All of the credits go to the main developers of Luma3DS CFW, of course.
So I made a little mod for Luma3DS that effectively allows you to "unban" a console that has been banned with a 022-2812 error. Whether that be the Sun and Moon stuff years ago or whatever else, it should do the trick. The caveat: it requires another console of the same region/model to spoof. If by some chance you have one, keep reading!
The mod requires a decrypted OTP dump from an unbanned 3DS. The mod spoofs the CTCert that lies in the console's OTP. Normally, you can't change the CTCert as its burned onto the SoC (AFAIK), but boot9 loads the decrypted OTP into the ITCM. So while you can't modify the OTP, you can just modify the contents of the ITCM every time the console boots up. That's what the payload does. It reads a decrypted OTP dump from /luma/otp.bin, and loads the relevant fields into the ITCM every boot, essentially spoofing the other console's CTCert.
Here's the repo link: https://github.com/truedread/Luma3DS
Let me know if you guys find any bugs!
Usage Steps
EDIT: For people that have issues compiling otptool or that don't have access to a Unix machine, I made a quick little Python script that decrypts the OTP the same way: https://gist.github.com/truedread/01c48e0b0ab804c27e6a611c65e1f04a.
It requires Python 3 as well as the library pycryptodomex. Once installed, run "python otp.py -i ENCRYPTED_OTP.bin -o DECRYPTED_OTP.bin" and you should be good to go!
So I made a little mod for Luma3DS that effectively allows you to "unban" a console that has been banned with a 022-2812 error. Whether that be the Sun and Moon stuff years ago or whatever else, it should do the trick. The caveat: it requires another console of the same region/model to spoof. If by some chance you have one, keep reading!
The mod requires a decrypted OTP dump from an unbanned 3DS. The mod spoofs the CTCert that lies in the console's OTP. Normally, you can't change the CTCert as its burned onto the SoC (AFAIK), but boot9 loads the decrypted OTP into the ITCM. So while you can't modify the OTP, you can just modify the contents of the ITCM every time the console boots up. That's what the payload does. It reads a decrypted OTP dump from /luma/otp.bin, and loads the relevant fields into the ITCM every boot, essentially spoofing the other console's CTCert.
Here's the repo link: https://github.com/truedread/Luma3DS
Let me know if you guys find any bugs!
Usage Steps
- You must unlink the NNID from the banned 3DS. Unfortunately, this will invalidate the tickets of legitimate purchases, but if you got banned this way do you even care? (Psst...regenerate the tickets after unlinking)
- To unlink the NNID without formatting, use Plailect's GM9 script
- Dump the encrypted OTP from the unbanned console (boot9strap users: hold Start + Select + X on boot to dump to /boot9strap/ directory)
- Decrypt the encrypted OTP with otptool or my Python script
- On the banned 3DS, copy the unbanned decrypted OTP to /luma/otp.bin
- Either download the compiled boot.firm attached or compile it yourself and place it on the banned 3DS's root directory, overwriting the old Luma3DS boot.firm
- That's it!
- If otp.bin doesn't exist, the 3DS will boot normally, so be careful!
- There's a bug that I found which prevents me from loading GodMode9 through the Luma3DS chainloader. But, reverting to GM9 1.8.0 fixed it. Not sure what the issue is.
- I am not responsible for any damage caused to your console. You banned it, you're responsible.
EDIT: For people that have issues compiling otptool or that don't have access to a Unix machine, I made a quick little Python script that decrypts the OTP the same way: https://gist.github.com/truedread/01c48e0b0ab804c27e6a611c65e1f04a.
It requires Python 3 as well as the library pycryptodomex. Once installed, run "python otp.py -i ENCRYPTED_OTP.bin -o DECRYPTED_OTP.bin" and you should be good to go!
Attachments
Last edited by truedread,