Homebrew ARM9Loader -- Technical Details and Discussion

[9thSage]

Edit:
On the arm9loaderhax github it says that an updater is in progress. Il wait for that unless someone can tell me how to manually update it.

Well...you could compile the code yourself (getting a .3dsx you could use to reinstall arm9loaderhax from a 9.2 NAND). It seems like it's much safer to wait though, you should probably just do that.

 

[Dennis G]

Well...you could compile the code yourself (getting a .3dsx you could use to reinstall arm9loaderhax from a 9.2 NAND). It seems like it's much safer to wait though, you should probably just do that.

I've done that today and it bricked my new 3ds xl, i'd stay away from it atm, i compiled the new version (that auto power's off when no sd is inserted) and had a running a9lh before and when i ran the 3dsx that i compiled along with my OTP, my 3ds never booted again since that i'm in the process off hard modding it atm but it looks bad

 

[9thSage]

I've done that today and it bricked my new 3ds xl, i'd stay away from it atm, i compiled the new version (that auto power's off when no sd is inserted) and had a running a9lh before and when i ran the 3dsx that i compiled along with my OTP, my 3ds never booted again since that i'm in the process off hard modding it atm but it looks bad

I've done that just fine, but like I said though, this updater is potentially a lot safer. If I'd known it was coming I probably would have waited. That seems like the smart thing to do.

 

[Aahz]

Probably not helpful but I did update my 2DS and a friend's n3DS with *.3dsx files compiled using dark_samus3's files after the latest press Home to load another payload addition = both went completely smoothly.

 

[DQScott95]

@dark_samus3 is the updater linked under the "How do I update?" section here: https://github.com/delebile/arm9loaderhaxfor the home button recovery update for stage_2? Or is it the old one for the screen_init?

 

[democracy]

Edit; I find it hard to believe that the dark samus loader failed on its own, there must be something else that contributed to the brick. Wish I understood it better. Now I have stagefright.

 

[Yudowat]

how do i update my arm9loaderhax with dark_samus's update where it turns off the system if no SD is inserted? i ran it from my 9.2 emunand and it went back to hblauncher quickly but i only took the 3dsx out of the output folder after making it and my ds stays on a blue light if no sd is inserted

 

[Supster131]

how do i update my arm9loaderhax with dark_samus's update where it turns off the system if no SD is inserted? i ran it from my 9.2 emunand and it went back to hblauncher quickly but i only took the 3dsx out of the output folder after making it and my ds stays on a blue light if no sd is inserted

That means you aren't using a 9.0 FIRM.

What CFW are you using?

If AuReiNAND, press L when booting, then it should work.

 

[4gionz]

Just a quick question hopefully someone can answer.

When the process gets more mature, even tho it's moving at a lightning pace, will arm9loaderhax.3dsx ever be able to just use otp.bin off the sd root? I know this was avoided at first to prevent bricks but that's why I'm saying later on once this is a bit more widely known.

Basically I just want to know if compiling will always be required or if it will ever be looked into doing it an alternative way like I mentioned.

Edit: I have no problem if it needs to be compiled forever, I was just being curious since I'm still waiting to install this while it matures and updates basically daily

 

[solsolis]

Just a quick question hopefully someone can answer.

When the process gets more mature, even tho it's moving at a lightning pace, will arm9loaderhax.3dsx ever be able to just use otp.bin off the sd root? I know this was avoided at first to prevent bricks but that's why I'm saying later on once this is a bit more widely known.

Basically I just want to know if compiling will always be required or if it will ever be looked into doing it an alternative way like I mentioned.

Edit: I have no problem if it needs to be compiled forever, I was just being curious since I'm still waiting to install this while it matures and updates basically daily

Secret sector creation using the OTP relies on crypto that not only doesn't exist for the 3DS, but may never actually exist. It has to calculate the hash of the OTP and then use that hash to encrypt the sector 0x96. I'm not really an expert on crypto, but i believe that the 3ds slightly underpowered to do that reliably.

 

[Apache Thunder]

Secret sector creation using the OTP relies on crypto that not only doesn't exist for the 3DS, but may never actually exist. It has to calculate the hash of the OTP and then use that hash to encrypt the sector 0x96. I'm not really an expert on crypto, but i believe that the 3ds slightly underpowered to do that reliably.

Arm9LoaderHax works on o3DS...This involves using secret sector on o3DS....This implies it can handle the crypto just fine otherwise Arm9LoaderHax wouldn't work very well on it....Your argument is invalid.

Nintendo just chose not to implement it for o3DS. Perhaps because it would be difficult to implement in a system update properly. N3DS came with that stuff preinstalled so they didn't have to try and implement it in a system update.

 

[solsolis]

Arm9LoaderHax works on o3DS...This involves using secret sector on o3DS....This implies it can handle the crypto just fine otherwise Arm9LoaderHax wouldn't work very well on it....Your argument is invalid.

Nintendo just chose not to implement it for o3DS. Perhaps because it would be difficult to implement in a system update properly. N3DS came with that stuff preinstalled.

But that's using the crytpography hardware correct?

Can we even use the crytpo hardware?

 

[Apache Thunder]

Yes. But it's the Arm9Loader section of FIRM that handles that. Secret Sector will work just fine if it's encrypted properly first (This is why you need OTP. Though on n3DS, you still need OTP to modify it correctly). It's Arm9Loader that implemented it and bootrom of both n3DS and o3DS are said to be the same. Arm9Loader ends up loading first instead of the normal o3DS FIRM. Arm9Loader is a container of sorts that acts as the gate keeper to the the rest of the FIRM. It's just a different way of loading FIRM and it works just fine on the o3DS provided you install the secret sector before hand. Which is probably why Nintendo hasn't tried to do it via a system update. It would be complicated to try and implement.

First off, it would take two or more system updates to do it safely. First update they have to update NATIVE_FIRM give arm9 new functions for writing to that region of NAND and verifying it. Then actually creating the secret sector. Since Arm9Loader isn't installed yet, having secret sector present at this stage has no impact on the system as it's not used.

Then the second update will update Native_Firm to the new Arm9Loader version of it and the FIRM partitions would be updated accordingly.

If they can't create secret sector in the same go in the first update, then they'd do it in a second update and move off the Arm9Loader install to the third update.

In theory that would work. but Nintendo seems reluctant to do it. Perhaps because it would be pointless because o3DS can be downgraded easily for OTP dump. Of coarse Nintendo didn't know how bad a mistake not locking OTP was when they first made the n3DS because with some tricks, even n3DS can be downgraded to 2.x and lower for OTP dumping. Thus rendering their new Arm9Loader security completely useless.

 

[solsolis]

Yes. But it's the Arm9Loader section of FIRM that handles that. Secret Sector will work just fine if it's encrypted properly first (This is why you need OTP. Though on n3DS, you still need OTP to modify it correctly). It's Arm9Loader that implemented it and bootrom of both n3DS and o3DS are said to be the same. Arm9Loader ends up loading first instead of the normal o3DS FIRM. Arm9Loader is a container of sorts that acts as the gate keeper to the the rest of the FIRM. It's just a different way of loading FIRM and it works just fine on the o3DS provided you install the secret sector before hand. Which is probably why Nintendo hasn't tried to do it via a system update. It would be complicated to try and implement.

First off, it would take two or more system updates to do it safely. First update they have to update NATIVE_FIRM give arm9 new functions for writing to that region of NAND and verifying it. Then actually creating the secret sector. Since Arm9Loader isn't installed yet, having secret sector present at this stage has no impact on the system as it's not used.

Then the second update will update Native_Firm to the new Arm9Loader version of it and the FIRM partitions would be updated accordingly.

If they can't create secret sector in the same go in the first update, then they'd do it in a second update and move off the Arm9Loader install to the third update.

In theory that would work. but Nintendo seems reluctant to do it. Perhaps because it would be pointless because o3DS can be downgraded easily for OTP dump. Of coarse Nintendo didn't know how bad a mistake not locking OTP was when they first made the n3DS because with some tricks, even n3DS can be downgraded to 2.x and lower for OTP dumping. Thus rendering their new Arm9Loader security completely useless.

Yeah i already have pretty good understanding of all of that. I think you might of missed what i was trying to explain (or maybe i'm missing your point english isn't my native language). I wasn't making any sort of distinction between o3ds/n3ds. I was just trying to say the 3DS isn't powerful enough to encrypt secret sector itself without using crypto hardware. Hence why there isn't anyway to install by loading the OTP.bin from the SD card.

 

[Apache Thunder]

Err what? n3DS uses crypto hardware too for secret sector. It has nothing to do with whether or not it is powerful enough. It's simply the way the security works on the consoles. The crypto hardware is used for most crypto because it's more secure that way not because the main hardware wasn't powerful enough to do it on it's own.

 

[solsolis]

Err what? n3DS uses crypto hardware too for secret sector. It has nothing to do with whether or not it is powerful enough. It's simply the way the security works on the consoles. The crypto hardware is used for most crypto because it's more secure that way not because the main hardware wasn't powerful enough to do it on it's own.

Your completely missing the point. I just was saying there cant be a prepackaged arm9loaderhax installer that reads the OTP off the sd card, because we don't have acess to the crypto hardware and neither 3DS is powerful enough to do it without the crypto hardware. Unless of course im mistaken and we can use the crypto hardwae.

 

[Apache Thunder]

Your completely missing the point. I just was saying there cant be a prepackaged arm9loaderhax installer that reads the OTP off the sd card, because we don't have acess to the crypto hardware and neither 3DS is powerful enough to do it without the crypto hardware. Unless of course im mistaken and we can use the crypto hardwae.

No that's wrong too. They could have a prepackaged secret sector that can be installed via the non crypto side of the hardware. The problem with that is, it would expose the secret sector to hackers...

This is probably why they haven't tried to setup Arm9Loader on o3DS. They wouldn't be able to push an update containing the secret sector because it would have exposed it to the exploitable consoles that would be able to decrypt it. Of coarse it's pointless now. But at the time n3DS came out, that was probably why Nintendo didn't push Arm9Loader update to o3DS.

Looks more like Nintendo is phasing out the o3DS line and will focus on the n3DS. I would not be surprised to see Nintendo come out with a n2DS at some point.

 

[solsolis]

No that's wrong to. They could have a prepackaged secret sector that can be installed via the non crypto side of the hardware. The problem with that is, it would expose the secret sector to hackers...

This is probably why they haven't tried to setup Arm9Loader on o3DS. They wouldn't be able to push an update containing the secret sector because it would have exposed it to the exploitable consoles that would be able to decrypt it. Of coarse it's pointless now. But at the time n3DS came out, that was probably why Nintendo didn't push Arm9Loader update to o3DS.

I am not talking about what nintendo can do with arm9loader. I am talking about what hackers can do with arm9loaderhax. I think you should go back and read the question i originally replied too. Because i feel we are having two completely different arguments an i can't really think of any other way to you explain to the point i'm trying to make.

 

[Apache Thunder]

Oh that question? Decrypting secret sector by generating a hash of OTP is a relatively simple process (from a programming standpoint anyway). The 3DS would have no trouble doing that. Even without utilizing the crypto hardware. The thing is, it wouldn't be as convient. It was setup to occur during the compiling of Arm9LoaderHax on the PC. It would be difficult to compile something on the 3DS instead since you'd have to port all the stuff needed to compile it on the 3DS to the 3DS.....As you can see it's not worth the trouble.

Arm9LoaderHax. At least the version of it that's is public relies on using the OTP file during compile of it. So that involves all the compile libraries, dependencies and the programs actually doing the compiling. That is what can't really be done on the 3DS. So it's not really so much an issue with encryption and whatnot. It's just a matter of practicality. Perhaps a new version of Arm9LoaderHax that does things a little differently could be made that would be doable with just a 3DS. But there's really not a high demand for that.

 

[tivu100]

Stupid question since I missed much of discussion about a9l: can I run updated/newer arm9loaderhax.3dsx in a9lh sysnand 9.2 or I have to return to normal 9.2 before proceeding?