to wait for the safer guide for people like me.

 

[Mrrraou]

That'd be possible but way more work to put together than I could do in just a couple days. It's a cool idea though.

This would allow to do all the process only on the 3DS, without removing the SD card, and without the need of emuNAND setup.

--------------------- MERGED ---------------------------

Those steps are too hard for someone who doesn't know jack about hex editing and stuff like that :/ better to wait for the safer guide for people like me.

I guess that the process could be done on Kernel9

which means, using some Brahma payload

 

[Plailect]

This would allow to do all the process only on the 3DS, without removing the SD card, and without the need of emuNAND setup.

Good luck writing it though. It's possible with quite a bit of work, but I'll leave that to someone else if the released steps still aren't easy enough.

 

[yacepi15]

Is this English?

My signature says it: "Sorry for my trash of english".
I tried to say i will wait for anything more safe.

 

[Mrrraou]

Good luck writing it though. It's possible with quite a bit of work, but I'll leave that to someone else if the released steps still aren't easy enough.

Well, it seems it's not enough, because it's apparently too hard for some people to read the tutorial... However, nice job with your tutorial.

--------------------- MERGED ---------------------------

My signature says it: "Sorry for my trash of english".

Which doesn't mean anything either...

 

[Svaethier]

Well, it seems it's not enough, because it's apparently too hard for some people to read the tutorial... However, nice job with your tutorial.

--------------------- MERGED ---------------------------


Which doesn't mean anything either...

Well with more details on what programs you use,what you press to generate the xorpads and steps such as that making your guide noob proof would help with people not bricking their systems.

 

[runetoonxx2]

doin this takes soo god dam long

--------------------- MERGED ---------------------------

help with otp for a sec
im using sysupdater and i get an error failed to get cia info 0xD900182f

 

[Audioboxer]

Guys don't be chickens and give the devs extra work, use the current method, it's fun!

 

[runetoonxx2]

halp me plz

 

[mashers]

doin this takes soo god dam long

--------------------- MERGED ---------------------------

help with otp for a sec
im using sysupdater and i get an error failed to get cia info 0xD900182f

Install the sysupdater CIA and use that instead of the 3dsx.

 

[Svaethier]

Guys don't be chickens and give the devs extra work, use the current method, it's fun!

Yea fun way to potentially brick your device.

halp me plz

Make sure you're using the right firmware files and that they are not corrupt.

 

[Audioboxer]

Yea fun way to potentially brick your device.


Make sure you're using the right firmware files and that they are not corrupt.

I was jesting in sorts However I will say the current brick rate from downgrading seems to be really low (yes I know that doesn't take away the risk and/or dev horror stories). I know this poll doesn't have a lot of answers, but not one person has said downgrading to 2.1 bricked them yet - https://gbatemp.net/threads/did-the-2-1-downgrade-for-otp-work-for-you.415309/

 

[runetoonxx2]

Yea fun way to potentially brick your device.


Make sure you're using the right firmware files and that they are not corrupt.

i am i downloaded the files straight from the guide >.>

--------------------- MERGED ---------------------------

im just gunna use the older sysupdater that downgraded me to 9.2

 

[Mrrraou]

Well with more details on what programs you use,what you press to generate the xorpads and steps such as that making your guide noob proof would help with people not bricking their systems.

The steps I gave were for an automatic implementation of this into a 3DS homebrew.

 

[Audioboxer]

Runetoon are you doing sysupdater via CIA? Doing it through HBL won't work (even if the guide still says so). Has to be installed as a CIA to work.

 

[runetoonxx2]

Runetoon are you doing sysupdater via CIA? Doing it through HBL won't work (even if the guide still says so). Has to be installed as a CIA to work.

ohh now i gotta inject it into health and safety :l

 

[Audioboxer]

ohh now i gotta inject it into health and safety :l

Yeah :/ Or redo cloning process.

 

[runetoonxx2]

ill redo the cloning

 

[Svaethier]

The steps I gave were for an automatic implementation of this into a 3DS homebrew.

Ah,makes more sense then. So essentially you could just use a few programs to do this for you without having to do much manual work?