vb_encryption_vb

vb_encryption_vb

That hardmod guy....
Member
Level 10
Joined
Nov 21, 2015
Messages
1,995
Trophies
2
Age
41
Location
Acworth, GA
XP
1,949
Country
United States
Plailect said:
Try replacing ctrtool with the one from here: https://github.com/profi200/Project_CTR/releases/download/0.15/makerom_015_ctrtool.zip
Click to expand...
I did that, but later down the line I encountered the error again at xor.exe it was dll related, once I swapped the .dll with the correct one all issues were solved and it patched properly.

dankzegriefer said:
Why use 10.2 NATIVE FIRM?
Why not cut out the middle man and use 9.2 NATIVE FIRM?
Click to expand...

Can only change in small increments, someone with better understanding will come along and explain I bet.
 
DarkFlare69

DarkFlare69

Well-Known Member
Member
Level 15
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,750
Country
United States
vb_encryption_vb said:
I did that, but later down the line I encountered the error again at xor.exe it was dll related, once I swapped the .dll with the correct one all issues were solved and it patched properly.



Can only change in small increments, someone with better understanding will come along and explain I bet.
Click to expand...
Yeah, i did that to and am getting the same xor.exe error as you. Mind sending me your xor.exe file?
 
Plailect

Plailect

Well-Known Member
OP
Member
Level 8
Joined
Jan 30, 2016
Messages
546
Trophies
1
XP
1,502
Country
United States
dankzegriefer said:
Why use 10.2 NATIVE FIRM?
Why not cut out the middle man and use 9.2 NATIVE FIRM?
Click to expand...

NATIVE_FIRM is updated to both different versions and different revisions. This can only take us between revisions, not versions, so we can only go between smaller updates like from 10.5 to 10.2, then we let memchunkhax2 do the rest.
 
Plailect

Plailect

Well-Known Member
OP
Member
Level 8
Joined
Jan 30, 2016
Messages
546
Trophies
1
XP
1,502
Country
United States
dankzegriefer said:
If you can get this level of NAND injection, why not just replace everything with the 9.2 version?
Click to expand...

Basically, the FIRM partitions in your NAND are encrypted specifically to your console and we can't edit them. Fortunately for us, Nintendo's implementation of this is flawed and allows us to compare the decrypted 10.4 NATIVE_FIRM (which we can get using decrypt9 on any 3DS below 9.2) with the encrypted 10.4 NATIVE_FIRM in your NAND.bin in order to then reencrypt the decrypted 10.2 NATIVE_FIRM before injecting it into the NAND.

--------------------- MERGED ---------------------------

piratesephiroth said:
I think this is only possible becuase NATIVE_FIRM is in a different partition, in a fixed place, and its encryption method is known.
Click to expand...
Yes. For more info, read the "FIRM partitions known-plaintext" part here: https://www.3dbrew.org/wiki/3DS_System_Flaws
 
vb_encryption_vb

vb_encryption_vb

That hardmod guy....
Member
Level 10
Joined
Nov 21, 2015
Messages
1,995
Trophies
2
Age
41
Location
Acworth, GA
XP
1,949
Country
United States
Plailect said:
I have updated the post with the DLL @vb_encryption_vb used to hopefully fix some issues people were having.
Click to expand...

Might wanna put a comment next to it saying to leave it in the directory that autofirm is in. I put it in system32 / syswow64 like you normally would and it wouldn't register. Video is almost published to youtube as well.
 
A

Aroth

Well-Known Member
Member
Level 6
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
@dankzegriefer

The only thing we can actually alter/inject is the firm0/firm1 partitions. @Plailect does a decent enough job explaining this in the post above mine, but basically the decrypted contents of firm0/firm1 are completely identical between any two O3DS/2DS systems that are on the same system version and between any two N3DS systems on the same system version. However the remaining contents of the NAND chip, particularly CTRNAND (which is the other part you would need to replace to affect a complete downgrade), differ from console to console. Each console contains unique data for several files in the CTRNAND partition (files like movable_sed, secureinfo_a, title.db, among others) which make it impossible to do a direct inject of a CTRNAND partition from another console. You can inject an old (say 9.2) CTRNAND dump from your console with minimal issues assuming you have a hardmod or other method for writing to the NAND chip. The purpose of this, however, is for people who do not have such a NAND dump to begin with.

As for why we can't just inject a 9.2 firm0/firm1 dump, that is because of the way the version updates for native_firm are handled. As @Plailect said (again, dude is pretty well informed) native_firm updates can be one of 3 kinds. A MAJOR version change (1.x-x to 2.x-x, which has never actually happened as the initial factory FIRM was 2.3-0), a MINOR version change (2.49-x to 2.50-x, like the update from 9.5 to 9.6) or a REVISION change (2.50-9 to 2.50-11, like the update from 10.2 to 10.4)). Using this method we can actually inject any version of the firm we want, but if we jump between MAJOR or MINOR versions we will cause the system to brick and fail to load the CTRNAND properly. This is because every title on the system does a simple kernel/firm version check on launch and if the check fails then the system hands on the 3DS logo. This version check ONLY looks at MAJOR and MINOR version numbers, while completely ignoring REVISION numbers. The 10.5 titles will launch perfectly fine even if the firm being used is 2.50-1 (the 9.6 version), but if we jump to 2.49-0 (9.5's firm) any system title that has been updated since 9.6 will fail to boot. Since the Home Menu is typically updated in conjunction with updates to native_firm, this means that the home menu will fail to load on boot and you will be stuck with a black screen (aka a bricked system).

I strongly suspect that since we are flashing both firm0 AND firm1, we are probably overwriting the safe_mode native_firm as well, meaning it won't just be a soft brick that you can escape from by updating while in recovery mode. That said since this entire process requires a hard mod for dumping/injecting the contents of the NAND chip, the VERY first step after making the modification should be to create SEVERAL dumps of the chip to compare against each other and ensure proper functioning of the mod, as well as to have a clean backup if you manage to fuck something up.
 
  • Like
Reactions: A_Bricked_Guy and Spaqin
Apache Thunder

Apache Thunder

I have cameras in your head!
Member
Level 17
Joined
Oct 7, 2007
Messages
4,433
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,806
Country
United States
dankzegriefer said:
Why use 10.2 NATIVE FIRM?
Why not cut out the middle man and use 9.2 NATIVE FIRM?
Click to expand...

That wouldn't work. That would only be good at making a brick. Remember how most of the last year we couldn't boot a 9.5+ emunand? Because we couldn't use a 9.6+ native_firm. Imagine that scenerio on sysnand. A 9.2 FIRM will not boot a 10.4/10.5 system for the same reason. The crypto changed and too many of the system titles rely on it. You might be able to downgrade FIRM to 9.2, but the console won't boot anymore and you need to be able to boot it if you want to properly downgrade it.
 
Last edited by Apache Thunder,
A

Aroth

Well-Known Member
Member
Level 6
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
Apache Thunder said:
That wouldn't work. That would only be good at making a brick. Remember how most of the last year we couldn't boot a 9.5+ emunand? Because we couldn't use a 9.6+ native_firm. Imagine that scenerio on sysnand. A 9.2 FIRM will not boot a 10.4/10.5 system for the same reason. The crypto changed and too many of the system titles rely on it. You might be able to downgrade FIRM to 9.2, but the console won't boot anymore and you nee to be able to boot it if you want to properly downgrade it.
Click to expand...
The crypto change was why we couldn't use a 9.6+ firm. We couldn't use a 9.6+ system update because we couldn't use the 9.6+ firm and several important system titles (including the home menu) were checking against the new firm when launched and would then fail to launch upon seeing a lower firm. This is the same thing that would happen if someone injected a 9.5 or lower firm partition to a 10.4/10.5 system.
 
Plailect

Plailect

Well-Known Member
OP
Member
Level 8
Joined
Jan 30, 2016
Messages
546
Trophies
1
XP
1,502
Country
United States
Aroth said:
@dankzegriefer

The only thing we can actually alter/inject is the firm0/firm1 partitions. @Plailect does a decent enough job explaining this in the post above mine, but basically the decrypted contents of firm0/firm1 are completely identical between any two O3DS/2DS systems that are on the same system version and between any two N3DS systems on the same system version. However the remaining contents of the NAND chip, particularly CTRNAND (which is the other part you would need to replace to affect a complete downgrade), differ from console to console. Each console contains unique data for several files in the CTRNAND partition (files like movable_sed, secureinfo_a, title.db, among others) which make it impossible to do a direct inject of a CTRNAND partition from another console. You can inject an old (say 9.2) CTRNAND dump from your console with minimal issues assuming you have a hardmod or other method for writing to the NAND chip. The purpose of this, however, is for people who do not have such a NAND dump to begin with.

As for why we can't just inject a 9.2 firm0/firm1 dump, that is because of the way the version updates for native_firm are handled. As @Plailect said (again, dude is pretty well informed) native_firm updates can be one of 3 kinds. A MAJOR version change (1.x-x to 2.x-x, which has never actually happened as the initial factory FIRM was 2.3-0), a MINOR version change (2.49-x to 2.50-x, like the update from 9.5 to 9.6) or a REVISION change (2.50-9 to 2.50-11, like the update from 10.2 to 10.4)). Using this method we can actually inject any version of the firm we want, but if we jump between MAJOR or MINOR versions we will cause the system to brick and fail to load the CTRNAND properly. This is because every title on the system does a simple kernel/firm version check on launch and if the check fails then the system hands on the 3DS logo. This version check ONLY looks at MAJOR and MINOR version numbers, while completely ignoring REVISION numbers. The 10.5 titles will launch perfectly fine even if the firm being used is 2.50-1 (the 9.6 version), but if we jump to 2.49-0 (9.5's firm) any system title that has been updated since 9.6 will fail to boot. Since the Home Menu is typically updated in conjunction with updates to native_firm, this means that the home menu will fail to load on boot and you will be stuck with a black screen (aka a bricked system).

I strongly suspect that since we are flashing both firm0 AND firm1, we are probably overwriting the safe_mode native_firm as well, meaning it won't just be a soft brick that you can escape from by updating while in recovery mode. That said since this entire process requires a hard mod for dumping/injecting the contents of the NAND chip, the VERY first step after making the modification should be to create SEVERAL dumps of the chip to compare against each other and ensure proper functioning of the mod, as well as to have a clean backup if you manage to fuck something up.
Click to expand...

Excellent writeup. I was trying my best to stay at least a little legible to the less technically inclined, but if anyone wants more info I'll definitely link them to this.
 
  • Like
Reactions: fuducker81
DarkFlare69

DarkFlare69

Well-Known Member
Member
Level 15
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,750
Country
United States
vb_encryption_vb said:
Hmm I'm not sure than, once I put that file in the root directory all my errors went away. I'm on win7 64bit. I also rebooted my pc.
Click to expand...
Well i downloaded one from dll-files and it worked.

But now i did all steps and my fucking nand is unmodified. I did as file compare in HxD and the "new" nand with "10.2 native firm" is the exact same as my original one.
 
Xenon Hacks

Xenon Hacks

Well-Known Member
Member
Level 15
Joined
Nov 13, 2014
Messages
7,414
Trophies
1
Age
30
XP
4,687
Country
United States
DarkFlare69 said:
Well i downloaded one from dll-files and it worked.

But now i did all steps and my fucking nand is unmodified. I did as file compare in HxD and the "new" nand with "10.2 native firm" is the exact same as my original one.
Click to expand...
Try running things as admin and disabling UAC
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Some sort of download management app