Homebrew Can Nintendo create a signed update that retrieves the OTP?

[Link_of_Hyrule]

So I was kind of thinking about this today. As far as installing a9lh we have to downgrade our system all the way to 2.1 to get to a system that has access to extract the OTP. However what my question is is can Nintendo create a signed update that unlocks access to the OTP to retrieve the files to then remove a9lh from systems? Is it setup so that Nintendo themselves would also have to force downgrade user systems to be able to uninstall a9lh? (Which is something very very unlikely that they would do since it wouldn't make much sense to do it). If this is the case that they can't create such an update to remove it without the full downgrade I guess a9lh is really pretty full proof since it would be so hard for them to remove from user systems.

 

[RealityNinja]

nope, nintendo will never do this. Nintendo has zero reason to unlock the OTP!! As for me, I downgraded to 2.1 two times. No problems. Just follow correctly the guide. The only way for nintendo to uninstall a9lh, is write firm 0 and firm 1 partition during update, with arm9 authorizations (because it's patched by aureinand, and so arm11 can't write firm0 and firm 1).
So, I think next nintendo update will just block nintendo 3ds downgrade (and maybe other homebrew exploits). No downgrade = no arm9 access = no a9lh. Maybe this update will be release next monday...

 

[thatbooisaspy]

.

 

[[]KAOS[]Casey]

Nintendo probably has the OTP for every console sitting in a database somewhere. That said, unless they can somehow override the firm0/1 protection, it shouldn't really be possible for them to uninstall a9lh.

As always, if there's an update, let the guys with hardmods test if anything breaks first.

 

[Link_of_Hyrule]

So the custom firmware itself blocks them from updating the firm even if they do have access to the OTP for each console?

 

[RealityNinja]

So the custom firmware itself blocks them from updating the firm even if they do have access to the OTP for each console?

yes. That why you can update your sysnand to 10.7 with a9lh without uninstalling it!!

 

[Link_of_Hyrule]

yes. That why you can update your sysnand to 10.7 with a9lh without uninstalling it!!

Cool that makes it even safer I didn't think about the CFW actually blocking updates to just that part of the system. Now we just need auto updates to the CFW I'm kind of surprised no one has done this yet TBH.

 

[zoogie]

Nintendo probably has the OTP for every console sitting in a database somewhere. That said, unless they can somehow override the firm0/1 protection, it shouldn't really be possible for them to uninstall a9lh.

As always, if there's an update, let the guys with hardmods test if anything breaks first.

They can restore bricked nands so I'm sure they have way to access data without disassembly or arm9 sploits like we have to do.
It's a total mystery how they do it though.

 

[RealityNinja]

They can restore bricked nands so I'm sure they have way to access data without disassembly or arm9 sploits like we have to do.
It's a total mystery how they do it though.

I think they change the motherboard = new console = unbricked!

 

[zoogie]

I think they change the motherboard = new console = unbricked!

It's a lot cheaper just to fix the MB (if it's just nand corruption) without chucking it. They wouldn't be in the business of selling $60 2ds's otherwise.

 

[Link_of_Hyrule]

They can restore bricked nands so I'm sure they have way to access data without disassembly or arm9 sploits like we have to do.
It's a total mystery how they do it though.

I imagine they have a special hardware tool that allows them to do this on top of the fact that they have access to all the software keys to install/uninstall whatever they want.

 

[MrCheeze]

I kinda want this to end with Nintendo searching for security flaws in their own product to find a way to overwrite firm anyway.

 

[RealityNinja]

It's a lot cheaper just to fix the MB (if it's just nand corruption) without chucking it. They wouldn't be in the business of selling $60 2ds's otherwise.

Yeah but if your 3ds is hardbricked, you have to pay for the repair (out of warranty), right?

 

[Conn0r]

No matter what Nintendo does, they cannot block a9lh as long as firm0/firm1 block is enabled with cfw.

 

[dankzegriefer]

Nintendo COULD theoretically do this...


but it's dumb. And tedious. And useless. And it makes installing arm9loaderhax easier. And any attempt to delete arm9loaderhax would probably be stopped by your CFW.


tl;dr
Why would they?

 

[DSoryu]

I think they change the motherboard = new console = unbricked!

They can restore bricked nands so I'm sure they have way to access data without disassembly or arm9 sploits like we have to do.
It's a total mystery how they do it though.

There was a case once, where a user sent his 3DS to repair at Nintendo, they returned his console with a misterious cartdrige inserted, so he went back to the Nintendo Customer Service and returned the misterious cartdrige... and yup, he never saw what it was.

In exchange, he received a HUGE reward, so it's obvious that such cartdrige, in the wrong hands, can do much everything we can dream about I guess.

 

[Link_of_Hyrule]

No matter what Nintendo does, they cannot block a9lh as long as firm0/firm1 block is enabled with cfw.

Just to be clear firm0/firm1 is blocked by default on AuReiNand on both sysnand and emunand with a9lh?

 

[zoogie]

Yeah but if your 3ds is hardbricked, you have to pay for the repair (out of warranty), right?

Bricks can happen with normal usage though. People uploaded pictures of the bootrom error well before the Gateway era.
So they will usually just fix bricks unless there's some obvious evidence you've been hacking it.

Nintendo COULD theoretically do this...


but it's dumb. And tedious. And useless. And it makes installing arm9loaderhax easier. And any attempt to delete arm9loaderhax would probably be stopped by your CFW.


tl;dr
Why would they?

Good post. CFW mods are a moving target so trying to work around them in the update process can yield unpredictable results. Nintendo is known to be afraid of lawsuits so they'll just be content with letting updates fail. The only thing they might try to counter update blocking units is banning them from online services.

There was a case once, where a user sent his 3DS to repair at Nintendo, they returned his console with a misterious cartdrige inserted, so he went back to the Nintendo Customer Service and returned the misterious cartdrige... and yup, he never saw what it was.

In exchange, he received a HUGE reward, so it's obvious that such cartdrige, in the wrong hands, can do much everything we can dream about I guess.

Interesting, do you have any links? Search hints?

 

[Conn0r]

Just to be clear firm0/firm1 is blocked by default on AuReiNand on both sysnand and emunand with a9lh?

That would be correct!

 

[DSoryu]

Just to be clear firm0/firm1 is blocked by default on AuReiNand on both sysnand and emunand with a9lh?

Yeah, Aureinand does that by default, so youre good with that CFW.
There is Cakes as well, where you can change that behavior manually, but it's only recommended for advanced users and for testing purposes.