- Status
no, gateways downgrade feature works on an already exploited FW...plus they pretty much gave the downgrade feature away, if i was them and interested in making money from it i would of definitely stuck a red card requirement on the feature, the amount of people who simply used it to downgrade and use the free CFW means gateway effectively gave a free option to people who could of been forced to buy a GW card or borrow one simply ensuring extra sales even if one person just downgrades a bunch of consoles to sellHmmm, well, GateWay's downgrade feature must be doing something like that to be able to downgrade. I am probably very speculative and naive Obut... GateWay's downgrade requires your nand dump and their firmware file... what if they are doing a plaintext attack ? I mean, they read the encrypted nand and the unencrypted nand, they xor them or that plus some other thing ( with 3ds aes crypto engine or so... ) and then use that xorstream to encrypt their downgrade file and write it to the sysnand ... what do you think ? maybe motezazer or others reverse engineered this process ? if gateway can do it... probably gateway didn't want to let the functionality be more generic or available for anybody because that would make it easier to "steal" their tech and render themselves unneeded ?
as for downgrading via plaintext attack, i had a little play about with the concept, and yeah you can make xorpads for known areas, but its kinda limited, so you could downgrade FIRM0 & FIRM1 (PS downgrading just the firm partitions wont get you anywhere), but then it gets more complicated trying to find the other plaintext counterparts, i didnt look too much into it, but idk if the fat16 partition would follow a good enough order to allow it to work,
It's sad, because now 3DS games will be quite rare.
Let's not get into that discussion, everyone has a opinion, I don't agree with yours but you are entitled to it.
In my rant you can see I am assuming you have such an already exploited scenario, to do a plaintext attack you need both encryopted and unencrypted contents of sysnand and maybe the possibility to be able to use aes crypto engine. So yes, I assume you need to run privileged code in ARM9. But once you have that you would have your xorstream and be able to cook a firmware, encrypt it with your per-console xorstream and write it to the sysnand... I don't know...
In my rant you can see I am assuming you have such an already exploited scenario, to do a plaintext attack you need both encryopted and unencrypted contents of sysnand and maybe the possibility to be able to use aes crypto engine. So yes, I assume you need to run privileged code in ARM9. But once you have that you would have your xorstream and be able to cook a firmware, encrypt it with your per-console xorstream and write it to the sysnand... I don't know...
I also don't know......what the hell you just said
I'm new to this and I'm not sure if my problem is with PastaCFW or something else, but here it is:
N3DS, 9.0U, About half of the CIAs I install don't show up on the homescreen. I've tried multiple CIA installers and they all have the same problem. I can launch those "missing" installed CIAs from within bigbluemenu if I find them by releasecode-name, but then hitting the home button results in a system freeze. Any ideas?
N3DS, 9.0U, About half of the CIAs I install don't show up on the homescreen. I've tried multiple CIA installers and they all have the same problem. I can launch those "missing" installed CIAs from within bigbluemenu if I find them by releasecode-name, but then hitting the home button results in a system freeze. Any ideas?
once you have ARM9 control the need for any plaintext attack is fairly pointless as you already have pretty much full control to do whatever you want i.e downgrading, only real use of a palintext attack would be if you knew enough of the plaintext to perform a manual downgrade on a non exploitable FW.....but i honestly don't know if that would be possible, i would imagine there would be signatures in place to prevent such a route, plus its application would be pretty limited as its probably beyond the scope of most people to perform even if it was theoretically possibleIn my rant you can see I am assuming you have such an already exploited scenario, to do a plaintext attack you need both encryopted and unencrypted contents of sysnand and maybe the possibility to be able to use aes crypto engine. So yes, I assume you need to run privileged code in ARM9. But once you have that you would have your xorstream and be able to cook a firmware, encrypt it with your per-console xorstream and write it to the sysnand... I don't know...
its not region free, use region free cia's, ones that match your consoles region, or boot into NTR CFW once you are in pastaCFW to enable region free too
oh, ok
thanks for the insight. I was just speculating with very generic hacking theory ( and yes, using signatures would defeat this whole thing... ) and the fact gateway has that downgrading thing in place. So, back to the speculative board, I guess 
Firmware 7.0.14U
PastaCFW App Reboots after applying patches. No Devmenu. Run Cubic again, to run FBI to install Menu and receive the following error? Any ideas or options?
Install Failed!
Could not install aPP.
Raw Error:0xs8e0806a
Module AM (0x20)
Level: Permanent (0x1b)
Summary: Invalid argument (0x7)
Description: Invalid signature (0x6a)
PastaCFW App Reboots after applying patches. No Devmenu. Run Cubic again, to run FBI to install Menu and receive the following error? Any ideas or options?
Install Failed!
Could not install aPP.
Raw Error:0xs8e0806a
Module AM (0x20)
Level: Permanent (0x1b)
Summary: Invalid argument (0x7)
Description: Invalid signature (0x6a)
Here's a question. Is mset implementation going to break GBA compatibility, or will it need to be reinstalled when GBA VC are ran?
nope, i doubt it, launching DSi games would likely break the exploit profile which could get annoying, but only thing that would probably break DSi/GBA compatibility is if emunand was added or they relied on embedding a copy of the native_firm inside the launcher, which afaik is why they dont work with gateway even in sysnand mode
- Status
Similar threads
