A Reference Thread - How to uninstall A9LH properly?

Discussion in '3DS - Homebrew Development and Emulators' started by TheOverseer, Jan 3, 2017.

  1. TheOverseer
    OP

    TheOverseer Advanced Member

    Newcomer
    53
    8
    Sep 23, 2016
    United States
    So, I wanted to ask about this. I'm an A9LH user, and if Sighax comes out, I'd be interested in switching to it, as I would no longer have to worry about keeping my OTP safe if I was to have an SD card failure, or anything like that. And it's likely that Sighax would perform better without an SD than A9LH, which is apparently a bit buggy with the NFIRM mini-CFW implementation.

    So, I would like to ask, for the future, how would I go about properly uninstalling A9LH without a NAND Backup? I did do one originally before I started any A9LH, but I got my 3DS on 7.something, so it's a bit of a firmware obscura. I was able to launch Decrypt9 through browserhax on that firmware, but it'd be a lot cleaner if I was able to uninstall through Safehax on 11.X. Any ideas?

    Even if I have to downgrade to use another exploit to uninstall, I'm alright with that, I'm just interested in how to uninstall A9LH safely if Sighax is released at any point.
     
  2. xtheman

    xtheman GBAtemp Guru

    Member
    5,844
    5,265
    Jan 28, 2016
    United States
    Safea9lhinstaller has an uninstall feature which you can boot with luma's chainloading.
     
  3. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    718
    May 16, 2009
    You wouldn't need to uninstall a9lh prior to installing sighax, by the way.
     
  4. TheOverseer
    OP

    TheOverseer Advanced Member

    Newcomer
    53
    8
    Sep 23, 2016
    United States
    Would Sighax likely overwrite it, as it uses the same space?

    Is it safe to use from any firmware version? In addition, does the uninstall version also require the OTP to be able to access the keystore again to revert things to stock?
     
  5. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    718
    May 16, 2009
    That's right.

    When safea9lhinstaller is run from a9lh, it has access to the OTP hash. That means it can generate a vanilla keysector again and revert things to stock.
     
  6. xtheman

    xtheman GBAtemp Guru

    Member
    5,844
    5,265
    Jan 28, 2016
    United States
    I'm not sure as I have never used that feature. Just make sure you uninstall on a firmware that can arm9 payloads (9.2 or 11.1 with safehax)
     
  7. annson24

    annson24 GBAtemp Advanced Fan

    Member
    579
    196
    May 5, 2016
    I think if you injected luma3ds to the ctrnand partition. You need to remove it first before uninstalling a9lh. I didn't do that last time and I think that's what caused the brick. I had to do a hardmod to fix it.

    Sent from my SM-G935F using Tapatalk
     
  8. TheOverseer
    OP

    TheOverseer Advanced Member

    Newcomer
    53
    8
    Sep 23, 2016
    United States
    Is the OTP Hash kept on the console's NFIRM to allow this, or is it using modified functionality to be able to do this? That's good information, but I'm curious as to why this is possible when it doesn't have access to it originally. Just wondering.

    Also, is the keystore itself kept somewhere in NFIRM, so it'd be overwritten when installing Sighax, or is it kept elsewhere? On O3DS, if there's a difference because of that.

    — Posts automatically merged - Please don't double post! —

    I run Luma from the SD Card as the ARM9LoaderHax payload, I didn't install it to NAND. I definitely can't boot without a SD card.
     
    Last edited by TheOverseer, Jan 3, 2017
  9. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ Cuddle lesbian

    Member
    19,781
    20,580
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    Just wait until Sighax is a thing. You are jumping to conclusions. Once Sighax is released, The Guide will be updated and you can from there.
     
  10. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    718
    May 16, 2009
    Arm9loader finds the hash of the OTP and then forgets to clear the OTP hash from memory before running NFIRM.
    Usually NFIRM (Kernel9) clears the OTP hash, but that software doesn't run by that time if you're doing a9lh.

    The keystore is separate from NFIRM. It is never updated or changed in normal circumstances, but rather the console comes from the factory loaded with a bank of keys that can be used for future updates.
    For a9lh, some of the keys are changed to cause arm9loader to do weird things that lead to code execution.
     
  11. erman1337

    erman1337 GBAtemp Maniac

    Member
    1,211
    931
    Sep 27, 2015
    Belgium
    Brussels
    Sighax probably won't be a thing until 3DS reaches EOL
     
  12. aos10

    aos10 look at me,shitposting about GW,i am so cool

    Member
    2,959
    689
    Apr 10, 2012
    Saudi Arabia
    Why people want sighax if they already have a9lh?
     
  13. TheOverseer
    OP

    TheOverseer Advanced Member

    Newcomer
    53
    8
    Sep 23, 2016
    United States
    Will likely have a better implementation in firmware. So SD card payloads will probably become optional, as 'standard feature' CFWs could be used without any issues arising, like POCs like Shadownand deal with.
     
  14. GoddessKozy

    GoddessKozy i'll fight sal9000

    Member
    209
    56
    Jan 24, 2016
    United States
    location
    I apologize if this is a bit of a hijack considering this is all about sighax mostly, but as the title is how to uninstall A9LH I thought to seek some guidance here.

    I've been reading all over the place and it seems that safea9lhinstaller is the best way to go about uninstalling it, right? For context I'm helping out a friend who set-up A9LH a couple days ago but wants to go back to stock. She said that she doesn't have NAND backups without A9LH since decrypt9 wouldn't work (I'm curious about that myself since she was sending me pictures of it, but that's beside the point).

    Since it's even mentioned in this thread that the solution is to use safea9lhinstaller I figure I'll just help her with that, but my major question now is if that'd brick on n3ds. I found a bunch of outdated information (as in early 2016) but they seemed to have been saying that it's unsafe to uninstall since it leaves a corrupted firm on n3ds systems (and thus will brick). I might be wrong though, because honestly I'm about as out of the loop as she is. Any clarification would be super appreciated.
     
  15. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    718
    May 16, 2009
    It's a corrupted keysector, actually.
    Just looking at its code, safea9lhinstaller will restore the keysector to normal upon uninstallation.
    I've never uninstalled a9lh let alone on a N3DS, so I can't say with certainty.
     
    Last edited by metroid maniac, Jan 7, 2017
    GoddessKozy likes this.
  16. GoddessKozy

    GoddessKozy i'll fight sal9000

    Member
    209
    56
    Jan 24, 2016
    United States
    location
    Oh!! I see, thank you for answering. Honestly once it gets to like, hardware and stuff I'm not sure what is going on.

    I've been talking with her more and it seems she wanted to uninstall it since NTR wasn't working, so I think I'm going to help her with that now and then see if she wants to uninstall later.