Hacking Error updating A9LH

Keylogger · Mar 31, 2017

Hey

There is a long time since I didn't use my 3DS.
I want to update my A9LH using latest version of SafeA9LHInstaller (v2.6.7-42c09f52

I think I have all the required files on SD card (left all files from my previous installation)
But I can't update because I have this error message:
The OTP hash or the NAND Key sector are invalid.

What I have to do to resolve this?

APartOfMe · Apr 1, 2017

~~i think you can place the latest arm9loaderhax.bin on your sd card to update a9lh.~~
Edit: not true

adrifcastr · Apr 1, 2017

epickid37 said:
i think you can place the latest arm9loaderhax.bin on your sd card to update a9lh.

nope. totally incorrect. arm9loaderhax.bin is the payload that get's executed. the actual a9lh payloads are written to firm0/firm1

APartOfMe · Apr 1, 2017

addi33 said:
nope. totally incorrect. arm9loaderhax.bin is the payload that get's executed. the actual a9lh payloads are written to firm0/firm1

thanks for correcting me! just goes to show what i know about this :rofl2:

adrifcastr · Apr 1, 2017

epickid37 said:
thanks for correcting me! just goes to show what i know about this

https://gbatemp.net/threads/noob-support-how-arm9loaderhax-luma3ds-works-and-what-it-is.460281/

Neither ARM9LOADERHAX is a CFW it is a persistant (low-level) system exploit, nor Luma3DS is a FW Replacement, it is a Signature Patcher.

1. Bootrom reads FIRM0, but due to our payload presence, the signature check will fail.
2. It will read FIRM1 on top of FIRM0, and our payload will still be after it.
3. Check its RSA signature, since it's good it will jump to its arm9loader.
4. The arm9loader will use our crafted key to decrypt the ARM9 binary as garbage, then jump to the kernel entrypoint.
5. With our key the garbage kernel entrypoint will make the cpu jump to our payload location.
6. Code execution!

APartOfMe · Apr 1, 2017

addi33 said:
https://gbatemp.net/threads/noob-support-how-arm9loaderhax-luma3ds-works-and-what-it-is.460281/

Neither ARM9LOADERHAX is a CFW it is a persistant (low-level) system exploit, nor Luma3DS is a FW Replacement, it is a Signature Patcher.

1. Bootrom reads FIRM0, but due to our payload presence, the signature check will fail.
2. It will read FIRM1 on top of FIRM0, and our payload will still be after it.
3. Check its RSA signature, since it's good it will jump to its arm9loader.
4. The arm9loader will use our crafted key to decrypt the ARM9 binary as garbage, then jump to the kernel entrypoint.
5. With our key the garbage kernel entrypoint will make the cpu jump to our payload location.
6. Code execution!

cool! i think smealum has a good walkthrough of the steps also. breaking the 3ds security system

Keylogger · Apr 2, 2017

So what I have to do?

Quantumcat · Apr 2, 2017

Keylogger said:
So what I have to do?

Delete the files from the previous installation and follow https://3ds.guide/updating-a9lh

Hacking Error updating A9LH

Well-Known Member

( ͡° ͜ʖ ͡°)

Well-Known Member

( ͡° ͜ʖ ͡°)

Well-Known Member

( ͡° ͜ʖ ͡°)

Well-Known Member

Dead and alive

Similar threads

Popular threads in this forum