Toggle sidebar

Hacking Old 3ds device Demo

  • Thread starter Thread starter enes eyibil
  • Start date Start date
  • Views Views 16,915
  • Replies Replies 174
CrispyYoshi said:
I think it would be good to get more people to verify this, so sure. I'll share it as soon as I get ahold of it. You don't mind me sharing these files, do you @enes eyibil?

At this rate, it seems the 2GB of information might take a very long time to upload (I guess they just have really slow internet speed). I'll message you if everything goes as planned, but I would estimate another 8 hours before we can get it.
Click to expand...
enes eyibil said:
2GB file ends in 8 hours

it's loading so slow

damn

after you install the files, want to share it with everyone ?
Click to expand...
Just a quick hint (if it helps you): The extracted NAND.FAT16.img compresses much better than the full NAND image or the XORpads. Same for TWLN and TWLP, but they don't matter much.
 
enes eyibil said:
will they arrest me ? :)))
Click to expand...
It depends where and how you got that system, and what Nintendo chooses to do if they find out who owns it... I would not post that information out in the open, and only share it with those who know how to use them.

Urbanshadow said:
Ofc, I always meant by private message. I would be very surprised if it is a valid image after all.
Click to expand...
Indeed, I suspect it isn't a valid image, but I'm hoping we can at least get the important information we're looking for. However, after we get it, we'll want to do a bit of testing/verifying before attempting to flash it back to the system.

d0k3 said:
Just a quick hint (if it helps you): The extracted NAND.FAT16.img compresses much better than the full NAND image or the XORpads. Same for TWLN and TWLP, but they don't matter much.
Click to expand...
Is that so? Then we could probably .zip/.rar/.7z the file so it uploads faster. I don't think we're in much of a rush for these files, though, but thanks for the heads up!
 
TheVinAnator said:
Give it to them by private message and your fine
Click to expand...
CrispyYoshi said:
It depends where and how you got that system, and what Nintendo chooses to do if they find out who owns it... I would not post that information out in the open, and only share it with those who know how to use them.


Indeed, I suspect it isn't a valid image, but I'm hoping we can at least get the important information we're looking for. However, after we get it, we'll want to do a bit of testing/verifying before attempting to flash it back to the system.


Is that so? Then we could probably .zip/.rar/.7z the file so it uploads faster. I don't think we're in much of a rush for these files, though, but thanks for the heads up!
Click to expand...

upload ready
 
  • Like
Reactions: CrispyYoshi
My old tool used the same filename for the nand backup when dumping the encrypted nand and when doing the dump partitions option. So if you did the partition dump last which you probably did then you dont have a valid encrypted nand backup.
 
Normmatt said:
My old tool used the same filename for the nand backup when dumping the encrypted nand and when doing the dump partitions option. So if you did the partition dump last which you probably did then you dont have a valid encrypted nand backup.
Click to expand...
wouldn't that be the solution ?

the browser error is not resolved?
 
d0k3 said:
Well, then use 3DSFAT16tool with the old NAND dump, dump the NAND FAT16 partition, and mount it in OSFMount. Then check the partition (f.e. via chkdsk). If there are no errors, you can just pad the dump with all zeroes to the correct size.
Click to expand...
The NAND.img is 792,606,208 bytes, and after decrypting the FAT16 partition from that NAND using your 3DSFAT16tool.exe, it gave me a FAT16 file at 587,202,560 bytes (It seems to force-close itself after it hits 73%). The partition will not mount properly, and chkdsk doesn't want to touch it because' it's supposedly a "RAW File System".

The SysNand.bin dump from 6.x looks valid and produced a FAT16 partition at 794,624,000 bytes. Mounting this one works just fine, and it's detected as a DOS3.31+FAT16 file system.

It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
 
Last edited by CrispyYoshi,
CrispyYoshi said:
It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
Click to expand...

Are you implying the first NAND.img is decrypted?
(Also, did you forget to pass me the fat16 xorpad?)
 
CrispyYoshi said:
It could be decrypted actually, but you can check for yourself (Sorry, I forgot to send you the FAT16 Xorpad. I'll do that right now)
Click to expand...
I have just peeked into the file with an hex editor. It surely has some part in clear as you can find strings referring to firmwares below 1.0. Interesting.

Edit: I am not able to find the FIRM header (the one stored in CTRNAND, at least), so I assume that part is actually encripted.
 
Last edited by Urbanshadow,
CrispyYoshi said:
The NAND.img is 792,606,208 bytes, and after decrypting the FAT16 partition from that NAND using your 3DSFAT16tool.exe, it gave me a FAT16 file at 587,202,560 bytes (It seems to force-close itself after it hits 73%). The partition will not mount properly, and chkdsk doesn't want to touch it because' it's supposedly a "RAW File System".

The SysNand.bin dump from 6.x looks valid and produced a FAT16 partition at 794,624,000 bytes. Mounting this one works just fine, and it's detected as a DOS3.31+FAT16 file system.

It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
Click to expand...
CrispyYoshi said:
It could be decrypted actually, but you can check for yourself (Sorry, I forgot to send you the FAT16 Xorpad. I'll do that right now)
Click to expand...

>NAND.img: , code offset 0x0+3, OEM-ID "CTR ", sectors/cluster 32, root entries 512, Media descriptor 0xf8, sectors/FAT 189, sectors/track 63, heads 64, hidden sectors 357, sectors 1547931 (volumes > 32 MB) , serial number 0x12345678, label: " ", FAT (16 bit)

NAND.img is a decrypted CTRNAND.
 
CrispyYoshi said:
The NAND.img is 792,606,208 bytes, and after decrypting the FAT16 partition from that NAND using your 3DSFAT16tool.exe, it gave me a FAT16 file at 587,202,560 bytes (It seems to force-close itself after it hits 73%). The partition will not mount properly, and chkdsk doesn't want to touch it because' it's supposedly a "RAW File System".

The SysNand.bin dump from 6.x looks valid and produced a FAT16 partition at 794,624,000 bytes. Mounting this one works just fine, and it's detected as a DOS3.31+FAT16 file system.

It's worth mentioning that attempting to mount the NAND.img itself results in a 755.9 MB Size and DOS3.31+FAT16 File System, which matches up perfectly with the 6.x FAT16 dump.
Click to expand...
Okay. I'll explain to you what this means, and your options. What you got here is not a full NAND backup, but rather the decrypted CTRNAND partition only. See here (also called the CTR-NAND file system). This does not mean the FW 1.0.0 state is lost, but it will make things difficult. What you don't have at this point is the contents of the TWLN partition (which is not critical) and the FIRM0 / FIRM1.

If you want to try to go back, try this, but keep in mind there's a bricking risk with this:
  • Use the valid 6.x NAND backup as base
  • Inject the 1.0.0 NAND.img as FAT16 partition, using 3DSFAT16tool
  • Get the 1.0.0 FIRM from somewhere (it is identical over all regions)
  • Inject the FIRM to both, FIRM0 / FIRM1 via either 3DSFAT16tool or 3DSFIRMtool. Latter one is recommended
  • Ignore TWLN for now (you may fix this at a later point by injecting another same region 1.0.0 3DS' TWLN)
  • Restore via D9
If you do this, keep in mind, bricking risk. Also, if you do this, make sure you don't lose the XORpads, you may need them at a later point, too.
 
Last edited by d0k3,
d0k3 said:
Keep us

Okay. I'll explain to you what this means, and your options. What you got here is not a full NAND backup, but rather the decrypted CTRNAND partition only. See here (also called the CTR-NAND file system). This does not mean the FW 1.0.0 state is lost, but it will make things difficult. What you don't have at this point is the contents of the TWLN partition (which is not critical) and the FIRM0 / FIRM1.

If you want to try to go back, try this, but keep in mind there's a bricking risk with this:
  • Use the valid 6.x NAND backup as base
  • Inject the 1.0.0 NAND.img as FAT16 partition, using 3DSFAT16tool
  • Get the 1.0.0 FIRM from somewhere (it is identical over all regions)
  • Inject the FIRM to both, FIRM0 / FIRM1 via either 3DSFAT16tool or 3DSFIRMtool. Latter one is recommended
  • Ignore TWLN for now (you may fix this at a later point by injecting another same region 1.0.0 3DS' TWLN)
  • Restore via D9
If you do this, keep in mind, bricking risk. Also, if you do this, make sure you don't lose the XORpads, you may need them at a later point, too.
Click to expand...
do I have to do this process ?
 
Well considering he got somewhat valid 1.0 firmware it can be used as reference for devs. As for this member kindly help him get back to CFW route, as he seems more interested for it to be useable for such.
 
Just3DS said:
Well considering he got somewhat valid 1.0 firmware it can be used as reference for devs. As for this member kindly help him get back to CFW route, as he seems more interested for it to be useable for such.
Click to expand...
From what I see your almost able to turn it back off :D
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Help on 3DS prices...

Hardware  2 Broken 3DSes, need help

Website for finding alternative games for 3DS

GodMode9 wont launch, holding START just goes to home screen

Homebrew  My Secret World DS: is there a way to bypass the password lock?

please help, wont boot

Homebrew Homebrew app  [Release] GridLauncher Rosalina