Hacking [POC] - Fixing OFW Blackscreens with Boot9strap

[leerz]

So this is a POC I've been lobbying since the Announcement of Sighax

the POC was strengthened in concept now with the release of sighax & Boot9strap

Since the days of 3DS, there have been reports of what we call a "Black screen of death" that even the recovery mode can't fix.
Signs:
Back screen upon boot, freezing on HM, even after updating via Recovery. (these are OFW Virgin 3DS')


perhaps it has something to do with the system prereq's that might have gone bad (bad flashchip/blocks etc)

Theory is as Follows

1. Dump Nand of BSOD 3DS
2. Patch the Nand
3. Flash to NAND
4. Launch the Godmode9 Payload
5. do a CTRnand Transfer to 9x
6. decide to if you wish to CFW or remain Virgin XD
7. ?????
8. Profit

I have not tested this, but in Theory is should.
I have a N3ds with this exact issue and will probably do the procedure this week after work lol


Let me know your thoughts.


-----UPDATE------

So just an Update

Strange as it seems, the 3DS is now OK

My theory is it is as fckd up as i hoped it would be.

1. The FFC slot was ok, the FFC Cable had corrosion
I've confirmed it by my visual inspection, I thought it is almost likely since the Home button had corrosion as well.
I unplugged it and now the HM shows up.


2. Not exactly sure if my initial fiddling helped at all, the 3DS is now in US region coming from Jap.

3. the title.db is now dumping as it should.


anyway, I would like to thanks everyone for their Inputs!
I hope my venture can help out other users in the future.

 

[vb_encryption_vb]

If you know what firm it was bricked on, just write that firm to the console and your done... If you don't know what version, flash everyone till you find the correct one. ( Could take awhile or just flash firm 0/1 )

 

[leerz]

If you know what firm it was bricked on, just write that firm to the console and your done... If you don't know what version, flash everyone till you find the correct one. ( Could take awhile or just flash firm 0/1 )

Haven't tried that, but I know this is on 11.3 since from an unknown (bso'd firmware) i updated to latest (when 11.3 was the latest) via Recovery - so I'm almost 100% sure that it is 11.3

thing is I'm not sure if it is a firm issue and not other system files (which i hope the ctrnand trans will fix)

 

[leerz]

okay, just a progress report from my test.

Here's what I have

1. Hardmod nand dump "nand.bin"
2. Patched the "nand.bin" (used hardmod b9 installer)
3. reflashed "patched nand.bin"
4. setup the luma files (gm9)

So I have Luma (config) loading (I can set show nand string / brightness / l2 clocks etc)
I can also access Godmode9, view CTR Contents and other Partitions.

Result:

Test 0 - Raw setup - Blackscreen but still with sounds
Test 1 - CTRNAND Donor Ctrnand 11.3 - Blackscreen but still with sounds
Test 2 - CTRNAND NEW 9.2(same region) - Blackscreen but still with sounds
Test 3 - CTRNAND NEW 9.2 (different region) - Blackscreen but still with sounds
Test 4 - CTRNAND old/new 2.1 (same Region) - Just an error on Luma

What I will test later
1. setup an Emunand and boot it (not sure if it will make a difference)
2. ???
3. ???

 

[OrGoN3]

So basically what you're saying is, this doesn't work.

 

[leerz]

So basically what you're saying is, this doesn't work.

"YET"

Somehow, there's something that's not allowing the 3DS to boot properly -

The System freezes after a while (You can hear the sound upon boot, press a few buttons, then freeze * buttons no longer responding along with the touch)

just not sure if this is indeed software related or a totally different thing (Black screen caused by the WiFi, as seen on the Wii and afaik DS's )

 

[vb_encryption_vb]

You are flashing the correct firm that was on the system at the time of brick?

 

[mitroux]

leerz , i already fixed a 3dsxl having that black screen of death
the problem comes from moveable sed file , (ctrnand/private/moveable.sed)
you'd better flash your patched 11.3 nand (no ctr transfer) patched with b9 , then use godmode to replace the moveable file with the 0 key moveable sed file from this theard :
https://gbatemp.net/threads/release-0-key-movable-sed-『no-more-cia-installation-』.433356/
after , the 3ds boot normally , just format you 3ds so the ciorrect key x (or key y maybe) , get set proprely (the file contains also the localfriendcodeseed data set )
good luck

 

[leerz]

Nope, this was a Virgin 3DS - no Prior fiddling was done at the time.

leerz , i already fixed a 3dsxl having that black screen of death
the problem comes from moveable sed file , (ctrnand/private/moveable.sed)
you'd better flash your patched 11.3 nand (no ctr transfer) patched with b9 , then use godmode to replace the moveable file with the 0 key moveable sed file from this theard :
https://gbatemp.net/threads/release-0-key-movable-sed-『no-more-cia-installation-』.433356/
after , the 3ds boot normally , just format you 3ds so the ciorrect key x (or key y maybe) , get set proprely (the file contains also the localfriendcodeseed data set )
good luck

Trying that now! Will get back to you!

 

[liomajor]

@leerz

Depending of what did break, it might work or not.

As mitroux said, it can be a missing moveable.sed, also it could be broken settings > \data in nand.

Using godmode9 after patching nand, you can open and remove all content from \data
(not the folder itself!) to simulate a factory reset. Next boot should take a little bit longer
and asks for first time settings (remove nintendo3ds folder from memorycard!).

decrypt9 allows dumping system files, dump them to check if anything else is missing or broken.

In any case, keep a nand backup before doing any changes!

 

[mitroux]

Depending of what did break, it might work or not.

As mitroux said, it can be a missing moveable.sed, also it could be broken settings > \data in nand.

Using godmode9 after patching nand, you can open and remove all content from \data
(not the folder itself!) to simulate a factory reset. Next boot should take a little bit longer
and asks for first time settings (remove nintendo3ds folder from memorycard!).

decrypt9 allows dumping system files, dump them to check if anything else is missing or broken.

just replacing the moveable sed will make the 3ds boot like after a format or just the first time to boot ( it take about 20 seconds to start up)

 

[liomajor]

just replacing the moveable sed will make the 3ds boot like after a format or just the first time to boot ( it take about 20 seconds to start up)

True, but if he doesn't replace moveable.sed, cleaning out \data should do the trick.

 

[leerz]

Thanks

just flashing my 11.3 bin file back.

I forgot which FW the last i ctrtransferred last night.

so here are my next steps.

Flash my patched nand bin back (for a more factory setup)
put the 0 movable.sed
clear the data folder

(i backed all those up in gm9out)

eta 6m for the reflash according to gm9

 

[mitroux]

i think that the problem comes from that file , it got corrupted somehow (because it contains majority of key_y to decrypt stuff on nand during boot up
that's what written in 3ds brew : The movable.sed keyY is only used for AES MACs for nand/data/<ID0>. The nand/data/<ID0>/extdata directory contains the shared extdata, and is structured exactly the same way as SD extdata.

 

[Spore2]

I also started this on a 2ds blackscreen. Problem is I don't know the original firm version and if it is a nand corruption problem at all.

 

[mitroux]

I also started this on a 2ds blackscreen. Problem is I don't know the original firm version and if it is a nand corruption problem at all.

you can always try a hardmod and patching the nand , if the problem presists , you can can flash back your dumped corruptrd nand back
don't forget to get 2 copies of your nand , because the hardmod-b9s-installer program doesn't make a backup during patching

 

[leerz]

So I flashed it back
cleared the data folder
put the 0 movable sed

blacksreen

I realized it could take longer so i waited around 5 minutes more.
still Blackscreen

here are my next steps.
try the ctrnand 9x again
clear the data and redo the 0movable

just trying all the possibilities.

@leerz

Depending of what did break, it might work or not.

As mitroux said, it can be a missing moveable.sed, also it could be broken settings > \data in nand.

Using godmode9 after patching nand, you can open and remove all content from \data
(not the folder itself!) to simulate a factory reset. Next boot should take a little bit longer
and asks for first time settings (remove nintendo3ds folder from memorycard!).

decrypt9 allows dumping system files, dump them to check if anything else is missing or broken.

In any case, keep a nand backup before doing any changes!

Which sort of "system files" should I check?




btw, this is OT:
I noticed the 3ds.guide's been updated - no longer shows the hardmod option
https://3ds.guide/installing-boot9strap-(hardmod).html
Thanks

 

[mitroux]

can you access the recovery mode?

 

[Spore2]

btw, this is OT:
I noticed the 3ds.guide's been updated - no longer shows the hardmod option
https://3ds.guide/installing-boot9strap-(hardmod).html
Thanks[/QUOTE]

There's a note regarding this. Hardmod still works.

 

[leerz]

Yes, I can,

I actually tried that just a while ago and updated to the latest.

btw, this is OT:
I noticed the 3ds.guide's been updated - no longer shows the hardmod option
https://3ds.guide/installing-boot9strap-(hardmod).html
Thanks

There's a note regarding this. Hardmod still works.[/QUOTE]

Yes I read that too. it is no longer in the Chart