Hacking GATEWAY 4.1 PRIVATE BETA RELEASE

[vb_encryption_vb]

You do realize he's announcing something good for Gateway users: a way to easily report bugs and request new features? How does that make him a plague?

You do realize that the prick only supports code thieves and drm products that are based off leaked / stolen code right. The anal gland has been a plauge for years, ps3, xbox, etc. To hell with him.


Lol, attacked a forum admin, ok.

 

[Aroth]

The only reason it's more dangerous is that their instructions skipped over important safety details, like downgrading emuNAND first. From what I've read (I haven't tried it since I already have A9LH installed), the implementation itself is somewhat safe, at least as safe as a private beta can be when it's labled "Files on this page should be treated with extreme care and only used by advanced users who have access to a way to restore their 3DS NAND". Early open source implementations were just as unstable.

And none of that is any reason to spread hate at this level. Some people are very hostile towards Gateway. Just half an hour ago, vb_encryption_vb attacked a forum administrator announcing some pretty nice developments on the official support forum. It's as if this is what the "cool" kids are doing these days.

No, it is actually more dangerous than the version used by Plailect's guide because it is an OUTDATED version of the exploit. Gateway is using a modification of the old A9LHv1 code for their exploit. The primary modification of the exploit is to "marry" the payload to the redcart as a form of DRM, which is pretty damn deplorable in my opinion and only slightly mitigated by the release of an arm9loaderhax.bin to allow people to use their hardware/software withing being bound to the DRM device. The older, original version of A9LH did not have the safeguards for installation and firm protection that exist in v2, which make it inherently more dangerous to use during installation. (Note that this ONLY applies to their A9LH installer. The payload file they provide is no less safe to use than any other payload file, aside from the issues with firm protection that come from using v1.)

You seem to be of the impression that I am "jumping on the bandwagon" so to speak by bashing on Gateway, but if you had taken the time to actually read most of my replies in this thread and others like it you would know that I actually own a Gateway flashcard and do use it on occasion. That I do not go around telling people "don't use gateway" or condemning them for doing so. I actually try to help the people that DO use it and try and educate them on what aspects of gateway's software are still dangerous (like their downgrade method and their a9lh installer).

 

[evandixon]

You do realize that the prick only supports code thieves and drm products that are based off leaked / stolen code right. The anal gland has been a plauge for years, ps3, xbox, etc. To hell with him.

So they don't explicitly state the license of some of the open source projects they've used as dictated by the GNU license. That's no reason to flame him.

 

[vb_encryption_vb]

So they don't explicitly state the license of some of the open source projects they've used as dictated by the GNU license. That's no reason to flame him.

Before you defend him, go look into his history...


True blue ring any bells.

 

[evandixon]

Before you defend him, go look into his history...


True blue ring any bells.

Looking at his post history on GBAtemp, he's more polite than either of us. Unless he has wronged you himself, there is no reason to attack him like that.

At least when people spread unneccessary hate on Gateway, their questionable business practices warrant a small fraction of the hate they recieve.

 

[vb_encryption_vb]

Looking at his post history on GBAtemp, he's more polite than either of us. Unless he has wronged you himself, there is no reason to attack him like that.

At least when people spread unneccessary hate on Gateway, their questionable business practices warrant a small fraction of the hate they recieve.

Look into his history outside of temp. He's wronged everyone in every scene as a whole.

And yes, he's thrown shade my way at xbox-scene.

 

[SigmaSebas]

You can get your OTP and update to 9.2 then install proper a9lh from there.

Follow this: https://github.com/Plailect/Guide/wiki/Browser-OTP

When I enter the site http://dukesrg.github.io/2xrsa.html?arm11.bin on my 3ds, the console freezes. It's the same with that "go.gateway-3ds.com" page.

I got the "3DS Browser Version1.7498 For Firmware4.0.0-4.5.0"

 

[vb_encryption_vb]

When I enter the site http://dukesrg.github.io/2xrsa.html?arm11.bin on my 3ds, the console freezes. It's the same with that "go.gateway-3ds.com" page.

I got the "3DS Browser Version1.7498 For Firmware4.0.0-4.5.0"

Connected to the Internet? Also helps to be close to the router. Is the arm11.bin on root of sd?

 

[SigmaSebas]

Connected to the Internet? Also helps to be close to the router. Is the arm11.bin on root of sd?

Yes, i'm very close, it's on the root of the sd. I don't know what to do, the Browser keeps freezing.

 

[Swiftloke]

I've got a question about a9lh. If you don't protect the FIRM, why does updating brick? Is it because our crafted key fails to jump to not-garbage at FIRM1? And why does it brick even if the update doesn't introduce a new FIRM? (Or is that just not true?)

 

[Quantumcat]

When I enter the site http://dukesrg.github.io/2xrsa.html?arm11.bin on my 3ds, the console freezes. It's the same with that "go.gateway-3ds.com" page.

I got the "3DS Browser Version1.7498 For Firmware4.0.0-4.5.0"

What version is your browser? On 2.1.0-4 it should be 1.7455. I wonder if you have a frankenfirm (though I've never seen that message before).

--------------------- MERGED ---------------------------

I've got a question about a9lh. If you don't protect the FIRM, why does updating brick? Is it because our crafted key fails to jump to not-garbage at FIRM1? And why does it brick even if the update doesn't introduce a new FIRM? (Or is that just not true?)

I think because new 3DS relies on the firms as part of the start up security. If you read yifan lu's blog there's some very in depth explanation of 3DS security (yifan.lu).

 

[Swiftloke]

What version is your browser? On 2.1.0-4 it should be 1.7455. I wonder if you have a frankenfirm (though I've never seen that message before).

--------------------- MERGED ---------------------------


I think because new 3DS relies on the firms as part of the start up security. If you read yifan lu's blog there's some very in depth explanation of 3DS security (yifan.lu).

Oh, I read that. By now I have a pretty good concept of the 3DS' security system. But no, that's not how FIRMs work at all! It's the code that the bootrom (or arm9loader on n3ds/a9lh) jump to to start up the OS. Think of it as the bootloader, if you will.

 

[Quantumcat]

Oh, I read that. By now I have a pretty good concept of the 3DS' security system. But no, that's not how FIRMs work at all! It's the code that the bootrom (or arm9loader on n3ds/a9lh) jump to to start up the OS. Think of it as the bootloader, if you will.

I did read the blog, but 90% of it was way over my head. Thanks for the clarification :-)

 

[SigmaSebas]

What version is your browser? On 2.1.0-4 it should be 1.7455. I wonder if you have a frankenfirm (though I've never seen that message before).

--------------------- MERGED ---------------------------


I think because new 3DS relies on the firms as part of the start up security. If you read yifan lu's blog there's some very in depth explanation of 3DS security (yifan.lu).

It must be frankenfirm because my browser version is 1.7498

 

[Aroth]

Oh, I read that. By now I have a pretty good concept of the 3DS' security system. But no, that's not how FIRMs work at all! It's the code that the bootrom (or arm9loader on n3ds/a9lh) jump to to start up the OS. Think of it as the bootloader, if you will.

My understanding of why a lack of firm protection leads can lead to a brick is that is something similar to what you first said. Part of the exploit code gets overwritten, causing it to fail outright (and in turn cause the system to fail to boot) or it results in a bad jump to garbage data instead of the payload. If you are lucky, it completely overwrites the a9lh data and you end up with a stock version of whatever you updated to.

As for why updates that do not include changes to native_firm still cause potential bricks, that is probably because every update includes the latest version of ANY title that has been updated since 2.x (for O3DS) or 8.x (for N3DS). Since the native_firm was updated as recently as 11.0 that means any future updates will include, at a minimum, a native_firm of v24368 even if the native firm was not changed in that specific CUP.

It must be frankenfirm because my browser version is 1.7498

Didn't you say you got an error part of the way through the Gateway downgrade method? That is as sure a sign as any that you are on a frankenfirmware (though the fact your browser is from 4.x and not 2.1 is verifiable proof).

Did you make a NAND backup BEFORE you attempted the downgrade, and if so, can you access the gateway menu at all?

 

[SigmaSebas]

My understanding of why a lack of firm protection leads can lead to a brick is that is something similar to what you first said. Part of the exploit code gets overwritten, causing it to fail outright (and in turn cause the system to fail to boot) or it results in a bad jump to garbage data instead of the payload. If you are lucky, it completely overwrites the a9lh data and you end up with a stock version of whatever you updated to.

As for why updates that do not include changes to native_firm still cause potential bricks, that is probably because every update includes the latest version of ANY title that has been updated since 2.x (for O3DS) or 8.x (for N3DS). Since the native_firm was updated as recently as 11.0 that means any future updates will include, at a minimum, a native_firm of v24368 even if the native firm was not changed in that specific CUP.



Didn't you say you got an error part of the way through the Gateway downgrade method? That is as sure a sign as any that you are on a frankenfirmware (though the fact your browser is from 4.x and not 2.1 is verifiable proof).

Did you make a NAND backup BEFORE you attempted the downgrade, and if so, can you access the gateway menu at all?

I did the NAND backup, yeah, but I can't access the gateway menu D:

 

[vb_encryption_vb]

I did the NAND backup, yeah, but I can't access the gateway menu D:

Hardmod may be the only fix you have than.

 

[Aroth]

I did the NAND backup, yeah, but I can't access the gateway menu D:

Hardmod may be the only fix you have than.

Basically, this.

Somehow or another the TimeMachine software stopped partway through a downgrade and left you in a half/half state. You very likely still have a 4.x native_firm, homemenu and other core files. You could try using exploits for 4.5 (I think that's what you said you were on before) and see what happens, but most likely you are out of luck.

Barring a hardmod to restore the 4.x dump, you could try entering safe_mode and updating from there, but this will put you on 11.0, with no way to downgrade without a hard mod or a second 3ds that is already hacked. To be honest, if you are stuck using a hardmod to restore the nand dump, I would suggest doing the safe_mode update since 11.0 is easier to start from if you have to do a hardmod anyways.

 

[SigmaSebas]

Basically, this.

Somehow or another the TimeMachine software stopped partway through a downgrade and left you in a half/half state. You very likely still have a 4.x native_firm, homemenu and other core files. You could try using exploits for 4.5 (I think that's what you said you were on before) and see what happens, but most likely you are out of luck.

Barring a hardmod to restore the 4.x dump, you could try entering safe_mode and updating from there, but this will put you on 11.0, with no way to downgrade without a hard mod or a second 3ds that is already hacked. To be honest, if you are stuck using a hardmod to restore the nand dump, I would suggest doing the safe_mode update since 11.0 is easier to start from if you have to do a hardmod anyways.

I was wrong, my internet browser version is 1.7455. I still think I got no choice but to do a hardmod... nothing seems to work.

 

[Quantumcat]

I was wrong, my internet browser version is 1.7455. I still think I got no choice but to do a hardmod... nothing seems to work.

Before you do, go to the general 9.2 update page and choose one for your previous firmware, just on the off chance that works.