3DS unbricking progress

Discussion in '3DS - Flashcards & Custom Firmwares' started by krisztian1997, Jan 25, 2014.

  1. gamesquest1

    gamesquest1 Nabnut

    Member
    14,137
    9,479
    Sep 23, 2013
    They really should give them for free, they got people's consoles bricked, they should pay for the fix....I doubt it though....probs sell it for a nice fat profit.....same should apply for gateway users who got bricked....gateway should supply the fix to them for free
     


  2. krisztian1997
    OP

    krisztian1997 GBAtemp Fan

    Member
    369
    146
    Dec 14, 2013
    Romania
    Finding one of the pins on 3ds is much harder, so you cant make a pogo pin setup to do that...

    with my or bkifft's code on it. good job bkifft with that code, now lets hope that my code works too and someone can reverse engineer the launcher and find how the password is generated
     
    gamefan5 likes this.
  3. gamesquest1

    gamesquest1 Nabnut

    Member
    14,137
    9,479
    Sep 23, 2013
    It should work for standard, but not sure if there would be a solderless way of doing it
     
  4. profi200

    profi200 Banned

    Banned
    330
    216
    Sep 3, 2011
    Gambia, The
    Now everyone have the proof for the brick code. The eMMC controller doesn't lock itself by "magic".
     
  5. Kane49

    Kane49 GBAtemp Fan

    Member
    449
    232
    Nov 4, 2013
    Gambia, The

    Well only idiots believed it wasnt there before either, and those won't be convinced by facts :P
     
    Roxas75, tyons, krisztian1997 and 2 others like this.
  6. gamesquest1

    gamesquest1 Nabnut

    Member
    14,137
    9,479
    Sep 23, 2013
    Well all that aside let's not turn this thread into another flame war.......both sides where in the wrong, atleast there is a fix :D
     
  7. krisztian1997
    OP

    krisztian1997 GBAtemp Fan

    Member
    369
    146
    Dec 14, 2013
    Romania
    Any progress with the bricking code or you gave up trying to reverse engineer it ? The way how the password was generated would be the most helpful thing right now, then we could help angryrusiankid to unbrick his console
     
  8. profi200

    profi200 Banned

    Banned
    330
    216
    Sep 3, 2011
    Gambia, The
    The problem is, the AES engine and CID is used to generate the password and the key is stored in the Launcher.dat.
     
  9. ChrisCerne

    ChrisCerne Advanced Member

    Newcomer
    74
    81
    Aug 23, 2012
    United States
    Can you not use the pins on the other side of the mobo?

    CLK:

    [​IMG]
     
  10. krisztian1997
    OP

    krisztian1997 GBAtemp Fan

    Member
    369
    146
    Dec 14, 2013
    Romania
    The key used for locking the eMMC is stored in the launcher.dat ? and if the internal AES engine is used to generate the locking key, then all what we can do is to force erase...

    Do you think that it would be posible to touch that pin with a pogo pin ? it looks so super small
     
  11. R4iFanboi

    R4iFanboi Advanced Member

    Newcomer
    52
    35
    Dec 18, 2013
    United States
    ^Not trying to show you down but I think it's technically possible. We will still have to use a little bit of solder though.

    Making that small circle bigger by applying some solder might do the trick. Actually, I think there are conductive stickers available, that too, in circled sizes.

    Btw, congrats to you guys for achieving this! Welldone!
     
  12. krisztian1997
    OP

    krisztian1997 GBAtemp Fan

    Member
    369
    146
    Dec 14, 2013
    Romania
    Or without solder by using some pins like those but smaller ones http://dangerousprototypes.com/wp-content/media/2013/02/IMG_1796.jpg, but this will work only if my code works on arduino, otherwise you will need a raspberry pi and its gonna be harder to make an solderless unbricker
     
  13. YoshiInAVoid

    YoshiInAVoid GBAtemp Advanced Fan

    Banned
    560
    337
    Jan 10, 2011
  14. Ennea

    Ennea GBAtemp Regular

    Member
    114
    30
    Oct 5, 2013
    Gambia, The
    One more question regarding NAND dumps: I believe it was profi who said that the dump generated by Gateway's (and the other's) Launcher.dat is actually altered in some way, and therefore can't be used as a replacement to a "real" dump. However, I think somebody else also said they used a dump generated by Gateway's code, and it worked just fine. So.. what is it, now?
     
  15. Kane49

    Kane49 GBAtemp Fan

    Member
    449
    232
    Nov 4, 2013
    Gambia, The

    That shouldnt matter at all, the protocol isnt native to the raspberry ^^
     
  16. kyogre123

    kyogre123 Mexican Pride

    Member
    2,919
    1,261
    Sep 23, 2013
    Mexico
    The NAND dump used for EmuNAND has a different encryption, however the dump generated by the "NAND backup" option is just a copy and can be used to reflash the 3DS NAND.

    I don't fully understand the purpose of having different encryptions, I also recall users saying that they managed to inject a regular NAND backup to the emuNAND "partition" and it was successfully loaded by GW's launcher.
     
    krisztian1997 and Ennea like this.
  17. Ennea

    Ennea GBAtemp Regular

    Member
    114
    30
    Oct 5, 2013
    Gambia, The
    Alright, thank you for the information.
     
  18. krisztian1997
    OP

    krisztian1997 GBAtemp Fan

    Member
    369
    146
    Dec 14, 2013
    Romania
    I know, but according to the standard there is no SPI support in the latest eMMC controller... using 1bit mode is much harder than the SPI mode
     
  19. shakirmoledina

    shakirmoledina Legend

    Member
    6,611
    218
    Oct 23, 2004
    Tanzania
    Dar es Salaam
    now that we have multiple 3ds open, can we think about hacking it too?

    just trolling guys
     
  20. Ante0

    Ante0 GBAtemp Regular

    Member
    205
    63
    Jan 20, 2014
    Nevermind me.

    Good job guys, hope mine gets bricked so I can use my raspberry for anything besides a streaming box xD