Sure you didn't just look at 3dbrew recent changes?
--------------------- MERGED ---------------------------
Besides, that attack is far harder to pull off than downgrading to use the 2.X OTP flaw.
Sure you didn't just look at 3dbrew recent changes?
--------------------- MERGED ---------------------------
Besides, that attack is far harder to pull off than downgrading to use the 2.X OTP flaw.
Sure you didn't just look at 3dbrew recent changes?
Not since this morning, I am about to check now xD
--------------------- MERGED ---------------------------
Hum... seems easier to me, as the NAND requires "invasive" changes to run the older FIRM and the NCSD header is signed.
UPDATE: You are right, it was recently added to 3dbrew xD
That's a very interesting read by the way.
Last edited by mathieulh,
Well, talking about 3dbrew (since I am currently there)
https://3dbrew.org/wiki/Flash_Filesystem#NAND_structure
https://3dbrew.org/wiki/NCSD
Nothing beats actual documentation.
Last edited by mathieulh,
Woot rxtools 3.0 alpha 0 out
--------------------- MERGED ---------------------------
https://github.com/roxas75/rxTools/releases
--------------------- MERGED ---------------------------
https://github.com/roxas75/rxTools/releases
I added the slot0x11key9.6.bin generation to my key generator.
Don't know if its the best name for the key.
Don't know if its the best name for the key.
Yes...released on 11 july 2015... -.-'
Question about OTP is there a way to dump your console's key from your own Nand dump? Also let's say it can be done what fun things could one do on a N3DS or is there something deeper than that on boot?
nand dump shouldn't contain perconsole keys, i think. if you dump the otp with the kernel 9 flaw documented on wiki, however, you can easily decrypt your nand
Well the fruits of this labor are emerging.
https://github.com/delebile/arm9loaderhax/
(and yes I struggled google-fuing a relevant thread lol)
https://github.com/delebile/arm9loaderhax/
(and yes I struggled google-fuing a relevant thread lol)
Last edited by zoogie,
UPDATE TO 8475.3 WHILE YOU STILL CAN !!!!!!!!!!!!!!!!!!!!!!!!
j/k m8, why would you update to 9.6 ???
It even says in the readme on which version you should stay if you want the good shit.
Oh shit. Things are on fire now. At a quick glance, it seems to read 0x4000 bytes from NAND 0x0B800000 (stage1, i.e., this code must fit into the size difference of firm0/firm1) into address 0x08006000. That one then does some weird magic with ARM11, loads sd:/arm9loaderhax.bin into 0x23F00000 and jumps there.
Judging by the readme, all we need is our own OTP.bin? I'm sure the other setup files are obtainable online from the looks of it. (Unless we need to get our own console NATIVE_FIRMs and keys). If you can downgrade and dump your OTP.BIN then is it possible to find the other setup files online and build the hax from there?
Last edited by Psi-hate,
Yep, the other firmware things should all still be on the CDN. OTP dumping is super hard currently, though. The downgrade effectively requires a hardmod on N3DS. On O3DS, you'll still have a bad time finding a 2.1 dump with browser (if you want to ARM9 from browser; else you can just use cubic ninja).
If N3DS requires a hardmod, I may as well get it done sooner than later. Also, how would someone get the downgraded N3DS to run in the first place? I haven't seen anyone explain that yet.
Similar threads
- No one is chatting at the moment.
