Homebrew ARM9Loader -- Technical Details and Discussion

[RednaxelaNnamtra]

Works great this version. Splash screen works great with rei mod. I noticed on debug text it says splash not found. So is there a pre cfw launch splash too. What name should it be if there is.

It was a feature the original bootctr had, I think mostly for the delay, but like I said, I have a feature planed, which makes it a bit more usefull.

--------------------- MERGED ---------------------------

Works great this version. Splash screen works great with rei mod. I noticed on debug text it says splash not found. So is there a pre cfw launch splash too. What name should it be if there is.

You could add reinands splash to bootctr9s config, but I will add some more configurations, especially for the debug output.

 

[SirByte]

CFG_SYSPROT9 is used to protect the bootloader on all versions, but it also protects the OTP after v2.1.0

If we can assume that the bootloader on early 3DS models is the same as on one of the last o3DS XL, at what point is it set what CFG_SYSPROT9 protects? I thought that was done in hardware. If I look at 3DBrew, there are only 2 bits relevant. Bit 0 protects the bootloader, and bit 1 "is used by NATIVE_FIRM to make sure console-unique TWL AES-keys are only set at hard-boot." That's where my confusion comes from. So the bootloader itself must set b0 before passing control to A9L.

 

[Mrrraou]

If we can assume that the bootloader on early 3DS models is the same as on one of the last o3DS XL, at what point is it set what CFG_SYSPROT9 protects? I thought that was done in hardware. If I look at 3DBrew, there are only 2 bits relevant. Bit 0 protects the bootloader, and bit 1 "is used by NATIVE_FIRM to make sure console-unique TWL AES-keys are only set at hard-boot." That's where my confusion comes from. So the bootloader itself must set b0 before passing control to A9L.

The bootROM was never changed (it's the same on N3DS too), and locks itself by writing to CFG_SYSPROT9. If one of these bits is set to 1, then it can't be put back to 0 anymore.
A9L locks OTP, too. You can't dump your OTP from A9LH.

 

[Teoz Benny]

To use this bootloader do I have to recompile arm9loaderhax? Sorry if its a silly question

--------------------- MERGED ---------------------------

Just I downloaded the bootloader above and in the zip is arm9loaderhax.bin and says put it on root of my sd, but my arm9loaderhax.bin is there at the moment and the new one wont contain my otp right?

--------------------- MERGED ---------------------------

So much changes each day lol i havent been on for a day or 2 and just saw the bootloader and it would be handy so hence my question

 

[Mrrraou]

To use this bootloader do I have to recompile arm9loaderhax? Sorry if its a silly question

--------------------- MERGED ---------------------------

Just I downloaded the bootloader above and in the zip is arm9loaderhax.bin and says put it on root of my sd, but my arm9loaderhax.bin is there at the moment and the new one wont contain my otp right?

--------------------- MERGED ---------------------------

So much changes each day lol i havent been on for a day or 2 and just saw the bootloader and it would be handy so hence my question

um... arm9loaderhax.bin on your SD card doesn't contain your OTP... it has nothing to do with your OTP...

 

[Lumince]

Ok so i have a question(might be stupid). I used tiny format to format my emunand and now my nands are linked again Am i able to just format the sysnand and take out my sd card to unlink them?
Edit- im following this guide https://github.com/Plailect/OTP/blob/master/New_3DS_Spider.md

 

[Sachi]

Maybe I will add a generell disable function, but I will try to add a feature, which allows you to select the payload you want to run, while showing the splashscreen. this should work in this way:
While booting it will wait for an input some s/ms(it will be configurable) and if you press a button it will load the splash of the selected application and reset the counter. If you press an other key, with payload configuration, it will change the shown splash screen and again reset the timer. This should allow people to easy correct a wrong pressed button.
I will make it configurable too, so nobody will be forced to use this feature. But first I will clean up the source code a bit more and will try to let the source be more in sync with the normal bootctr source, so maybe fixes to bootctr will be added faster to bootctr9.

I would suggest resetting the timer at the very end of the splash screen by default unless the button is held at the end the splash screen too. For example, if I accidentally boot Decrypt9 when trying to boot default, with your method, there would leave no option to change the boot path the emuNand. With an additional check at the end of the splash screen, if I accidentally hit the Decrypt9 key, I could simply let go of the key during the splash screen. If instead I wanted the boot sysNand, letting go of the Decrypt9 key would not immediately send you to the emuNand path before being able to input the sysNand key since the timer only double checks the input at the end of the splas screen.

 

[LombaxTheGreat]

Ok so i have a question(might be stupid). I used tiny format to format my emunand and now my nands are linked again Am i able to just format the sysnand and take out my sd card to unlink them?

Just tiny format emuNAND a second time. I had the same issue when downgrading for my OTP and that is what I did.

 

[FenrirWolf]

My nands were linked again too but I did the downgrade anyway and it didn't really matter. Once the process was done I flashed everything back to normal anyway.

 

[Teoz Benny]

Thanks for the reply. Yeah I already realised I asked a dumb question hehe. Ive got it working so thank you.

 

[Lumince]

Just tiny format emuNAND a second time. I had the same issue when downgrading for my OTP and that is what I did.

Sooooooo im trying to install tinyformat.cia and its acting like i dont have sigs patched?

My nands were linked again too but I did the downgrade anyway and it didn't really matter. Once the process was done I flashed everything back to normal anyway.

So if i downgrade my emunand while its linked to my sysnand it wont brick?

 

[FenrirWolf]

I think you can just run tinyformat from the homebrew launcher.

You will need to get some form of CIA installation on the emunand afterwards though. I had to inject FBI into the H&S app.

 

[Lumince]

I think you can just run tinyformat from the homebrew launcher.

You will need to get some form of CIA installation on the emunand afterwards though. I had to inject FBI into the H&S app.

I said screw it and ran mini pasta and installed it and then moved to emunand xD.

 

[LombaxTheGreat]

I said screw it and ran mini pasta and installed it and then moved to emunand xD.

I have FBI injected in H&S on sys and emuNAND so I just installed the CIAs. H&S is pointless. It's like the T&S of apple, I just click accept and don't read it.

My nands were linked again too but I did the downgrade anyway and it didn't really matter. Once the process was done I flashed everything back to normal anyway.

That's a bold move my fellow enthusiast. I had to run tinyformat so many times to make sure things were not linked. It's nice that you got away with linked nands though.

 

[Lumince]

I ran fbi in the HBL and it fails to install... im in emunand and my nands are now unlinked so i must have done something wrong.

 

[LombaxTheGreat]

I ran fbi in the HBL and it fails to install... im in emunand and my nands are now unlinked so i must have done something wrong.

Did you rebuild the databases?(dbs folder with import.db and title.db) I suggest just injecting FBI into the H&S.

 

[Lumince]

Did you rebuild the databases?(dbs folder with import.db and title.db) I suggest just injecting FBI into the H&S.

dahhhhhh nope. I completely forgot about that

 

[FenrirWolf]

That's a bold move my fellow enthusiast. I had to run tinyformat so many times to make sure things were not linked. It's nice that you got away with linked nands though.

By the time you actually get around to doing the downgrade, emunand gets bricked and then you unbrick the emunand backup and flash it to sysnand. So there's never a time where you can actively boot the console with mismatched firmware versions.

 

[Teoz Benny]

Im a bit confused with this bootloader :o. Ive put the files on root of my sd and it bòots the bootloader but it just exits and restarts after about 5 seconds witj lots of text flashing so fast i cant see the end of it? Same if I hold R

--------------------- MERGED ---------------------------

I would like it so i have the normal aureinand button options and this bootloader say on the A button. Like L boots sysnand with sig check. R normal sysnand and no button my emunand and then A button for this bootloader.

 

[Aroth]

ok I managed to get it working on my O3DS, but at this point I am thoroughly confused by the multiple forks/builds of the arm9loader stuff floating around. I coulda swore someone mentioned somehwere that we can load decrypt9 through this already but I sure as hell can't find it. Someone else was talking about versions with the screen being initialized and allowing splash screens?