Error updating A9LH

Discussion in '3DS - Flashcards & Custom Firmwares' started by Keylogger, Mar 31, 2017.

  1. Keylogger
    OP

    Keylogger GBAtemp Advanced Maniac

    Member
    1,727
    366
    May 3, 2006
    France
    Hey

    There is a long time since I didn't use my 3DS.
    I want to update my A9LH using latest version of SafeA9LHInstaller (v2.6.7-42c09f52

    I think I have all the required files on SD card (left all files from my previous installation)
    But I can't update because I have this error message:
    The OTP hash or the NAND Key sector are invalid.

    What I have to do to resolve this?
     
  2. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)

    Member
    389
    278
    Jan 4, 2017
    United States
    why would i tell you stalkers where i live?
    i think you can place the latest arm9loaderhax.bin on your sd card to update a9lh.
    Edit: not true
     
    Last edited by epickid37, Apr 1, 2017
  3. addi33

    addi33 GBAtemp Advanced Maniac

    Member
    1,678
    724
    Sep 12, 2016
    Gambia, The
    nope. totally incorrect. arm9loaderhax.bin is the payload that get's executed. the actual a9lh payloads are written to firm0/firm1
     
  4. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)

    Member
    389
    278
    Jan 4, 2017
    United States
    why would i tell you stalkers where i live?
    thanks for correcting me! just goes to show what i know about this:rofl2:
     
  5. addi33

    addi33 GBAtemp Advanced Maniac

    Member
    1,678
    724
    Sep 12, 2016
    Gambia, The
    https://gbatemp.net/threads/noob-support-how-arm9loaderhax-luma3ds-works-and-what-it-is.460281/


    Neither ARM9LOADERHAX is a CFW it is a persistant (low-level) system exploit, nor Luma3DS is a FW Replacement, it is a Signature Patcher.

    1. Bootrom reads FIRM0, but due to our payload presence, the signature check will fail.
    2. It will read FIRM1 on top of FIRM0, and our payload will still be after it.
    3. Check its RSA signature, since it's good it will jump to its arm9loader.
    4. The arm9loader will use our crafted key to decrypt the ARM9 binary as garbage, then jump to the kernel entrypoint.
    5. With our key the garbage kernel entrypoint will make the cpu jump to our payload location.
    6. Code execution!
    [​IMG]
     
  6. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)

    Member
    389
    278
    Jan 4, 2017
    United States
    why would i tell you stalkers where i live?
    cool! i think smealum has a good walkthrough of the steps also. breaking the 3ds security system
     
  7. Keylogger
    OP

    Keylogger GBAtemp Advanced Maniac

    Member
    1,727
    366
    May 3, 2006
    France
    So what I have to do?
     
  8. Quantumcat

    Quantumcat Dead and alive

    Member
    11,028
    5,911
    Nov 23, 2014
    Australia
    Canberra, Australia