Homebrew ARM9Loader -- Technical Details and Discussion

dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
Shadowtrance said:
Now do it on an n3ds... i dare you! :P haha

--------------------- MERGED ---------------------------

Well I'm calling it a day with this... the n3ds process is a pain in my ass.
2 failed attempts at booting a frankenNAND 2.2 lol
Lovely black screens :(
Pretty sure I'm not missing anything....
Click to expand...

Meh, you'll get it going eventually :)
 
Shadowtrance

Shadowtrance

Well-Known Member
Member
Level 9
Joined
May 9, 2014
Messages
2,493
Trophies
0
Location
Hervey Bay, Queensland
XP
1,807
Country
dark_samus3 said:
Meh, you'll get it going eventually :)
Click to expand...
Nope it just refuses to boot the frankenNAND. :(
It turns on but that's about it...
Anyway here's the process i was told and am following... someone chime in if something is missing...

Make a NAND backup
Create a CTRNAND FAT16 xorpad using Decrypt9
Create another CTRNAND FAT16 xorpad using keyslot 0x4 instead of 0x5
Downgrade to 1.0/2.x
Dump your NAND using the hardmod
Extract CTRNAND from it
Xor the dump with the 0x5 xorpad, then xor the result of that with the 0x4 xorpad
Reinject the final result into the NAND dump
Swap the NCSD header (first 0x200 bytes) of the NAND dump with one from an O3DS NAND dump
Flash finished NAND.bin back to your system
It should now boot to 1.0/2.x
Click to expand...
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
Shadowtrance said:
Nope it just refuses to boot the frankenNAND. :(
It turns on but that's about it...
Anyway here's the process i was told and am following... someone chime in if something is missing...
Click to expand...
If I were you I'd generate the XORpad and then use 3DSFAT16tool to get the decrypted contents, then use it to reencrypt it to the 4.x keyslot (if that isn't what you're doing)
 
Last edited by dark_samus3,
Selver

Selver

13,5,1,14,9,14,7,12,5,19,19
OP
Member
Level 4
Joined
Dec 22, 2015
Messages
219
Trophies
0
XP
426
Country
dark_samus3 said:
If I were you I'd generate the XORpad and then use 3DSFAT16tool to get the decrypted contents, then use it to all reencrypt it to the 4.x keyslot (if that isn't what you're doing)
Click to expand...

So, has anyone branched Decrypt9 to add the option to generate BOTH keyslot 0x4 and keyslot 0x5 xorpads?

I'm amazed at the amazing work done, and quick time from concept to realization just how powerful this is (direct Arm9 coldboot).
 
Shadowtrance

Shadowtrance

Well-Known Member
Member
Level 9
Joined
May 9, 2014
Messages
2,493
Trophies
0
Location
Hervey Bay, Queensland
XP
1,807
Country
dark_samus3 said:
If I were you I'd generate the XORpad and then use 3DSFAT16tool to get the decrypted contents, then use it to reencrypt it to the 4.x keyslot (if that isn't what you're doing)
Click to expand...
Yeah i was using 3DSFAT16Tool and padxorer to do it all.

--------------------- MERGED ---------------------------

Selver said:
So, has anyone branched Decrypt9 to add the option to generate BOTH keyslot 0x4 and keyslot 0x5 xorpads?

I'm amazed at the amazing work done, and quick time from concept to realization just how powerful this is (direct Arm9 coldboot).
Click to expand...
Yeah d0k3 added it earlier. no extra branch needed. :)
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
Selver said:
So, has anyone branched Decrypt9 to add the option to generate BOTH keyslot 0x4 and keyslot 0x5 xorpads?

I'm amazed at the amazing work done, and quick time from concept to realization just how powerful this is (direct Arm9 coldboot).
Click to expand...
yeah, it's already in d0k3's fork (just hasn't been released yet)
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
Shadowtrance said:
I wouldn't say progressing lol
Can't get a9lh to boot anything on my o3ds and n3ds refuses to boot frankenNAND. haha :P
But still an experience all the same. :)
Click to expand...
So wait, are you messing with the XORpad AFTER you downgrade or BEFORE you downgrade? Before isn't recommended, after is what you should be doing...
 
Psi-hate

Psi-hate

GBATemp's Official Psi-Hater
Member
Level 13
Joined
Dec 14, 2014
Messages
1,750
Trophies
1
XP
3,450
Country
United States
Success! Downgraded with sysupdater without fail to 2.xU. Time to dump my OTP. By the way, guys. Since arm9loaderhax works on 10.5, could I just update after getting my OTP and install it on 10.5?
 
Shadowtrance

Shadowtrance

Well-Known Member
Member
Level 9
Joined
May 9, 2014
Messages
2,493
Trophies
0
Location
Hervey Bay, Queensland
XP
1,807
Country
dark_samus3 said:
So wait, are you messing with the XORpad AFTER you downgrade or BEFORE you downgrade? Before isn't recommended, after is what you should be doing...
Click to expand...
After downgrade of course. They were created before though.

AHP_person said:
Well you're all getting closer :P Question, on your n3ds nand, what process have you gone through?
Click to expand...
This process... https://gbatemp.net/threads/arm9loader-technical-details-and-discussion.408537/page-17#post-6077644 probably missing something no doubt.
 
mungry

mungry

Well-Known Member
Member
Level 3
Joined
Jul 29, 2015
Messages
322
Trophies
0
Age
25
XP
476
Country
United States
I'm assuming you can't just downgrade you emunand to 1.0 to dump the OTP? Also there is a N3DS exclusive method I heard about in which you don't have to downgrade at all (so no brick risk) to get the OTP. Please correct me if I'm wrong. All these developments are so exciting!
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
Psi-hate said:
Success! Downgraded with sysupdater without fail to 2.xU. Time to dump my OTP. By the way, guys. Since arm9loaderhax works on 10.5, could I just update after getting my OTP and install it on 10.5?
Click to expand...
Yep, and as long as you never update NATIVE_FIRM you can continue to update sysNAND to the latest FW and then just use the corresponding firmware.bin

--------------------- MERGED ---------------------------

mungry said:
I'm assuming you can't just downgrade you emunand to 1.0 to dump the OTP? Also there is a N3DS exclusive method I heard about in which you don't have to downgrade at all (so no brick risk) to get the OTP. Please correct me if I'm wrong. All these developments are so exciting!
Click to expand...
Well the problem is the protection bit is already set, so booting <3.0 firm is useless... Also, this isn't really known, but you need extra hardware and about 2-3 DAYS for the key bruteforce to work (take that from shinyquag and dazzozo, not me)
 
  • Like
Reactions: mungry
mungry

mungry

Well-Known Member
Member
Level 3
Joined
Jul 29, 2015
Messages
322
Trophies
0
Age
25
XP
476
Country
United States
dark_samus3 said:
Well the problem is the protection bit is already set, so booting <3.0 firm is useless... Also, this isn't really known, but you need extra hardware and about 2-3 DAYS for the key bruteforce to work (take that from shinyquag and dazzozo, not me)
Click to expand...

Hmmmm well now is probably the time to get a hard mod done on my N3DS hahaa...
 

Site & Scene News

Go to forum More news

Popular threads in this forum

I will Make you a 3DS custom theme if you don't know how!

Citra AES Keys

Does anybody have the old Health and Safety Information CIA?

Better n64 emulator?

3DS cheats request?

Nazi themes on themeplaza

Homebrew  3d on 3DS for unsupported games

Homebrew  Modified eshop to use <lets advertise some more!>'s servers?

General chit-chat
Help Users
    SylverReZ @ SylverReZ: Oop, gotta hide. :rofl2::shy: