7.x is not likely able to run gateway...or by using the diagnostic mode of gateway several times on 2.0b2. You can brick your device insanely fast that way
7.x is not likely able to run gateway...or by using the diagnostic mode of gateway several times on 2.0b2. You can brick your device insanely fast that way
Can't use gateway. It's having realnand 7.x
So is a force brick doable? ;-) i have no issues with disabling it. Money is not an issue here
Congratulation bkifft and the anonymous revealer of the passkey calculation algorith.
So, my question, did they use the same password to temporary write protect the eMMC as well?
A remark: Be very carefull while experimenting with the write protect command. If you set the permanently write protect, there is no way to reverse this. You'll end up with a 3ds brick.
Another question. There is a way to disable the eMMC option to password protect it's access. (To avoid accidentally locking it like that) Would enabling such give protection against the gateway brick, or would the write protect setting still cause troubles? (Not sure if that gets disabled as well. Not even sure if it can be didsabled the same way.)
Can't use gateway. It's having realnand 7.x
So is a force brick doable? ;-) i have no issues with disabling it. Money is not an issue here
This brick code is not even written correctly (else this unbricker wouldn't work). So they even failed at programming brick code.
This part got me wondering: so the original intention of the code was to render the 3ds unrecoverable? That`s harsh beyond reason
I also don't believe their intent was to kill consoles, only cripple them.This part got me wondering: so the original intention of the code was to render the 3ds unrecoverable? That`s harsh beyond reason
No problem. In case I would have had to look it up my reply would have been RTFM though.Thanks for explaining bkifft. I should have looked it up in the specs instead of being lazy...
So does this mean users with 7.x on real nand can flash someone elses nand using raspberry pi?
MMC/SD write protection isn't password based, it's just setting a single bit in the CSD for the global ones (perm and temp alike, done via flipping said bits in the CSD and writing it back completely (CMD27 PROGRAM_CSD)) or specific segments (kinda like sectors of HDs) by using CMD28 SEND_WRITE_PROT.
I just am not able to get CMD27 on the Pi to work yet.
And yeah: the CSD bits TEMP_WRITE_PROTECT and PERM_WRITE_PROTECT sit side by side (bits 12 and 13 (counting from the right starting at 0)), which is scary close, but luckily makes it impossible to set the wrong one on accident resulting from bit order shenanigans.
And I'm still hesitant at touching the one time programmable lock and writeprotect disable bits.
Sadly locking and subsequent unlocking via the tools would only prove that the connection and communication is working, not that the unlock of a launcher.dat brick works. While krisztian1997 and I got the locking/unlocking working quite some time ago, I still had to tinker with the unlock password generation, byte order stuff (in the end i bruteforced all possible bit/byte/wordorder combinations of the CID and the keystream). So we'd need a tester with a genuine launcher.dat locked 3DS to be sure it works.
But hey, if money ain't an issue: there are still <4.5 devices in the wild.
Joking aside, don't you want one which can run unsigned code?
edit: I like how the board software eats sentences when you mistype @ user tags -.-
Update: RPU can now unlock the eMMC...
... p.s. I'll use this opportunity to once again draw attention to step 18 of the guide *nudge nudge wink wink know what i mean*
It was rumored that password likely had something to do with zeros. It is great that the password algorithm has been finally cracked, now all those held hostage can eventually be freed.
Thanks again goes out to the tireless efforts of the gbatemp community.
Have you tried reading the whole register of CSD? Changing what is needed changing and then writing the whole register of CSD back @ one time(not just individual bits)?
http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&p=1131182
Anyway bravo on the progress so far.
Don't chastise yourself over this, others believed that, too.I said that stupid thing with the password being zero, because someone posted a part of the bricking code but it was incomplete, later I got the entire code and there it was completely different.