Homebrew AES key scrambler

[capito27]

Yep, the other firmware things should all still be on the CDN. OTP dumping is super hard currently, though. The downgrade effectively requires a hardmod on N3DS. On O3DS, you'll still have a bad time finding a 2.1 dump with browser (if you want to ARM9 from browser; else you can just use cubic ninja).

i guess a non-hardmod required method for N3DS would be nice ? ^^

 

[kiwiis]

Yep, the other firmware things should all still be on the CDN. OTP dumping is super hard currently, though. The downgrade effectively requires a hardmod on N3DS. On O3DS, you'll still have a bad time finding a 2.1 dump with browser (if you want to ARM9 from browser; else you can just use cubic ninja).

"That" site doesn't seem to have a dump of <3.0 for any region other than EUR.

Anyways this is pretty interesting stuff and I wouldn't mind taking the plunge and downgrading to dump OTP when this stuff matures a bit.

 

[Xenon Hacks]

Well the fruits of this labor are emerging.
https://github.com/delebile/arm9loaderhax/

(and yes I struggled google-fuing a relevant thread lol)

CHOO CHOO MOTHERF****

 

[Psi-hate]

"That" site doesn't seem to have a dump of <3.0 for any region other than EUR.

I'm considering getting a US O3DS on stock firmware to dump if that's going to help anyone.

 

[capito27]

"That" site doesn't seem to have a dump of <3.0 for any region other than EUR.

not that problematic, the actual native firm is common to all main regions,

 

[Suiginou]

i guess a non-hardmod required method for N3DS would be nice ? ^^

That'd require figuring out how to do downgrades from ARM9 since you'd need to simultaneously re-encrypt the CTRNAND, install downgraded system titles and change firm0/firm1.

 

[capito27]

I'm considering getting a US O3DS on stock firmware to dump if that's going to help anyone.

nah, shouldn't help, since the critical part, native_firm works in all regions from that thread on the site

 

[Suiginou]

nah, shouldn't help, since the critical part, native_firm works in all regions from that thread on the site

The non-critical part is the browser, since that's the only way you'll get your foot in other than Cubic Ninja. And that needs to be exactly 2.1 with NATIVE_FIRM 2.1.

 

[Xenon Hacks]

So my nand modded N3DS could take advantage of this at one point then? Or is a different wiring job needed? I own Cubic Ninja and a Gateway card btw.

 

[capito27]

That'd require figuring out how to do downgrades from ARM9 since you'd need to simultaneously re-encrypt the CTRNAND, install downgraded system titles and change firm0/firm1.

nope, you're looking at the question from a too narrow angle, i can't saddly give more details as of yet, but in theory (as in has yet to be attempted), a method exists to bypass a nand mod for the whole process (downgrade + nand restore)

 

[kiwiis]

not that problematic, the actual native firm is common to all main regions,

Would the 2DS be ruled out from this since it wasn't officially supported until 6.0?

 

[capito27]

Would the 2DS be ruled out from this since it wasn't officially supported until 6.0?

not sure, i don't see any problem with that, but i can't test since i don't have a 2ds

 

[Suiginou]

Would the 2DS be ruled out from this since it wasn't officially supported until 6.0?

If an N3DS can go below its intended version, so can a 2DS. Just don't system format it down there.

 

[capito27]

If an N3DS can go below its intended version, so can a 2DS. Just don't system format it down there.

i don't really see how that would be an issue, the soft brick is due to a downgraded MSET, not firm, afaik

 

[Allahu_Spooky_Cena]

How does this work on o3ds? I thought the vulnerability only existed on News 3ds.

 

[capito27]

How does this work on o3ds? I thought the vulnerability only existed on News 3ds.

i believe that you can install a N3DS firm in O3DS to trigger the exploit (won't boot if there is no exploit triggered !)

 

[Psi-hate]

Can someone explain how to get a downgraded N3DS nand to work to dump your OTP? I haven't seen anyone explain how it works. I'm not asking for a tutorial obviously (I'd never be able to do it in the first place unless I have a hardmod and knowledge), just an explanation on how it even works. AFAIK you can't modify your nand without bricking/unsigning it so I dunno how you'd get an o3ds firmware on n3ds

 

[AHP_person]

Can someone explain how to get a downgraded N3DS nand to work to dump your OTP? I haven't seen anyone explain how it works. I'm not asking for a tutorial obviously (I'd never be able to do it in the first place unless I have a hardmod and knowledge), just an explanation on how it even works.

An o3ds firm is only meant to work on an o3ds, so, with that in mind, you need to try to fool firm. It'll try to setup using o3ds info. Once you get 1.0/2.0/2.1 to boot, you can gain code exec through mset, cubic ninja, or the old browser and dump otp to a file.

 

[kiwiis]

Can someone explain how to get a downgraded N3DS nand to work to dump your OTP? I haven't seen anyone explain how it works. I'm not asking for a tutorial obviously (I'd never be able to do it in the first place unless I have a hardmod and knowledge), just an explanation on how it even works. AFAIK you can't modify your nand without bricking/unsigning it so I dunno how you'd get an o3ds firmware on n3ds

Let's not jump the gun on this one just yet. If you thought people bricking their systems with something relatively simple (to the end-user) was bad, there's surely going to be a ton of bricks resulting from this one. Hopefully this doesn't discourage them from release as it would be nice to be able to ditch the relatively unstable Menuhax and achieve a permanently exploitable SysNAND on latest versions

 

[Luglige]

I don't get it what is this?