Homebrew [Coming Soon] OTPless A9LH installation on N3DS (no 2.1 downgrade)

[SciresM]

As noted by dark_samus on 3dbrew,

Due to the keystore being encrypted with AES-ECB, one can rearrange blocks and still have the NAND keystore decrypt in a deterministic way. Combining this with the arm9loaderhax and uncleared hash keydata vulnerabilities, one can achieve arm9loaderhax without downgrading to a system version that exposes the OTP data, or using a hardware method. The NAND keystore must be encrypted with console-unique data; therefore, this is not achievable on Old 3DS or 2DS.

This is currently not ready for general usage -- I'm the only one who has tested it, but expect OTPless A9LH installations for N3DS users soon (only an arm9 exploit required, so it's still only for those on 9.2 or below/those who can downgrade to 9.2).

If you have a New 3DS with a hardmod, feel like you understand everything written above, and know what you're doing (IE, no noobs), there's an alpha on my github that you can test out.

If you don't, WAIT FOR THIS TO BE BETTER TESTED.

Credit to dark_samus for finding the vuln, delebile for his key bruteforcer, Normmatt for helping dark_samus mod the key bruteforcer, Myria for helping figure out some conditionals, as well as answering questions leading to the discovery of the vuln.

 

[SciresM]

Taking this second post to reaffirm: Do not try to use this if you don't know EXACTLY what you're doing, or without a hardmod.

 

[smileyhead]

Inb4 "9001 people currently viewing this thread"

 

[SpongeFreak52]

This is fantastic! Great work to all those involved, after going through the OTP process in its early days I can definitely appreciate the hassle this will save people. (Given they've got a stock ≤9.2 N3DS)

 

[WiiUBricker]

Next Gateway firmware: Gateway Super Fastboot without downgrading (with free bricks for early adopters included).

 

[KiiWii]

This is a game changer.

Excellent progress!

 

[jefffisher]

sweet i'll try this out as soon as my walmart or target puts more 3ds's out on the shelf.

 

[mashers]

I'll re-flash a 9.2 sysnand and give this a try. Amazing work

 

[dark_samus3]

Well, it was certainly fun finding my first vuln... Sure it builds off of other stuff, but I found it with less than 4 months experience.... after that it was just waiting for everything to line up properly (which actually happened awhile ago, but it was thought to be un-exploitable). It's still insane to me that I actually found a vuln. Props to everyone who helped (as listed in the credits) and thanks to #Cakey for support and helping me through my noobness

 

[Akira]

So in layman's term, the only requirement to use this is a 9.2 New 3DS?

 

[DavidRO99]

So in layman's term, the only requirement to use this is a 9.2 New 3DS?

yup

 

[SciresM]

So in layman's term, the only requirement to use this is a 9.2 New 3DS?

Correct.

 

[ihaveahax]

worked fine here, if anyone is curious. 9.2 to a9lh almost instantly, no otp.bin.

 

[DavidRO99]

worked fine here, if anyone is curious. 9.2 to a9lh almost instantly, no otp.bin.

steps plox

 

[ihaveahax]

steps plox

get UnsafeA9LHInstaller from SciresM's github if you're brave. only do it if you have a hardmod and New 3DS.

 

[DavidRO99]

get UnsafeA9LHInstaller from SciresM's github if you're brave. only do it if you have a hardmod and New 3DS.

I have a new 3ds but still, steps plox

 

[SciresM]

I have a new 3ds but still, steps plox

If you have to ask, you should NOT be using this yet.

 

[DavidRO99]

If you have to ask, you should NOT be using this yet.

...I dont want to use it... I already have a9lh on my 3ds. Im just curios.

--------------------- MERGED ---------------------------

...I dont want to use it... I already have a9lh on my 3ds. Im just curios.

nvm found the release tab on github... i thought I would have to build it myself and stuff

--------------------- MERGED ---------------------------

...I dont want to use it... I already have a9lh on my 3ds. Im just curios.

--------------------- MERGED ---------------------------


nvm found the release tab on github... i thought I would have to build it myself and stuff

Huh cool, it is just a homebrew app! I wish I had this when I installed A9LH on my New 3DS... would have saved a lot of time

 

[mashers]

To be honest, I don't think anybody should be sharing steps here. I don't want to sound elitist, but this is alpha software which could brick your 3ds (no disrespect to the devs - but I'm sure they would agree that this is a possibility at this stage). If you can't find the GitHub repo and figure this out without instructions, just wait for a release.

 

[Akira]

Im dying to try this(just out of curiosity) but I don't have a New 3DS lying around right now. I'll just wait for a couple of more tests and I'll buy myself a new console just to try it out.

 

[DavidRO99]

To be honest, I don't think anybody should be sharing steps here. I don't want to sound elitist, but this is alpha software which could brick your 3ds (no disrespect to the devs - but I'm sure they would agree that this is a possibility at this stage). If you can't find the GitHub repo and figure this out without instructions, just wait for a release.

it is a homebrew app on github releases