Misc CTcerts, Device IDs, and itcm.mem

TiM127 · Nov 29, 2017

Soooooooo... :hateit:

It's well known at this point that @Joom has evolved to a higher level of intelligence than the rest of us and that only he and a select group of people can unhyperban their 3dses. There's a mystery payload that will automatically inject the CTcert and the DeviceID into the itcm.mem file in the 3ds's memory, as seen here.

But there are two ways to get a CTcert, by using dd on the itcm.mem file,

Code:

dd if=itcm.mem of=CTCert.bin bs=1 skip=14360 count=104
dd if=itcm.mem of=DeviceID.bin bs=1 skip=14340 count=4

or, as with the only CTcert I can use for this, with Eshop Debugger.

But these two files are fundamentally different. I copied my own dirty CTcert with eshop debugger and with itcm.mem and couldn't find any similarities in the hexeditor, at least not with my non-code centered brain. (Information I tried to use to help me find similarities can be found here.)

Are they encoded completely differently? If so, is there a fathomable way to convert one to another? I can only guess the Eshop Debugger's version of the CTcert comes with a ton of extra data that isn't found in itcm.mem, since it's almost 4 times the size. But that fact doesn't help converting the ECDSA signature. (Which I can only guess is the part of the CTcert I'd care about)

The DeviceID makes no sense either.

Joom · Nov 30, 2017

Just for the record, I didn't write the code or anything. It was pieced together from information available on 3dbrew. I just helped test and debug. The coder doesn't want to be known, so I guess I'm just the publicist or whatever. Also, it's no mystery payload. It's just a modified version of Luma, but any B9S payload used as the boot payload can work. Anyway, your device ID is used to verify your console and model with the Nintendo Network services. This is what Nintendo bans. The CTCert signs this ID, which used to not be necessary to bypass the ban, but hundreds of people thought using "1234" as their ID was a good idea. Because of this Nintendo now requires a legitimate, signed ID.

TiM127 · Nov 30, 2017

Joom said:
Just for the record, I didn't write the code or anything. It was pieced together from information available on 3dbrew. I just helped test and debug. The coder doesn't want to be known, so I guess I'm just the publicist or whatever. Also, it's no mystery payload. It's just a modified version of Luma, but any B9S payload used as the boot payload can work. Anyway, your device ID is used to verify your console and model with the Nintendo Network services. This is what Nintendo bans. The CTCert signs this ID, which used to not be necessary to bypass the ban, but hundreds of people thought using "1234" as their ID was a good idea. Because of this Nintendo now requires a legitimate, signed ID.

I haven't been able to find anything about itcm.mem on 3dbrew.

Joom · Nov 30, 2017

https://www.3dbrew.org/wiki/Memory_layout#ARM9_ITCM

TiM127 · Nov 30, 2017

Ok, so I've done a lot of research and I've found that the CTCert from the Eshop Debugger doesn't contain the "CTCert ECDSA privk".

I guess that means I'm screwed then, right?

TiM127 · Nov 30, 2017

Joom said:
All the information necessary to do this is publicly available. It's all on 3dbrew. I have a sneaking suspicion that they know.

Also, does this really mean that all the information on how to create a payload to replace CTCerts can be found exclusively on 3dbrew?

Misc CTcerts, Device IDs, and itcm.mem

Active Member

❤❤❤

Active Member

❤❤❤

Active Member

Active Member

Similar threads