Can Nintendo create a signed update that retrieves the OTP?

Discussion in '3DS - Homebrew Development and Emulators' started by Link_of_Hyrule, Mar 24, 2016.

  1. Link_of_Hyrule
    OP

    Link_of_Hyrule GBAtemp Fan

    Member
    451
    133
    Jun 28, 2008
    United States
    Hyrule
    So I was kind of thinking about this today. As far as installing a9lh we have to downgrade our system all the way to 2.1 to get to a system that has access to extract the OTP. However what my question is is can Nintendo create a signed update that unlocks access to the OTP to retrieve the files to then remove a9lh from systems? Is it setup so that Nintendo themselves would also have to force downgrade user systems to be able to uninstall a9lh? (Which is something very very unlikely that they would do since it wouldn't make much sense to do it). If this is the case that they can't create such an update to remove it without the full downgrade I guess a9lh is really pretty full proof since it would be so hard for them to remove from user systems.
     


  2. Omegadrien

    Omegadrien GBAtemp Advanced Maniac

    Member
    1,713
    530
    Nov 4, 2015
    France
    Pokéland
    nope, nintendo will never do this. Nintendo has zero reason to unlock the OTP!! As for me, I downgraded to 2.1 two times. No problems. Just follow correctly the guide. The only way for nintendo to uninstall a9lh, is write firm 0 and firm 1 partition during update, with arm9 authorizations (because it's patched by aureinand, and so arm11 can't write firm0 and firm 1).
    So, I think next nintendo update will just block nintendo 3ds downgrade (and maybe other homebrew exploits). No downgrade = no arm9 access = no a9lh. Maybe this update will be release next monday...
     
    Last edited by Omegadrien, Mar 24, 2016
    MarcusD likes this.
  3. thatbooisaspy

    thatbooisaspy GBAtemp Fan

    Member
    367
    151
    Oct 28, 2015
    .
     
    Last edited by thatbooisaspy, Jun 3, 2017
  4. []KAOS[]Casey

    []KAOS[]Casey Member

    Newcomer
    15
    13
    Jun 2, 2009
    United States
    Nintendo probably has the OTP for every console sitting in a database somewhere. That said, unless they can somehow override the firm0/1 protection, it shouldn't really be possible for them to uninstall a9lh.

    As always, if there's an update, let the guys with hardmods test if anything breaks first.
     
  5. Link_of_Hyrule
    OP

    Link_of_Hyrule GBAtemp Fan

    Member
    451
    133
    Jun 28, 2008
    United States
    Hyrule
    So the custom firmware itself blocks them from updating the firm even if they do have access to the OTP for each console?
     
  6. Omegadrien

    Omegadrien GBAtemp Advanced Maniac

    Member
    1,713
    530
    Nov 4, 2015
    France
    Pokéland
    yes. That why you can update your sysnand to 10.7 with a9lh without uninstalling it!!
     
  7. Link_of_Hyrule
    OP

    Link_of_Hyrule GBAtemp Fan

    Member
    451
    133
    Jun 28, 2008
    United States
    Hyrule
    Cool that makes it even safer I didn't think about the CFW actually blocking updates to just that part of the system. Now we just need auto updates to the CFW I'm kind of surprised no one has done this yet TBH.
     
  8. zoogie

    zoogie simple pimp tool

    Member
    6,245
    7,916
    Nov 30, 2014
    United States
    They can restore bricked nands so I'm sure they have way to access data without disassembly or arm9 sploits like we have to do.
    It's a total mystery how they do it though.
     
  9. Omegadrien

    Omegadrien GBAtemp Advanced Maniac

    Member
    1,713
    530
    Nov 4, 2015
    France
    Pokéland
    I think they change the motherboard = new console = unbricked!
     
  10. zoogie

    zoogie simple pimp tool

    Member
    6,245
    7,916
    Nov 30, 2014
    United States
    It's a lot cheaper just to fix the MB (if it's just nand corruption) without chucking it. They wouldn't be in the business of selling $60 2ds's otherwise.
     
  11. Link_of_Hyrule
    OP

    Link_of_Hyrule GBAtemp Fan

    Member
    451
    133
    Jun 28, 2008
    United States
    Hyrule
    I imagine they have a special hardware tool that allows them to do this on top of the fact that they have access to all the software keys to install/uninstall whatever they want.
     
    zoogie likes this.
  12. MrCheeze

    MrCheeze GBAtemp Regular

    Member
    200
    208
    May 13, 2014
    Canada
    I kinda want this to end with Nintendo searching for security flaws in their own product to find a way to overwrite firm anyway.
     
  13. Omegadrien

    Omegadrien GBAtemp Advanced Maniac

    Member
    1,713
    530
    Nov 4, 2015
    France
    Pokéland
    Yeah but if your 3ds is hardbricked, you have to pay for the repair (out of warranty), right?
     
    Last edited by Omegadrien, Mar 24, 2016
  14. Conn0r

    Conn0r GBAtemp Fan

    Member
    327
    187
    Jan 10, 2016
    United States
    No matter what Nintendo does, they cannot block a9lh as long as firm0/firm1 block is enabled with cfw.
     
  15. dankzegriefer

    dankzegriefer GBAtemp Advanced Fan

    Member
    829
    437
    Aug 19, 2015
    United States
    Nintendo COULD theoretically do this...


    but it's dumb. And tedious. And useless. And it makes installing arm9loaderhax easier. And any attempt to delete arm9loaderhax would probably be stopped by your CFW.


    tl;dr
    Why would they?
     
  16. Dartz150

    Dartz150 GBATemp Official Lolicon Onii-chan™

    Member
    1,406
    845
    May 5, 2010
    Mexico
    On a Strange Journey
    There was a case once, where a user sent his 3DS to repair at Nintendo, they returned his console with a misterious cartdrige inserted, so he went back to the Nintendo Customer Service and returned the misterious cartdrige... and yup, he never saw what it was.

    In exchange, he received a HUGE reward, so it's obvious that such cartdrige, in the wrong hands, can do much everything we can dream about I guess.
     
  17. Link_of_Hyrule
    OP

    Link_of_Hyrule GBAtemp Fan

    Member
    451
    133
    Jun 28, 2008
    United States
    Hyrule
    Just to be clear firm0/firm1 is blocked by default on AuReiNand on both sysnand and emunand with a9lh?
     
  18. zoogie

    zoogie simple pimp tool

    Member
    6,245
    7,916
    Nov 30, 2014
    United States
    Bricks can happen with normal usage though. People uploaded pictures of the bootrom error well before the Gateway era.
    So they will usually just fix bricks unless there's some obvious evidence you've been hacking it.
    Good post. CFW mods are a moving target so trying to work around them in the update process can yield unpredictable results. Nintendo is known to be afraid of lawsuits so they'll just be content with letting updates fail. The only thing they might try to counter update blocking units is banning them from online services.
    Interesting, do you have any links? Search hints?
     
  19. Conn0r

    Conn0r GBAtemp Fan

    Member
    327
    187
    Jan 10, 2016
    United States
    That would be correct!
     
    Link_of_Hyrule likes this.
  20. Dartz150

    Dartz150 GBATemp Official Lolicon Onii-chan™

    Member
    1,406
    845
    May 5, 2010
    Mexico
    On a Strange Journey
    Yeah, Aureinand does that by default, so youre good with that CFW.
    There is Cakes as well, where you can change that behavior manually, but it's only recommended for advanced users and for testing purposes.