TEMPORARY MODE ENABLED  
  1. Keylogger

    OP Keylogger GBAtemp Addict
    Member

    Joined:
    May 3, 2006
    Messages:
    2,439
    Country:
    France
    Hey

    There is a long time since I didn't use my 3DS.
    I want to update my A9LH using latest version of SafeA9LHInstaller (v2.6.7-42c09f52

    I think I have all the required files on SD card (left all files from my previous installation)
    But I can't update because I have this error message:
    The OTP hash or the NAND Key sector are invalid.

    What I have to do to resolve this?
     
  2. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)
    Member

    Joined:
    Jan 4, 2017
    Messages:
    1,247
    Country:
    United States
    i think you can place the latest arm9loaderhax.bin on your sd card to update a9lh.
    Edit: not true
     
    Last edited by epickid37, Apr 1, 2017
  3. adrifcastr

    adrifcastr GBAtemp Addict
    Member

    Joined:
    Sep 12, 2016
    Messages:
    2,038
    Country:
    Germany
    nope. totally incorrect. arm9loaderhax.bin is the payload that get's executed. the actual a9lh payloads are written to firm0/firm1
     
  4. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)
    Member

    Joined:
    Jan 4, 2017
    Messages:
    1,247
    Country:
    United States
    thanks for correcting me! just goes to show what i know about this:rofl2:
     
  5. adrifcastr

    adrifcastr GBAtemp Addict
    Member

    Joined:
    Sep 12, 2016
    Messages:
    2,038
    Country:
    Germany
    https://gbatemp.net/threads/noob-support-how-arm9loaderhax-luma3ds-works-and-what-it-is.460281/


    Neither ARM9LOADERHAX is a CFW it is a persistant (low-level) system exploit, nor Luma3DS is a FW Replacement, it is a Signature Patcher.

    1. Bootrom reads FIRM0, but due to our payload presence, the signature check will fail.
    2. It will read FIRM1 on top of FIRM0, and our payload will still be after it.
    3. Check its RSA signature, since it's good it will jump to its arm9loader.
    4. The arm9loader will use our crafted key to decrypt the ARM9 binary as garbage, then jump to the kernel entrypoint.
    5. With our key the garbage kernel entrypoint will make the cpu jump to our payload location.
    6. Code execution!
    [​IMG]
     
  6. epickid37

    epickid37 ( ͡° ͜ʖ ͡°)
    Member

    Joined:
    Jan 4, 2017
    Messages:
    1,247
    Country:
    United States
    cool! i think smealum has a good walkthrough of the steps also. breaking the 3ds security system
     
  7. Keylogger

    OP Keylogger GBAtemp Addict
    Member

    Joined:
    May 3, 2006
    Messages:
    2,439
    Country:
    France
    So what I have to do?
     
  8. Quantumcat

    Quantumcat Dead and alive
    Member

    Joined:
    Nov 23, 2014
    Messages:
    15,149
    Country:
    Australia
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - updating, Error,