Hacking [Question] Obtaining OTP

M

moopas

Well-Known Member
OP
Member
Level 3
Joined
Aug 7, 2010
Messages
111
Trophies
0
XP
243
Country
United States
Greetings.

As the title suggests, I have a question regarding the method of obtaining the OTP file.

I read through the tutorial several times, but am not personally savvy about coding, hex editing, etc. So while I have downgraded from 10.3 to 9.2, setup and unlinked emunand, setup coldboot into a cfw and everything, I have done so by following tutorials and asking questions. With that said, I apologize if my question here on this topic is glaringly clear and redundant

Question: In the OTP guide, everything seems straightforward and easy, but upon the step of running python to unbrick the 2.1 emunand, then restoring that unbricked nand to sysnand. My question is "why can't we just restore that unbricked nand to emunand?"

I have not obtained my OTP because I have everything running excellently, and have been and seen repeated warnings of easily bricked sysnands despite perfect attempts, so I am waiting for a safer method. Just wondering why nothing can be done to get the OTP from the unbricked nand if restored to emunand.

Followup question: Will there be a way to more safely obtain the OTP anytime soon via how I stated via a new method any time soon? Just curious.

Thanks for taking the time to read this, as well as any responses offered.
 
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,774
Trophies
2
Age
48
Location
Japan
XP
3,673
Country
United States
moopas said:
Ah, that does make a lot of sense. How hard would it be to make one? Would that be the safest and easiest way?
Click to expand...
It still wouldn't work. The Keys will have already been initialized and locked away before you got into 2.1 because you booted >4.0 first. Guess I should have stated that as the reason.
 
M

moopas

Well-Known Member
OP
Member
Level 3
Joined
Aug 7, 2010
Messages
111
Trophies
0
XP
243
Country
United States
urherenow said:
It still wouldn't work. The Keys will have already been initialized and locked away before you got into 2.1 because you booted >4.0 first. Guess I should have stated that as the reason.
Click to expand...

Ah, okay. I always thought booting emunand counted as a second boot, didn't realize that the system restraints of the initial sysnand boot were still there. That's what I meant by my question was probably redundant. So to clarify, even booting into any emunand, the sysnand used to initialize that emunand is what locks the OTP region?

Just out of curiosity then, may I ask what method would make it safer? (I'm not asking you to make it or if it is out)
 
dkabot

dkabot

Better With Others' Systems Than Their Own
Member
Level 5
Joined
Sep 9, 2014
Messages
1,042
Trophies
0
XP
626
Country
United States
moopas said:
Ah, okay. I always thought booting emunand counted as a second boot, didn't realize that the system restraints of the initial sysnand boot were still there. That's what I meant by my question was probably redundant. So to clarify, even booting into any emunand, the sysnand used to initialize that emunand is what locks the OTP region?

Just out of curiosity then, may I ask what method would make it safer? (I'm not asking you to make it or if it is out)
Click to expand...
It's pretty safe as-is. Sysupdater will tell you if the downgrade has errors, and the fix N3DS needs is done automatically by a script.
All I can think of is a CFW to boot 2.1 (to confirm it works, only) and maybe more checks on the script that patches N3DS encryption.
 
M

moopas

Well-Known Member
OP
Member
Level 3
Joined
Aug 7, 2010
Messages
111
Trophies
0
XP
243
Country
United States
dkabot said:
It's pretty safe as-is. Sysupdater will tell you if the downgrade has errors, and the fix N3DS needs is done automatically by a script.
All I can think of is a CFW to boot 2.1 (to confirm it works, only) and maybe more checks on the script that patches N3DS encryption.
Click to expand...

Very nice. I do have an N3DS, so as you said, it would still be fine.

From your experience, is getting the OTP worth the risk of messing with sysnand and all of the random bricks people are warning of? Or should I wait since I'm currently in a great spot with coldbooting cfw and emunand. (Decent 90% bootrate)
 
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,774
Trophies
2
Age
48
Location
Japan
XP
3,673
Country
United States
The only way to *really* make it safe is to keep a backup and do a hard mod. Either way, keep a backup. You can hard mod (or pay someone to do it for you) later if you mess something up. Only bricks I've heard of though are from idiots who tried installing a9lh that was compiled with someone else's OTP. OThers are just people that THOUGHT they had bricked because they didn't have an a9lh payload setup properly.

@Stecker8 just keep trying. If you try like 5 times in a row and it won't work, turn off your wifi, go into your browser settings, clear cache and delete cookies, then go to the web address again (nevermind that it yells at you because your wifi is off), then turn on your wifi and refresh the browser page. That should get it working.
 
Last edited by urherenow,
dkabot

dkabot

Better With Others' Systems Than Their Own
Member
Level 5
Joined
Sep 9, 2014
Messages
1,042
Trophies
0
XP
626
Country
United States
moopas said:
Very nice. I do have an N3DS, so as you said, it would still be fine.

From your experience, is getting the OTP worth the risk of messing with sysnand and all of the random bricks people are warning of? Or should I wait since I'm currently in a great spot with coldbooting cfw and emunand. (Decent 90% bootrate)
Click to expand...
In my experience, getting the OTP is the safe, tested, easy part.
Installing A9LH is where I clench and where something died for some reason.

That said, this is emerging stuff that's really just going places.
So far we have the option of CFW on SysNAND (can still use EmuNAND if you wish), basic Decrypt9 on boot (dump/restore only), some slight brick protection (once it's installed, you can always restore if FIRM0/1 are intact), faster boot, 100% boot rate and whatever comes in the future.

It's up to you whether it's worth atm as compared to Menuhax
 
Stecker8

Stecker8

Plug
Member
Level 5
Joined
Oct 9, 2015
Messages
526
Trophies
0
Age
32
Location
Here
Website
www.kernelhack10.3.com
XP
654
Country
urherenow said:
The only way to *really* make it safe is to keep a backup and do a hard mod. Either way, keep a backup. You can hard mod (or pay someone to do it for you) later if you mess something up. Only bricks I've heard of though are from idiots who tried installing a9lh that was compiled with someone else's OTP. OThers are just people that THOUGHT they had bricked because they didn't have an a9lh payload setup properly.

@Stecker8 just keep trying. If you try like 5 times in a row and it won't work, turn off your wifi, go into your browser settings, clear cache and delete cookies, then go to the web address again (nevermind that it yells at you because your wifi is off), then turn on your wifi and refresh the browser page. That should get it working.
Click to expand...
freeze :hateit:
 
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,774
Trophies
2
Age
48
Location
Japan
XP
3,673
Country
United States
Stecker8 said:
freeze :hateit:
Click to expand...
Using everything from the guide?

Section IV - Restoring the System
  1. Copy all files from New_3DS_Spider_[U/E/J]/Section_IV/Copy_To_SD_Card/ to your SD card. Replace any existing files.
  2. Delete any sysNAND or emuNAND .bin files from the root of your SD card.
  3. Copy sysNAND.bin and emuNAND.bin from New_3DS_Spider_[U/E/J]/Section_I/Backup/ to the root of your SD card.
  4. Rename sysNAND.bin to NAND.bin on your SD card.
  5. Reinsert your SD card and go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
  6. After Decrypt9 has loaded, follow the options on the main menu to restore your sysNAND and your emuNAND from NAND.bin and emuNAND.bin respectively.
  7. Shut down your 3DS and delete all files on the SD card using your computer. (Do not format.)
  8. Copy all files from New_3DS_Spider_[U/E/J]/Section_I/Backup/SD_Backup to your SD card.
  9. Reinsert the SD card and reboot!
EDIT:oops.. obviously from the o3ds guide, if that's what you're using :P

  1. Copy all files from Old_3DS_Spider_[U/E/J]/Section_IV/Copy_To_SD_Card/ to your SD card. Replace any existing files.
  2. Delete any sysNAND or emuNAND .bin files from the root of your SD card.
  3. Copy sysNAND.bin and emuNAND.bin from Old_3DS_Spider_[U/E/J]/Section_I/Backup/ to the root of your SD card.
  4. Rename sysNAND.bin to NAND.bin on your SD card.
  5. Reinsert your SD card and go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
  6. After Decrypt9 has loaded, follow the options on the main menu to restore your sysNAND and your emuNAND from NAND.bin and emuNAND.bin respectively.
  7. Shut down your 3DS and delete all files on the SD card using your computer. (Do not format.)
  8. Copy all files from Old_3DS_Spider_[U/E/J]/Section_I/Backup/SD_Backup to your SD card.
  9. Reinsert the SD card and reboot
 
Last edited by urherenow,
Stecker8

Stecker8

Plug
Member
Level 5
Joined
Oct 9, 2015
Messages
526
Trophies
0
Age
32
Location
Here
Website
www.kernelhack10.3.com
XP
654
Country
urherenow said:
Using everything from the guide?

Section IV - Restoring the System
  1. Copy all files from New_3DS_Spider_[U/E/J]/Section_IV/Copy_To_SD_Card/ to your SD card. Replace any existing files.
  2. Delete any sysNAND or emuNAND .bin files from the root of your SD card.
  3. Copy sysNAND.bin and emuNAND.bin from New_3DS_Spider_[U/E/J]/Section_I/Backup/ to the root of your SD card.
  4. Rename sysNAND.bin to NAND.bin on your SD card.
  5. Reinsert your SD card and go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
  6. After Decrypt9 has loaded, follow the options on the main menu to restore your sysNAND and your emuNAND from NAND.bin and emuNAND.bin respectively.
  7. Shut down your 3DS and delete all files on the SD card using your computer. (Do not format.)
  8. Copy all files from New_3DS_Spider_[U/E/J]/Section_I/Backup/SD_Backup to your SD card.
  9. Reinsert the SD card and reboot!
EDIT:oops.. obviously from the o3ds guide, if that's what you're using :P
Click to expand...
Yes and using this
Section III - Getting the OTP
  1. Copy all files from Old_3DS_Spider_[U/E/J]/Section_III/Copy_To_SD_Card/ to your SD card. Replace any existing files.
  2. Go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
  3. Wait for the flashes. You can power off after about ten seconds of flashing.
  4. Check for a file named a9f.bin on the SD card. If the exploit was successful then it should be 256 Bytes.
  5. Remove your SD card and copy a9f.bin to your computer.
  6. Rename a9f.bin to OTP.bin.
  7. Backup OTP.bin somewhere safe.
 
AnukWolf

AnukWolf

Well-Known Member
Member
Level 1
Joined
Oct 14, 2015
Messages
107
Trophies
0
Age
28
XP
109
Country
Gambia, The
When I did those steps the first time, I only saw one black flash and then it froze, is it the same for you?
The reason was, that I forgot the first step, aka copying everything from Section III to sd card. There should be a arm11.bin file on your sd root then.
I followed the n3ds spider guide and I didn't need to create an empty a9f.bin.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

Hardware  Why does my 3DS take so long to turn off?

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://www.tomshardware.com/pc-components/liquid-cooling/intel-and-exxonmobil-working-on-advance...