Can someone describe the guide steps in plain English

Discussion in '3DS - Flashcards & Custom Firmwares' started by markmcrobie, Jan 20, 2017.

  1. markmcrobie

    markmcrobie GBAtemp Fan

    May 24, 2008
    I have used and it worked perfectly, but purely out of curiosity can someone explain what the steps actually do, and what the software you use during the guide does? Just briefly, as I said, just for curiosity/to help me understand what's going on - the guide is awesome and I followed it easily step by step, but it would be good to have an understanding of what's being done and why.

    For example:

    What do DSP Dump, hourglass9, godmode, etc all actually do?

    Why do we downgrade to 2.1 at one step


    Sent from my iPhone using Tapatalk Pro
  2. GBAtemp Fan

    Feb 7, 2016
    When I remember tight on every page at the top there is a little explanation of what is happening in the following steps.

    Gesendet von meinem SM-G935F mit Tapatalk
    Zidapi and Quantumcat like this.
  3. Patxinco

    Patxinco Riding a Shooting Star

    Apr 18, 2011
    Iirc, hourglass9 is to get a backup of your nand in case if needed after all the steps.
    godmode9 lets you access system titles you cannot access otherwise.
    and we downgrade to 2.1 cause is the last system version when your unique OTP is not secured and you have access to an exploitable browser which you use to extract your OTP.

    Iirc, of course
  4. EthanAddict

    EthanAddict An investment to nothingness

    Nov 12, 2016
    OK, here you have it:
    1) We do DSP Dump to have audio in homebrew.
    2) Hourglass9 is a noob-friendly version of Decrypt9, having only the basic functions, like nand dumping, restoring etc.
    3) Godmode9 is a payload that reads folders in sdcard, sysnand, emunand etc, and features a hex editor to edit files.
    4) We downgrade to 2.1 because there was a flaw, because the system didn't clear the 0x11 keyslot, which allowed us to get the console-unique OTP via a spider exploit(browser exploit).
  5. capito27

    capito27 GBAtemp Advanced Fan

    Jan 19, 2015
    the 4th explanation is totally unrelated to why we can read the OTP, up to 2.1, the CFG_SYSPROT9 config register only had it's first bit set (as in, bootrom9 lock mechanism), but its second bit, the one locking access to the OTP area, was not set, so we could still read the OTP area from arm9 code execution up to 2.1, with later versions, the second bit is properly set, and the OTP region can't be accessed until shutdown of the system.
    koffieleut and astronautlevel like this.
  6. Zidapi

    Zidapi GBAtemp Psycho!

    Dec 1, 2002
    In English he said! :rofl2:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice