Misc CTcerts, Device IDs, and itcm.mem

TiM127

Active Member
OP
Newcomer
Joined
Sep 26, 2016
Messages
32
Trophies
0
Age
21
XP
126
Country
United States
Soooooooo... :hateit:

It's well known at this point that @Joom has evolved to a higher level of intelligence than the rest of us and that only he and a select group of people can unhyperban their 3dses. There's a mystery payload that will automatically inject the CTcert and the DeviceID into the itcm.mem file in the 3ds's memory, as seen here.

But there are two ways to get a CTcert, by using dd on the itcm.mem file,
Code:
dd if=itcm.mem of=CTCert.bin bs=1 skip=14360 count=104
dd if=itcm.mem of=DeviceID.bin bs=1 skip=14340 count=4
or, as with the only CTcert I can use for this, with Eshop Debugger.

But these two files are fundamentally different. I copied my own dirty CTcert with eshop debugger and with itcm.mem and couldn't find any similarities in the hexeditor, at least not with my non-code centered brain. (Information I tried to use to help me find similarities can be found here.)

Are they encoded completely differently? If so, is there a fathomable way to convert one to another? I can only guess the Eshop Debugger's version of the CTcert comes with a ton of extra data that isn't found in itcm.mem, since it's almost 4 times the size. But that fact doesn't help converting the ECDSA signature. (Which I can only guess is the part of the CTcert I'd care about)

The DeviceID makes no sense either.
 
  • Like
Reactions: GilgameshArcher

Joom

 ❤❤❤
Member
Joined
Jan 8, 2016
Messages
6,067
Trophies
1
Location
US
Website
mogbox.net
XP
6,077
Country
United States
Just for the record, I didn't write the code or anything. It was pieced together from information available on 3dbrew. I just helped test and debug. The coder doesn't want to be known, so I guess I'm just the publicist or whatever. Also, it's no mystery payload. It's just a modified version of Luma, but any B9S payload used as the boot payload can work. Anyway, your device ID is used to verify your console and model with the Nintendo Network services. This is what Nintendo bans. The CTCert signs this ID, which used to not be necessary to bypass the ban, but hundreds of people thought using "1234" as their ID was a good idea. Because of this Nintendo now requires a legitimate, signed ID.
 
Last edited by Joom,
  • Like
Reactions: GilgameshArcher

TiM127

Active Member
OP
Newcomer
Joined
Sep 26, 2016
Messages
32
Trophies
0
Age
21
XP
126
Country
United States
Just for the record, I didn't write the code or anything. It was pieced together from information available on 3dbrew. I just helped test and debug. The coder doesn't want to be known, so I guess I'm just the publicist or whatever. Also, it's no mystery payload. It's just a modified version of Luma, but any B9S payload used as the boot payload can work. Anyway, your device ID is used to verify your console and model with the Nintendo Network services. This is what Nintendo bans. The CTCert signs this ID, which used to not be necessary to bypass the ban, but hundreds of people thought using "1234" as their ID was a good idea. Because of this Nintendo now requires a legitimate, signed ID.
I haven't been able to find anything about itcm.mem on 3dbrew.
 

TiM127

Active Member
OP
Newcomer
Joined
Sep 26, 2016
Messages
32
Trophies
0
Age
21
XP
126
Country
United States
Ok, so I've done a lot of research and I've found that the CTCert from the Eshop Debugger doesn't contain the "CTCert ECDSA privk".

I guess that means I'm screwed then, right?
 

TiM127

Active Member
OP
Newcomer
Joined
Sep 26, 2016
Messages
32
Trophies
0
Age
21
XP
126
Country
United States
All the information necessary to do this is publicly available. It's all on 3dbrew. I have a sneaking suspicion that they know.

Also, does this really mean that all the information on how to create a payload to replace CTCerts can be found exclusively on 3dbrew?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Veho @ Veho:
    "Are you a better shot than a high schooler?"
  • Veho @ Veho:
    "Shoot the giant orange pedo and get a cookie."
  • Veho @ Veho:
    "No points for grazing him, that's just amateur hour."
  • K3Nv2 @ K3Nv2:
    Some are saying the kid was paid off by a online terror group or whatever
  • Veho @ Veho:
    "Disturbed young man."
  • Veho @ Veho:
    "Iranian sleeper agent."
  • Veho @ Veho:
    "False flag."
  • K3Nv2 @ K3Nv2:
    I don't get people that make these attempts knowing they'll die just go in balls deep kamikaze style
  • Veho @ Veho:
    Too many meat shields in the way, sniping from a high vantage point is the only way.
  • K3Nv2 @ K3Nv2:
    But it was ar15 iirc
  • Veho @ Veho:
    AR-15, effective range 500 yards, and the guy was at 150 yards from Trump.
  • K3Nv2 @ K3Nv2:
    Still missed
  • Veho @ Veho:
    Skill issue.
  • SylverReZ @ SylverReZ:
    Take the L. :tpi:
  • K3Nv2 @ K3Nv2:
    Wouldn't be the first time Trump got red skeeted on his face
    +1
  • K3Nv2 @ K3Nv2:
    I was reading the kid failed shooting classes left and right imagine if it was a pissed off marine
    +1
  • Veho @ Veho:
    Or a pissed-on marine.
  • Veho @ Veho:
    There will be other rallies.
  • K3Nv2 @ K3Nv2:
    The story of how a new born took aim at trump
  • K3Nv2 @ K3Nv2:
    How could the secret service see this coming
  • Veho @ Veho:
    Doesn't the baby have the right to bear arms?
  • K3Nv2 @ K3Nv2:
    Raised by bears grew claws
  • Veho @ Veho:
    I choose bear.
    SylverReZ @ SylverReZ: https://www.youtube.com/watch?v=am4a8EfQDQM