Hacking Can We Unbrick a 3DS With No NAND Backups and a Hard Mod Yet?

Xenon Hacks

Well-Known Member
OP
Member
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
Wondering if it's possible to take a bricked unit, NAND mod it, dump the corrupt Nand, Fix the FIRM partitions (if it's possible), Boot Recovery and update, then dump that Nand clean NAND and downgrade via the same hard mod.
 
Last edited by Xenon Hacks,

migles

All my gbatemp friends are now mods, except for me
Member
Joined
Sep 19, 2013
Messages
8,033
Trophies
0
Location
Earth-chan
XP
5,299
Country
China
Wondering if it's possible to take a bricked unit, NAND mod it, dump the corrupt Nand, Fix the FIRM partitions (if it's possible), Boot Recovery and update, then dump that Nand clean NAND and downgrade via the same hard mod.
edit first post with this information for extra effect and community points.
 
  • Like
Reactions: Xenon Hacks

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
Wondering if it's possible to take a bricked unit, NAND mod it, dump the corrupt Nand, Fix the FIRM partitions (if it's possible), Boot Recovery and update, then dump that Nand clean NAND and downgrade via the same hard mod.

Someone correct me now, but I believe if you had some important keys (may be OTP and twl otp slot, or xorpads, or everything) you could be able to decrypt an alike working system's NAND, decrypt it and encrypt it for the new system, then restore it and get it working.
 

Xenon Hacks

Well-Known Member
OP
Member
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
Someone correct me now, but I believe if you had some important keys (may be OTP and twl otp slot, or xorpads, or everything) you could be able to decrypt an alike working system's NAND, decrypt it and encrypt it for the new system, then restore it and get it working.
The reason this popped into my head is because this is kinda what I remember doing to unbrick my 2.1 Nand back (but not the same thing) when A9LH required a hard mod and that funky 3DSX blue screen app.
 
  • Like
Reactions: migles

migles

All my gbatemp friends are now mods, except for me
Member
Joined
Sep 19, 2013
Messages
8,033
Trophies
0
Location
Earth-chan
XP
5,299
Country
China
Good Idea lol it's 5:30 AM and I have not slept my B
with the "^title" you would get generic normal answers (for example: no, you can't use another console's nand backup) instead turning it into a discussion about if its possible or not to repair a corrupted nand backup
 

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
The reason this popped into my head is because this is kinda what I remember doing to unbrick my 2.1 Nand back (but not the same thing) when A9LH required a hard mod and that funky 3DSX blue screen app.

What I would like for you to understand is recovering a corrupted and encripted NAND is not possible. Because if the NAND is corrupted it would be decrypted into garbage.
If you decrypt a working backup (another system or not, I think it doesn't matter) and you manage to encript it for the broken system to decript it correctly, I don't see why it wouldn't work.

But you still need that encrypting info correctly dumped somewhere.
 

Xenon Hacks

Well-Known Member
OP
Member
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
What I would like for you to understand is recovering a corrupted and encripted NAND is not possible. Because if the NAND is corrupted it would be decrypted into garbage.
If you decrypt a working backup (another system or not, I think it doesn't matter) and you manage to encript it for the broken system to decript it correctly, I don't see why it wouldn't work.

But you still need that info somewhere.
I don't really ave a method in mind but the idea is to not fix it completely just enough to boot the recovery menu with L+R+A+UP and let the 3DS itself do the rest.
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
23,207
Trophies
4
Location
Space
XP
13,732
Country
Norway
Wondering if it's possible to take a bricked unit, NAND mod it, dump the corrupt Nand, Fix the FIRM partitions (if it's possible), Boot Recovery and update, then dump that Nand clean NAND and downgrade via the same hard mod.
Reflashing FIRM without a NAND backup is possible, which probably won't be enough to fix most bricks, but in some particular cases that could be enough to save a 3DS. SAFE_MODE FIRM isn't stored in the FIRM partitions though I think, so a bricked safe mode can't be fixed without a NAND backup.
If you have NAND xorpads though then you have much better chances of unbricking.
 

Xenon Hacks

Well-Known Member
OP
Member
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
Reflashing FIRM without a NAND backup is possible, which probably won't be enough to fix most bricks, but in some particular cases that could be enough to save a 3DS. SAFE_MODE FIRM isn't stored in the FIRM partitions though I think, so a bricked safe mode can't be fixed without a NAND backup.
If you have NAND xorpads though then you have much better chances of unbricking.
Could one use donor Xorpads or are those console specific too -__-?
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,721
Trophies
2
XP
8,471
Country
Tuvalu
it depends how it is bricked, if the firm is the only problem then yeah that will fix it.
but if it is 'bricked' because you uninstalled a bunch of system titles that you need, then no - you will have to do some more stuff :)
 
Joined
Feb 15, 2015
Messages
1,464
Trophies
0
XP
1,099
Country
United States
Reflashing FIRM without a NAND backup is possible, which probably won't be enough to fix most bricks, but in some particular cases that could be enough to save a 3DS. SAFE_MODE FIRM isn't stored in the FIRM partitions though I think, so a bricked safe mode can't be fixed without a NAND backup.
If you have NAND xorpads though then you have much better chances of unbricking.
SAFE_FIRM is FIRM1 iirc.

--------------------- MERGED ---------------------------

it depends how it is bricked, if the firm is the only problem then yeah that will fix it.
but if it is 'bricked' because you uninstalled a bunch of system titles that you need, then no - you will have to do some more stuff :)
I know the feeling..I lost an O3DS during the unstable phase of MCH2 testing.
 
  • Like
Reactions: astronautlevel

Xenon Hacks

Well-Known Member
OP
Member
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
it depends how it is bricked, if the firm is the only problem then yeah that will fix it.
but if it is 'bricked' because you uninstalled a bunch of system titles that you need, then no - you will have to do some more stuff :)
Lets say your running PlaiSysUpdater and it crashes mid way for no apparent reason something like that would be fixable with some fiddling no? Since FIRM gets installed first by priority when using it.
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
23,207
Trophies
4
Location
Space
XP
13,732
Country
Norway
SAFE_FIRM is FIRM1 iirc.
Nope. firm0 and firm1 are identical copies, so in the event that firm0 is corrupted during an update the system won't be bricked.
3DBrew https://www.3dbrew.org/wiki/FIRM#NATIVE_FIRM said:
NATIVE_FIRM is the FIRM which is installed to the NAND firm partitions, which is loaded by bootrom.
 

vb_encryption_vb

That hardmod guy....
Member
Joined
Nov 21, 2015
Messages
1,995
Trophies
2
Age
41
Location
Acworth, GA
XP
1,933
Country
United States
From what i understand.

With out the keys, you can't decrypt a nand on pc, so you're not able to use a donor nand to rebuild a new nand image. I actually have a system someone sent in, im not sure what they did exactly, but some how they managed to flash a corrupt emunand to sysnand. Console still worked for the time being in some sort of Frankenstein firm. Once the console was updated to 11.0 on emunand the system crashed. Crashed sysnand as well. No recovery, nothing. Just black screens. Unfortunately, they no longer had a backup of any dumps.

Yes, im positive it was in emunand as well. Even if it was in sysnand, a update should not have bricked a system like that.
 

Halvorsen

Well-Known Member
Member
Joined
Aug 12, 2015
Messages
2,060
Trophies
0
Website
halcove.com
XP
1,889
Country
United States
Nvm, I forgot about xorpads. xD

So let's say we corrupted NATIVE_FIRM and nothing else, like from a bad downgrade. 3DS is bricked. Can we do the 11.x downgrade method and inject the corresponding NF, essentially unbricking it? I didn't make this post to be useful, I'm just curious.
 
Last edited by Halvorsen,

hundshamer

Well-Known Member
Member
Joined
May 22, 2009
Messages
1,810
Trophies
0
XP
924
Country
United States
Can we XOR a NATIVE_FIRM (if it still intact), use a decrypted NAND (XOR'ed NAND from donor machine) to rebuild a new NAND and use the XOR from the original to rebuild an operational firmware?

EDIT: I remember rebuilding a firmware once, but it was a while ago. I forgot where we get the xorpads... Let me see if I can dig up what I did (with tons of help of course).
 
Last edited by hundshamer,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • ZeroT21 @ ZeroT21:
    it wasn't a question, it was fact
  • BigOnYa @ BigOnYa:
    He said he had 3 different doctors apt this week, so he prob there. Something about gerbal extraction, I don't know.
    +1
  • ZeroT21 @ ZeroT21:
    bored, guess i'll spread more democracy
  • LeoTCK @ LeoTCK:
    @K3Nv2 one more time you say such bs to @BakerMan and I'll smack you across the whole planet
  • K3Nv2 @ K3Nv2:
    Make sure you smack my booty daddy
    +1
  • LeoTCK @ LeoTCK:
    telling him that my partner is luke...does he look like someone with such big ne
    eds?
  • LeoTCK @ LeoTCK:
    do you really think I could stand living with someone like luke?
  • LeoTCK @ LeoTCK:
    I suppose luke has "special needs" but he's not my partner, did you just say that to piss me off again?
  • LeoTCK @ LeoTCK:
    besides I had bigger worries today
  • LeoTCK @ LeoTCK:
    but what do you know about that, you won't believe me anyways
  • K3Nv2 @ K3Nv2:
    @BigOnYa can answer that
  • BigOnYa @ BigOnYa:
    BigOnYa already left the chat
  • K3Nv2 @ K3Nv2:
    Biginya
  • BigOnYa @ BigOnYa:
    Auto correct got me, I'm on my tablet, i need to turn that shit off
  • K3Nv2 @ K3Nv2:
    With other tabs open you perv
  • BigOnYa @ BigOnYa:
    I'm actually in my shed, bout to cut 2-3 acres of grass, my back yard.
  • K3Nv2 @ K3Nv2:
    I use to have a guy for that thanks richard
  • BigOnYa @ BigOnYa:
    I use my tablet to stream to a bluetooth speaker when in shed. iHeartRadio, FlyNation
  • K3Nv2 @ K3Nv2:
    While the victims are being buried
  • K3Nv2 @ K3Nv2:
    Grave shovel
  • BigOnYa @ BigOnYa:
    Nuh those goto the edge of the property (maybe just on the other side of)
  • K3Nv2 @ K3Nv2:
    On the neighbors side
    +1
  • BigOnYa @ BigOnYa:
    Yup, by the weird smelly green bushy looking plants.
    K3Nv2 @ K3Nv2: https://www.the-sun.com/news/10907833/self-checkout-complaints-new-target-dollar-general-policies...