Hardmod issues

Discussion in '3DS - Flashcards & Custom Firmwares' started by Matthew B, Sep 8, 2016.

  1. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    Sorry, this is more a downgrade issue than hard mod issue as title suggests.

    Ok, so I hardmodded my new 3ds xl and ordered the proper sd card reader to dump the nand, I dumped it 3 times and the md5 and sha1 hashes matched on 2 of them, so I proceeded with one of those 2 dumps. I ran through autofirm and it evenutually was written to the nand on my system, it says the writing was completed OK, but when I goto restart my 3ds after unplugging the sdcard, I get a blue screen with the "signature failed verification" error code. This happens still when I try to write back the original nand. My question is, what are some possible reasons for this? I feel as though if it were the soldering that I would have never gotten 2 dumps with matching hashes that were exact same size (1.84G). Is something wrong with my writing?
     
    Last edited by Matthew B, Sep 8, 2016
  2. vb_encryption_vb

    vb_encryption_vb That hardmod guy....

    Member
    1,853
    892
    Nov 21, 2015
    United States
    Acworth, GA
    So 3 dump only 2 matched? Soldering was bad, probably a bad nand dump to begin with.
     
  3. leerz

    leerz GBAtemp Advanced Fan

    Member
    512
    127
    Jan 11, 2015
    Makati
    New nand chip version? Autofirm might not be detecting it probably, but I'd check my wiring
     
  4. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    I was thinking that - but then remembered I may had restarted my 3DS in between 1st and 2nd/3rd dumps, which from what I understand would cause my dump hash to change. I'm curious though if it was bad soldering, how I could get 2 identical NAND dump hashes? The solder job looks clean to me, double and triple checked the connections against the wiring diagram.

    I will also add, the sd card adapter I am using does not have the r/w protection switch on it anymore, it's missing, could that have anything to do with it?
     
  5. astronautlevel

    astronautlevel But he's a guy

    Member
    3,935
    4,678
    Jan 26, 2016
    United States
    That Nightly Siteā„¢
  6. vb_encryption_vb

    vb_encryption_vb That hardmod guy....

    Member
    1,853
    892
    Nov 21, 2015
    United States
    Acworth, GA
    It wouldn't even write back if it's missing the r/w chip unless you taped it off or something to make it write.

    I'd like to see pictures of your soldering.

    — Posts automatically merged - Please don't double post! —

    He stated he tried to write the original unpatched NAND back and still has BSOD.
     
  7. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    Fair, I will upload pictures as soon as I can - at work currently. Thanks in advance for taking a look.

    OK, I will try this later when I get home - thanks for the tip.
     
  8. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    I also read this somewhere:

    Wonder if it would make any difference, assuming I had a good dump anyway.
     
  9. vb_encryption_vb

    vb_encryption_vb That hardmod guy....

    Member
    1,853
    892
    Nov 21, 2015
    United States
    Acworth, GA

    The dump you had, may have not been good is the thing. It may have read the data, but could be missing some things. Open the dump in a hex editor and look at it.
     
  10. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    I opened one of the matching dumps in a hex editor after I dumped it and seen in plain text "NCSD" somewhere in there, assumed it was good. Anything specific I am supposed to look for?
     
  11. vb_encryption_vb

    vb_encryption_vb That hardmod guy....

    Member
    1,853
    892
    Nov 21, 2015
    United States
    Acworth, GA
    garbled text, but at this point I think it's a soldering issue.
     
  12. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    OK, definitely garbled text in there, I'll upload some pictures when I get home around 5 EST of my soldering work, hopefully you'll be around then to take a peek and see what you think.

    Thanks again.
     
    vb_encryption_vb likes this.
  13. Selver

    Selver 13,5,1,14,9,14,7,12,5,19,19

    Member
    199
    276
    Dec 22, 2015
    It's not enough to find that. Also need to look for any sector where the last eight bytes are identical (except for 0xFF or 0x00 for whole sector, indicating unwritten flash). Because it's encrypted, it's astronomically unlikely this will happen in a correct dump. However, it does happen with hardmods, likely due to a very low-level interaction between the SD reader and the MMC device.

    In such a situation where the hardmod is slightly flaky, or interacts poorly with the SD reader, or picks up occasional noise on one of the lines, certain corruption patterns can occur that are detectable.
    The first few bytes are valid, but then the last byte is repeated for the remainder of that sector.

    Example of bad dump of this type

    Technical conjecture

    As you know, the NAND is updated every time the console boots, so the following only applies where you perform the dumps without powering off the device.
    1. Dump the NAND via hardmod
    2. Dump a second time via hardmod
    3. Hash both images
    4. If non-matching, dump a third time via hardmod
    5. Use a specialized utility for merging

    I wrote the following specialized merge utility. Here's the source and a precompiled binary:
    https://github.com/Selver-gba/MergeImages - .NET (C#) source
    https://filetrip.net/dl?czvVVbb7F7 - Precompiled .NET binary

    Let me know if that is useful.
     
    Last edited by Selver, Sep 9, 2016
  14. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    Thats great, thanks. I definitely will try the merge on the dumps and look for instances of such repetition - Let me ask you though, do you think its possible to get 2 identical in size and hash dumps that are "bad dumps" from the NAND? I have 2 that are identical.
     
    Last edited by Matthew B, Sep 8, 2016
  15. Selver

    Selver 13,5,1,14,9,14,7,12,5,19,19

    Member
    199
    276
    Dec 22, 2015
    Possible? Yes. Possible causes: NAND was actually corrupt for some reason before the dump.

    Likely if the NAND booted after the dump? No. (astronomically unlikely)
     
  16. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
    I see, so you recommend looking at the dumps in hex, try to identify any bad sectors - and trying a merge on all 3 dumps, or just the 2 identical ones?
     
  17. Matthew B
    OP

    Matthew B Member

    Newcomer
    12
    1
    Sep 8, 2016
    United States
  18. vb_encryption_vb

    vb_encryption_vb That hardmod guy....

    Member
    1,853
    892
    Nov 21, 2015
    United States
    Acworth, GA
    Pic of soldering.
     
    astronautlevel likes this.
  19. Selver

    Selver 13,5,1,14,9,14,7,12,5,19,19

    Member
    199
    276
    Dec 22, 2015
    Sorry, it appears that filetrip deleted the binary. It seems FileTrip pretends to have it, then sends the 403 error message (HTML) as the file requested. Weird.

    Given the source code is available, please use that (or use it as a baseline to write your own checker).

    Well, you said two of them are identical to each other.
    Even so, go ahead and try to merge... the log file would show anything of interest.

    You could also modify the source code to just scan a single file for those patterns of corruption, if you only have one file. It doesn't guarantee the data is valid if nothing is found, but it could definitely identify if something's wrong.

    You wouldn't happen to already have generated the XORPADs for the system nand, using Decrypt9 or the like? If you have, then many more options (although none automated) become available.....