Homebrew A Reference Thread - How to uninstall A9LH properly?

[TheOverseer]

So, I wanted to ask about this. I'm an A9LH user, and if Sighax comes out, I'd be interested in switching to it, as I would no longer have to worry about keeping my OTP safe if I was to have an SD card failure, or anything like that. And it's likely that Sighax would perform better without an SD than A9LH, which is apparently a bit buggy with the NFIRM mini-CFW implementation.

So, I would like to ask, for the future, how would I go about properly uninstalling A9LH without a NAND Backup? I did do one originally before I started any A9LH, but I got my 3DS on 7.something, so it's a bit of a firmware obscura. I was able to launch Decrypt9 through browserhax on that firmware, but it'd be a lot cleaner if I was able to uninstall through Safehax on 11.X. Any ideas?

Even if I have to downgrade to use another exploit to uninstall, I'm alright with that, I'm just interested in how to uninstall A9LH safely if Sighax is released at any point.

 

[xtheman]

Safea9lhinstaller has an uninstall feature which you can boot with luma's chainloading.

 

[metroid maniac]

You wouldn't need to uninstall a9lh prior to installing sighax, by the way.

 

[TheOverseer]

You wouldn't need to uninstall a9lh prior to installing sighax, by the way.

Would Sighax likely overwrite it, as it uses the same space?

Safea9lhinstaller has an uninstall feature which you can boot with luma's chainloading.

Is it safe to use from any firmware version? In addition, does the uninstall version also require the OTP to be able to access the keystore again to revert things to stock?

 

[metroid maniac]

Would Sighax likely overwrite it, as it uses the same space?

That's right.

Is it safe to use from any firmware version? In addition, does the uninstall version also require the OTP to be able to access the keystore again to revert things to stock?

When safea9lhinstaller is run from a9lh, it has access to the OTP hash. That means it can generate a vanilla keysector again and revert things to stock.

 

[xtheman]

Is it safe to use from any firmware version? In addition, does the uninstall version also require the OTP to be able to access the keystore again to revert things to stock?

I'm not sure as I have never used that feature. Just make sure you uninstall on a firmware that can arm9 payloads (9.2 or 11.1 with safehax)

 

[annson24]

Would Sighax likely overwrite it, as it uses the same space?



Is it safe to use from any firmware version? In addition, does the uninstall version also require the OTP to be able to access the keystore again to revert things to stock?

I think if you injected luma3ds to the ctrnand partition. You need to remove it first before uninstalling a9lh. I didn't do that last time and I think that's what caused the brick. I had to do a hardmod to fix it.

Sent from my SM-G935F using Tapatalk

 

[TheOverseer]

That's right.

When safea9lhinstaller is run from a9lh, it has access to the OTP hash. That means it can generate a vanilla keysector again and revert things to stock.

Is the OTP Hash kept on the console's NFIRM to allow this, or is it using modified functionality to be able to do this? That's good information, but I'm curious as to why this is possible when it doesn't have access to it originally. Just wondering.

Also, is the keystore itself kept somewhere in NFIRM, so it'd be overwritten when installing Sighax, or is it kept elsewhere? On O3DS, if there's a difference because of that.

--------------------- MERGED ---------------------------

I think if you injected luma3ds to the ctrnand partition. You need to remove it first before uninstalling a9lh. I didn't do that last time and I think that's what caused the brick. I had to do a hardmod to fix it.

Sent from my SM-G935F using Tapatalk

I run Luma from the SD Card as the ARM9LoaderHax payload, I didn't install it to NAND. I definitely can't boot without a SD card.

 

[The Catboy]

Just wait until Sighax is a thing. You are jumping to conclusions. Once Sighax is released, The Guide will be updated and you can from there.

 

[metroid maniac]

Is the OTP Hash kept on the console's NFIRM to allow this, or is it using modified functionality to be able to do this? That's good information, but I'm curious as to why this is possible when it doesn't have access to it originally. Just wondering.

Also, is the keystore itself kept somewhere in NFIRM, so it'd be overwritten when installing safehax, or is it kept elsewhere? On O3DS, if there's a difference because of that.

Arm9loader finds the hash of the OTP and then forgets to clear the OTP hash from memory before running NFIRM.
Usually NFIRM (Kernel9) clears the OTP hash, but that software doesn't run by that time if you're doing a9lh.

The keystore is separate from NFIRM. It is never updated or changed in normal circumstances, but rather the console comes from the factory loaded with a bank of keys that can be used for future updates.
For a9lh, some of the keys are changed to cause arm9loader to do weird things that lead to code execution.

 

[erman1337]

Sighax probably won't be a thing until 3DS reaches EOL

 

[aos10]

Why people want sighax if they already have a9lh?

 

[TheOverseer]

Why people want sighax if they already have a9lh?

Will likely have a better implementation in firmware. So SD card payloads will probably become optional, as 'standard feature' CFWs could be used without any issues arising, like POCs like Shadownand deal with.

 

[GoddessKozy]

I apologize if this is a bit of a hijack considering this is all about sighax mostly, but as the title is how to uninstall A9LH I thought to seek some guidance here.

I've been reading all over the place and it seems that safea9lhinstaller is the best way to go about uninstalling it, right? For context I'm helping out a friend who set-up A9LH a couple days ago but wants to go back to stock. She said that she doesn't have NAND backups without A9LH since decrypt9 wouldn't work (I'm curious about that myself since she was sending me pictures of it, but that's beside the point).

Since it's even mentioned in this thread that the solution is to use safea9lhinstaller I figure I'll just help her with that, but my major question now is if that'd brick on n3ds. I found a bunch of outdated information (as in early 2016) but they seemed to have been saying that it's unsafe to uninstall since it leaves a corrupted firm on n3ds systems (and thus will brick). I might be wrong though, because honestly I'm about as out of the loop as she is. Any clarification would be super appreciated.

 

[metroid maniac]

Since it's even mentioned in this thread that the solution is to use safea9lhinstaller I figure I'll just help her with that, but my major question now is if that'd brick on n3ds. I found a bunch of outdated information (as in early 2016) but they seemed to have been saying that it's unsafe to uninstall since it leaves a corrupted firm on n3ds systems (and thus will brick). I might be wrong though, because honestly I'm about as out of the loop as she is. Any clarification would be super appreciated.

It's a corrupted keysector, actually.
Just looking at its code, safea9lhinstaller will restore the keysector to normal upon uninstallation.
I've never uninstalled a9lh let alone on a N3DS, so I can't say with certainty.

 

[GoddessKozy]

It's a corrupted keysector, actually.
Just looking at its code, safea9lhinstaller will restore the keysector to normal upon installation.
I've never uninstalled a9lh let alone on a N3DS, so I can't say with certainty.

Oh!! I see, thank you for answering. Honestly once it gets to like, hardware and stuff I'm not sure what is going on.

I've been talking with her more and it seems she wanted to uninstall it since NTR wasn't working, so I think I'm going to help her with that now and then see if she wants to uninstall later.