AFAIK, this isn't possible since FIRM0/1 are corrupted, and AL9H payloads boot FIRM off of the SD card.Can the A9LH payload be coded so that if it doesn't detect the payload on the SD, it launches normally to sysnand? That way we could boot even without an SD card. It would be pretty neat, but I don't know if it's doable.
We can always decrypt and reverse engineer the new FIRM like 10.2 and 10.4 (unless Nintendo decides to push new crypto). That's how we got our new FIRM anyways.
You have to firmlaunch with arm9loaderhax.I've been lurking in this thread for some time now and wondered what will happen in case we will ever need an updated FIRM at one point in the future.
I know we can use FIRM launch for that or emuNAND.
But let's say we do it (imo) the right way and have a CFW for sysNAND w/o FIRM launch.
The way A9LH works is a corrupted FIRM0 (from 10.2) and an exploitable FIRM1 (from 9.0 - 9.2).
Wouldn't it be possible to boot the corrupted FIRM0 (which could always be the newest FIRM once it gets updated), once we gain ARM9 code execution?
Because of the payload FIRM0 is corrupted during boot if I'm not mistaken, but once we have ARM9 code execution, we should be able to boot it without caring about broken signatures.
Does anything of this make sense? Or is my understanding of A9LH wrong?
The question basically is, how could we use A9LH to have latest sysNAND (and corresponding NATIVE_FIRM from latest FW) on boot w/o FIRM launch and/or emuNAND ?
What about loading a payload from CTRNAND if one isn't found on the SD card?You have to firmlaunch with arm9loaderhax.
CTRNAND is encrypted, so it would require having read access to it. You would need to setup the console unique keys for this. I don't know if you would have enough space for that.What about loading a payload from CTRNAND if one isn't found on the SD card?
In theory it should be possible to firmlaunch from nand, at least if we use the second one, because even if we broke the keystore, we know the real key, so if we hardcode it into the payload it would be possible(i think its the 10.2 firm version, since the first version checked the key they use). But I don't know if there is enough space to do this in the payload.You have to firmlaunch with arm9loaderhax.
You have to setup the console unique keys too.In theory it should be possible to firmlaunch from nand, at least if we use the second one, because even if we broke the keystore, we know the real key, so if we hardcode it into the payload it would be possible(i think its the 10.2 firm version, since the first version checked the key they use). But I don't know if there is enough space to do this in the payload.
But firm was read before arm9loaderhax ran, so shouldn't the keys for firm already been set up, or is the bootrom clearing them before jumping to arm9loader?You have to setup the console unique keys too.
A9LH installer starts by restoring NAND.bin if it exists, so it's normal for now.When I installed arm9loaderhax it worked really fast.
Right now I'm installing it on my 3ds and it performs "Install NAND backup..." for a long time.
In the bottom left of top screen hex numbers are changed fast.
Is this OK?
Well, it was read, but not launched. I don't even know if it was decrypted.But firm was read before arm9loaderhax ran, so shouldn't the keys for firm already been set up, or is the bootrom clearing them before jumping to arm9loader?
Every thing else firm should do after you jumped to it.
Oh, so it simply restores my nand backup and if it's actually good 9.2 sysnand backup, then I'm fine?A9LH installer starts by restoring NAND.bin if it exists, so it's normal for now.
Once it's done with that, you're in the danger zone.
Yes. It most likely was since the Decrypt9 used at the end of the OTP guide to restore wants the SysNAND at NAND.bin.Ok, it seems, like it does something if i have nand.bin file in root.
https://github.com/delebile/arm9loa...payload_installer/installer/source/nand.c#L53
Is this dangerous?
--------------------- MERGED ---------------------------
Oh, so it simply restores my nand backup and if it's actually good 9.2 sysnand backup, then I'm fine?