Hacking The status of Gateway and A9LH
- Thread starter CreAtor135
- Start date
- Views 191,660
- Replies 1,476
- Likes 9
- Joined
- May 12, 2016
- Messages
- 579
- Trophies
- 0
- Location
- Between here and there
- Website
- www.google.com
- XP
- 341
- Country
It was a private beta until it got leaked. So some regular testers are probably involved now
I really think at this point that the A9LH alpha with red screens , difficult install and incovenient to use is because they dont want a beta used by the end user that has already installed A9LH and thinks "its safe!". Anything else has no sense.
I have been following the efforts to make an unofficial A9LH installer, and I was curious if there was any progress yet. I saw this yesterday, but as RednaxelaNnamtra mentions, this a9lh.bin fails because Arm11 isn't being loaded correctly. I hope that I don't have to inject anything into my NAND, as that sounds a bit risky.
I assume that there is a more detailed conversation about this on that iso site, but I haven't found any discussions other than here. Any hints or suggestions would be helpful.
I tested fixing aurora's stage 1 having buttons like a or b to boot different sectors for stage 2, but it fails properly loading stage 2 to start arm9loaderhax.bin
Its not stage 1 fault, rather its stage 2.
Using stage 1 and 2 generated from dark samus works with safea9lhinstaller.
Its not stage 1 fault, rather its stage 2.
Using stage 1 and 2 generated from dark samus works with safea9lhinstaller.
@liomajor so you got GW launcher booting along other cfw? I read @astronautlevel and @RednaxelaNnamtra tryed tomake their own payload but they didn't get it booting.
it would be nice to have an a9lh update compatible with safea9lhinstaller.
it would be nice to have an a9lh update compatible with safea9lhinstaller.
Well that's odd. I got the same red screen with Safe A9LH Installer on the O3DS when trying the home button. Just every other time though. Doesn't seem to work consistently. Any idea why this is only working on my N3DS XL and failing on both O3DS XLs? Are we supposed to use O3DS firmware files or something when compiling it for O3DS? It doesn't say to do that, and the regular stage 2 seems to work. And I don't want to brick a device finding out the hard way.
I've got it working too. The only way is to compile Dark Samus's A9LH for now, then injecting the GW_stage2.bin to your NAND dump manually (at 0x0B400000) and restore normally (because FIRM0 does need to be overwritten). You also have to use the main.c liomajor posted on page 5 in the "payload_stage1/source" folder. Of course, it will only install from a non-A9LH 9.2, so this means restoring SysNAND_original.bin normally, installing with *hax (and I rename the arm9loaderhax.3dsx to boot.3dsx for convenience, because it fails about half the time), restoring your current NAND with "keep A9LH", then dumping it again to inject the alternate stage2 payload with your hex editor of choice. But for whatever reason, I can only get it working on an N3DS XL. All attempts to do the same with O3DS XLs just gives a red screen and shuts off. I'm not sure why this is, but I tried a spare microSD card in all 3, the N3DS XL still went to the GW menu when I held B, the O3DS XLs still shut down. I can confirm 3.7.1 works. So, if I can get it working with the O3DS XLs, mission accomplished. Time for a tutorial at that point (on the iso site since compiling it needs firmware files).
Then again, based on what liomajor just said, it sounds like you can compile it, then inject the stage payloads with Safe A9LH Installer. OK. That simplifies things somewhat if it works. No need to go back to 9.2 anymore if that's the case.
EDIT: Someone try installing these stage payloads with Safe A9LH installer. Then inject GW_stage2.bin (included) into your SysNAND dump (offset 0x0B400000) using your hex editor of choice and restore normally (without using "keep A9LH"). I have compared 3 builds for 3 devices. No difference in the stage files. In other words, these should be universal. I am including 3 stage 1 builds now. They are in folders "A", "B", and "START" -- use the one that matches which hotkey you want GW on. I can still only get this to work on my N3DS XL. Still, it looks like we have a much easier way to do this now.
EDIT: File removed. Use liomajor's custom Safe A9LH installer (page 16). The stage1 payloads for alternate hotkeys are still available (page 17) if anyone wants them.
Last edited by Kazuma77,
That makes no sense. All 3DS units have an ARM9, and no one has a brick except people messing with things they were told not to. You can have both CFW and GW now. At least on N3DS. Read the post above your own.
Did not see that post.
Good work with that GW arm9 that is a step in the right area.
Yeah, it works great. Can even swap hotkeys just by changing payload_stage1.bin on the card and re-running Safe A9LH Installer. Now if I could only get it working on the O3DS.
Works on o3ds too. I did it on mine yesterday. Boots GW when home button is pressed on power up.
Did you used the installer + stage 2 from Kazuma77's post? I'm going to try on my o3ds too.
No, i did it manually with HxD and hardmod. (already had a9lh installed, just added the alt stage2)
Well, it won't hurt to try it. I'm just getting a red screen and then it shuts down for some reason (only when I hold the hotkey, regular boot works fine). But maybe it will work for you. Also, it was liomajor that figured this stuff out. I just figured out, after compiling for 3 different systems, that the payloads were identical, by comparing them with fc/b. And it's not an installer, just stage files for use with Safe A9LH Installer. And GW's stage2 that needs to be placed at 0x0B400000 manually (because no installer does alt stage 2). Let us know how it goes.
It seems to work when people do it over hard mod for some reason. All I've got from 2 O3DS XLs are a quick red screen and power down. Works flawlessly on my N3DS though. I'm at a loss to explain it. I've redumped my SysNAND to check. The bytes are there, and not corrupted.
Last edited by Kazuma77,
Thanks!! works perfect on one n3ds xl I have done this to so far.
When flashing SysNAND with injected GW_stage2.bin I just used hardmod to flash the modified .bin
How would you make it work in reverse? So GW mode is booted by default when you power on and CFW is either launched with A or B or START? Is that possible?
Thanks
Last edited by crimpshrine,
I'm sure having a hard mod is useful, but Decrypt9 won't refuse to install it (even if you don't use forced mode). The newest versions do expect FIRM corruption in A9LH firmwares after all. I'm guessing you would just swap them places. The regular stage 2 goes to 0x0B800000, so, you would copy the 9456 byte block starting there (you're going to grab some "00" bytes to make sure the GW stage payload is completely wiped) to 0x0B400000, and then copy and paste the GW payload to 0x0B800000. Should work, but it will complicate using hotkey-based chain loaders (you would probably have to use CBM9 for arm9loaderhax.bin).
Last edited by Kazuma77,
Great, thanks. I am not following exactly though.
Following your original instructions I inserted GW_stage2.bin (9,456 bytes) starting at 0x0B400000 and flashed that to sysnand and updated a9hl with the button A payload_stage1.bin and payload_stage2.bin.
Your saying to get GW to boot first and CFW to boot with button A I copy GW_stage2.bin data starting at 0x0B800000 and if there is any data after the last byte of the GW_stage2.bin fill those in with 00's? What should then be at 0x0B400000 at that point? And do I need to update a9hl with anything different then related to payload_stage1 and payload_stage2 or do I leave that the same?
Thanks
What I'm saying is transfer the existing payload at 0x0B800000 to 0xB400000 first. Go to the offset and select a 9456 byte block. It's smaller than 9456 bytes, so you're going to select some "00" bytes in the process, but you need a clean overwrite of the GW stage 2. So, copy and paste that to 0x0B400000. After that, you can open the GW Stage 2 file, and copy and paste it's contents to the 0x0B800000 region.
You would not want to run A9LH Safe Installer again, because it will restore the non-GW stage 2 payload at 0x0B800000. Unless you made GW_stage2.bin your payload_stage2.bin file. If you were starting from a non-modified NAND dump, you could do that, and just put the contents of the non-GW payload_stage2.bin at 0x0B400000. Since there's something at 0x0B400000 now, and it's the larger file, it just seems easier to tell you to copy the smaller payload from it's location in NAND, where you can pick up some extra zeroes to cover the size difference, paste it over the larger payload, then copy the GW file to 0x0B800000. But you can make the GW_stage2.bin the payload_stage2.bin afterward, in case you want to change hotkeys later.
Last edited by Kazuma77,
OK thanks, what I did (I had not seen your reply yet) was take payload_stage2.bin and wrote that to 0xB400000 and cleared out any extra data with 00's, and reflashed that back to sysnand.. I then took gw_stage2.bin renamed it to payload_stage2.bin and updated with A9LH safe installer.. So far so good. It is booting GW first and when I hold down A Luma boots.
I don't understand the caveat with hotkey chain loading but will play around and see what is not working now.
Now I don't need to wait on GW anymore, I have exactly what I want now.
Awesome.
Similar threads
-
Xdqwerty
what are you looking at?
-
@
AncientBoi:
And a part of my immediate family passed also. Sending my good suit to the cleaners for the funeral Saturday -
-
-
-
-
-
@
Xdqwerty:
@SylverReZ, may I ask you something? What are your favorite animes? (Aside of serial code lain)
-
-
@
Xdqwerty:
Mines are all the dragon ball animes. Im also enjoying Fullmetal alchemist and my hero academia+1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
