Hacking [Help] Installed wrong OTP. Am I screwed?

S

SanchezTG

Member
OP
Newcomer
Level 2
Joined
Oct 15, 2011
Messages
10
Trophies
0
XP
121
Country
United States
Edit: I do not have a NAND backup from before I used the wrong OTP. I also do not have the right OTP file for this system. I installed the hard mod and I'm ready to try anything.

Original:


Hey, I accidentally used the wrong OTP file when using SafeA9LHInstallerv1.5.2. I do not have a NAND backup for this sytem and can't boot into recovery. It just has a black screen on startup. How screwed am I?

I have another 3DS with A9LH installed. I also have a RaspberryPi, as I remember that being useful for unbricking certain bricks (Gateway, I believe). What are my options?
 
Last edited by SanchezTG,
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
34
XP
4,249
Country
United States
SanchezTG said:
Hey, I accidentally used the wrong OTP file when using SafeA9LHInstallerv1.5.2. I do not have a NAND backup for this sytem and can't boot into recovery.
Click to expand...
How exactly did you even get to the point of running SafeA9LHInstaller without any NAND backups?

If it's an O3DS/2DS, you *may* be able to restore FIRM0/FIRM1 manually via a hardmod using a known plaintext attack, similar to the 10.4+ downgrade method.
If it's an N3DS, you're probably out of luck, since one of the sectors required for arm9loader was overwritten.
 
Last edited by GerbilSoft,
S

SanchezTG

Member
OP
Newcomer
Level 2
Joined
Oct 15, 2011
Messages
10
Trophies
0
XP
121
Country
United States
GerbilSoft said:
How exactly did you even get to the point of running SafeA9LHInstaller without any NAND backups?

If it's an O3DS/2DS, you *may* be able to restore FIRM0/FIRM1 manually via a hardmod using a known plaintext attack, similar to the 10.4+ downgrade method.
If it's an N3DS, you might be out of luck, since one of the sectors required for arm9loader was overwritten.
Click to expand...
I very dumbly picked up the wrong O3DS when I was at that step in the guide by Plialect. It is an O3DS and I can do the hardmod on it. What would be required next?
 
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
34
XP
4,249
Country
United States
The known plaintext downgrade is detailed here: https://github.com/Plailect/Guide/wiki/Hardmod-Downgrade - but this won't work as-is for this situation.

@Plailect Is it actually possible to recover FIRM1 here? I'm not positive if this method would work to cross-flash between an N3DS FIRM (as installed by SafeA9LHInstaller) and an O3DS FIRM due to the encryption.
 
Last edited by GerbilSoft,
Boogieboo6

Boogieboo6

@realDonaldTrump
Member
Level 6
Joined
Jul 30, 2015
Messages
965
Trophies
1
Age
23
XP
807
Country
United States
SanchezTG said:
I very dumbly picked up the wrong O3DS when I was at that step in the guide by Plialect. It is an O3DS and I can do the hardmod on it. What would be required next?
Click to expand...
You need a nand backup. A hardmod just lets you write a non-rekt nand to the console. Your 3ds is a permanent potato because you have no nand backup. Or maybe just listen to GerbilSoft.
 
  • Like
Reactions: Ricken
Plailect

Plailect

Well-Known Member
Member
Level 8
Joined
Jan 30, 2016
Messages
546
Trophies
1
XP
1,502
Country
United States
This is fixable, but you will need a hardmod and the OTP that you used for the install. If we also know what FIRM version you started with (I'm assuming 9.2, correct me otherwise), then we can do a plaintext firm attack to swap the FIRM in NAND since we know what payload you installed.
 
  • Like
Reactions: dimmidice
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Plailect said:
This is fixable, but you will need a hardmod and the OTP that you used for the install. If we also know what FIRM version you started with (I'm assuming 9.2, correct me otherwise), then we can do a plaintext firm attack to swap the FIRM in NAND since we know what payload you installed.
Click to expand...
Actually, if all that was done was using the wrong OTP, then it's entirely possible to easily fix this, (with a hardmod) you'll need to actually use the old sector generator for a9lh and generate the PROPER sector, with the right OTP, then simply install that at the correct offset (sector 0x96 which is offset 0x96 * 0x200 in NAND)
 
Last edited by dark_samus3,
  • Like
Reactions: Purge
Plailect

Plailect

Well-Known Member
Member
Level 8
Joined
Jan 30, 2016
Messages
546
Trophies
1
XP
1,502
Country
United States
dark_samus3 said:
Actually, if all that was done was using the wrong OTP, then it's entirely possible to easily fix this, (with a hardmod) you'll need to actually use the old sector generator for a9lh and generate the PROPER sector, with the right OTP, then simply install that at the correct offset (sector 0x96 which is offset 0x96 * 0x200 in NAND)
Click to expand...

True, and that's far easier.

Unfortunately, this doesn't change the requirements to fix, so the hardmod and OTP will still be needed.
 
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,944
Trophies
4
Location
Making a non-binary fuss
XP
39,316
Country
Antarctica
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,944
Trophies
4
Location
Making a non-binary fuss
XP
39,316
Country
Antarctica
dark_samus3 said:
Not true, the only thing wrong with his system would be the secret sector, as long as he as his OTP all he has to do is what we mentioned above :)
Click to expand...
Oh, I didn't know there was a fix without the need for a NAND back up. I learned something new, thanks ^_^
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Crystal the Glaceon said:
Oh, I didn't know there was a fix without the need for a NAND back up. I learned something new, thanks ^_^
Click to expand...
With what I'm currently working on, you'll need minimal stuff to entirely fix a 3ds.. you'll need some files from CTRNAND, (moveable.sed, secureinfo_a) the NCSD header from the console you intend on fixing and some external hardware (to perform a9lh without OTP), after that you simply do a9lh without OTP (requires some small soldering), put the proper NCSD header into NAND, then using the a9lh, boot up D9, from there you can regenerate all of the encryption you'll need and then you copy your original secureinfo_a and moveable.sed back in... you'll also need to recalculate the AES-MAC for the title.db... from there you'll be able to boot into home menu, but it'll have no applications, however you'll still be able to use applets (like browser), since we can control which version the CTRNAND is, we'll just have a 9.2 image or something with browserhax and we can start sysUpdater and reinstall everything... Long process, but it'll save a console
 
  • Like
Reactions: Quantumcat and The Catboy
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,944
Trophies
4
Location
Making a non-binary fuss
XP
39,316
Country
Antarctica
dark_samus3 said:
With what I'm currently working on, you'll need minimal stuff to entirely fix a 3ds.. you'll need some files from CTRNAND, (moveable.sed, secureinfo_a) the NCSD header from the console you intend on fixing and some external hardware (to perform a9lh without OTP), after that you simply do a9lh without OTP (requires some small soldering), put the proper NCSD header into NAND, then using the a9lh, boot up D9, from there you can regenerate all of the encryption you'll need and then you copy your original secureinfo_a and moveable.sed back in... you'll also need to recalculate the AES-MAC for the title.db... from there you'll be able to boot into home menu, but it'll have no applications, however you'll still be able to use applets (like browser), since we can control which version the CTRNAND is, we'll just have a 9.2 image or something with browserhax and we can start sysUpdater and reinstall everything... Long process, but it'll save a console
Click to expand...
I am 100% interested in seeing the end results in this project! No really, I love hearing members working to better the community!
 
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,944
Trophies
4
Location
Making a non-binary fuss
XP
39,316
Country
Antarctica
dark_samus3 said:
now if only we could get people to start backing up their files!
Click to expand...
It's sad that people don't do regular backups. I know I do backups, battery testing, system clean up, ect. every Thursday since I am off every Thursday.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Hardware  New Nintendo 3DS XL Louvre

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: good night