It's sad, because now 3DS games will be quite rare.
no, gateways downgrade feature works on an already exploited FW...plus they pretty much gave the downgrade feature away, if i was them and interested in making money from it i would of definitely stuck a red card requirement on the feature, the amount of people who simply used it to downgrade and use the free CFW means gateway effectively gave a free option to people who could of been forced to buy a GW card or borrow one simply ensuring extra sales even if one person just downgrades a bunch of consoles to sellHmmm, well, GateWay's downgrade feature must be doing something like that to be able to downgrade. I am probably very speculative and naive O but... GateWay's downgrade requires your nand dump and their firmware file... what if they are doing a plaintext attack ? I mean, they read the encrypted nand and the unencrypted nand, they xor them or that plus some other thing ( with 3ds aes crypto engine or so... ) and then use that xorstream to encrypt their downgrade file and write it to the sysnand ... what do you think ? maybe motezazer or others reverse engineered this process ? if gateway can do it... probably gateway didn't want to let the functionality be more generic or available for anybody because that would make it easier to "steal" their tech and render themselves unneeded ?
It's sad, because now 3DS games will be quite rare.
no, gateways downgrade feature works on an already exploited FW...plus they pretty much gave the downgrade feature away, if i was them and interested in making money from it i would of definitely stuck a red card requirement on the feature, the amount of people who simply used it to downgrade and use the free CFW means gateway effectively gave a free option to people who could of been forced to buy a GW card or borrow one simply ensuring extra sales even if one person just downgrades a bunch of consoles to sell
as for downgrading via plaintext attack, i had a little play about with the concept, and yeah you can make xorpads for known areas, but its kinda limited, so you could downgrade FIRM0 & FIRM1, but then it gets more complicated trying to find the other plaintext counterparts, i didnt look too much into it, but idk if the fat16 partition would follow a good enough order to allow it to work,
In my rant you can see I am assuming you have such an already exploited scenario, to do a plaintext attack you need both encryopted and unencrypted contents of sysnand and maybe the possibility to be able to use aes crypto engine. So yes, I assume you need to run privileged code in ARM9. But once you have that you would have your xorstream and be able to cook a firmware, encrypt it with your per-console xorstream and write it to the sysnand... I don't know...
once you have ARM9 control the need for any plaintext attack is fairly pointless as you already have pretty much full control to do whatever you want i.e downgrading, only real use of a palintext attack would be if you knew enough of the plaintext to perform a manual downgrade on a non exploitable FW.....but i honestly don't know if that would be possible, i would imagine there would be signatures in place to prevent such a route, plus its application would be pretty limited as its probably beyond the scope of most people to perform even if it was theoretically possibleIn my rant you can see I am assuming you have such an already exploited scenario, to do a plaintext attack you need both encryopted and unencrypted contents of sysnand and maybe the possibility to be able to use aes crypto engine. So yes, I assume you need to run privileged code in ARM9. But once you have that you would have your xorstream and be able to cook a firmware, encrypt it with your per-console xorstream and write it to the sysnand... I don't know...
its not region free, use region free cia's, ones that match your consoles region, or boot into NTR CFW once you are in pastaCFW to enable region free tooI'm new to this and I'm not sure if my problem is with PastaCFW or something else, but here it is:
N3DS, 9.0U, About half of the CIAs I install don't show up on the homescreen. I've tried multiple CIA installers and they all have the same problem. I can launch those "missing" installed CIAs from within bigbluemenu if I find them by releasecode-name, but then hitting the home button results in a system freeze. Any ideas?
once you have ARM9 control the need for any plaintext attack is fairly pointless as you already have pretty much full control to do whatever you want i.e downgrading, only real use of a palintext attack would be if you knew enough of the plaintext to perform a manual downgrade on a non exploitable FW.....but i honestly don't know if that would be possible, i would imagine there would be signatures in place to prevent such a route, plus its application would be pretty limited as its probably beyond the scope of most people to perform even if it was theoretically possible
Elgrosp, I'll xorpad you.
Would you mind to xorpad me in return?
It's awesome!
Prepare yourself I'm coming!
nope, i doubt it, launching DSi games would likely break the exploit profile which could get annoying, but only thing that would probably break DSi/GBA compatibility is if emunand was added or they relied on embedding a copy of the native_firm inside the launcher, which afaik is why they dont work with gateway even in sysnand modeHere's a question. Is mset implementation going to break GBA compatibility, or will it need to be reinstalled when GBA VC are ran?