Hacking [HELP] I made a huge mistake while installing a9lh again

Miguel Gomez

Well-Known Member
OP
Member
Joined
Jan 10, 2016
Messages
2,867
Trophies
0
Age
25
Location
Planet Earth
XP
1,530
Country
So as you can see on this thread, I successfully installed arm9loaderhax on the o3DSXL.
Now, I got myself another 3DS with 9.9.0 and I tried installing a9lh again. However, during the process of downgrading to 2.1.0, I noticed that the downgrade can't proceed because of lack of space(the SD Card is 2GB which is a bad memory). I accidentally press continue and it proceeds. Since I panicked, I forced shutdown the 3DS. Afterwards, the 3DS no longer respond. It feels like Black Screen of Death with no display and has blue light(red if low battery).

While searching for answers, it seems that no one mentioned this issue during downgrading. The only solution is to open the insides of the 3DS console and unplug/plug the WiFi chip. I did that but no results.

I'm afraid that there's no answers to fix it and I wasted cash just to buy another one. So to save the 3DS that I spent P11K, can you help me fix it?

If no solution, I really had no choice but to buy another one instead.
 

Aletron9000

Well-Known Member
Member
Joined
May 10, 2016
Messages
1,716
Trophies
0
Location
Classified
XP
1,576
Country
United States
Wait, you forced turned it off in the middle of the transfer? It is bricked. If you have a nand backup, then you can get a hardmod and restore the backup. If you don't have a nand backup, then you have a brick that cannot be repaired.
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Wait, you forced turned it off in the middle of the transfer? It is bricked. If you have a nand backup, then you can get a hardmod and restore the backup. If you don't have a nand backup, then you have a brick that cannot be repaired.
Until sighax comes out, at least
 

pre10c

Well-Known Member
Member
Joined
Jan 15, 2016
Messages
329
Trophies
0
Age
35
XP
497
Country
Belgium
Yeah. You're right. I didn't make a backup. Welp, what a waste.
Might as well sell it and if someone had hardmod he/she might fix it.
If there's no backup then there's no way of fixing it, even with a hardmode. And to be rude, this is what you get when not taking backups and using a wanky SD card.
 

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
How would sighax help with this?

Manually injecting via hardmod another console's manually encripted nand using sighax's magic signature. It would bypass bootrom sig and size checks, get successfully decrypted and executed as in a vanilla system. Heaven, my friend.
 
Last edited by Urbanshadow,

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Manually injecting via hardmod another console's manually encripted nand using sighax's magic signature. It would bypass bootrom sig and size checks, get successfully decrypted and executed as in a vanilla system. Heaven, my friend.

EDIT: Theoretically, sighax can generate an universal 3ds nand image. With a hardmod, this image can be recovered in any system able to boot with a healthy nand chip.
Not entirely correct. It cannot create a universal NAND image, console unique encryption is actually based on the OTP. What we can do, however, is use the known plaintext attack on one of the firm partitions to generate an xorpad, which we use to encrypt a sighax firm for injection back in, the injected firm can just be a payload like decrypt9, which can simply do a ctrtransfer to recover the system from there... Still, pretty simple method :)
 

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
Not entirely correct. It cannot create a universal NAND image, console unique encryption is actually based on the OTP. What we can do, however, is use the known plaintext attack on one of the firm partitions to generate an xorpad, which we use to encrypt a sighax firm for injection back in, the injected firm can just be a payload like decrypt9, which can simply do a ctrtransfer to recover the system from there... Still, pretty simple method :)

I stand corrected then. I have to admit it's hard to me to undestand derrek sometimes.

For this to work with op without a nand backup, you are hoping to have a clean firm0 or firm1 in op's nand, then dump it encrypted to disk with a hardmod. To perform the plaintext, that is.
 
Last edited by Urbanshadow,
  • Like
Reactions: KiiWii

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
I stand corrected then. I have to admit it's hard to me to undestand derrek sometimes.

For this to work with op without a nand backup, you are hoping to have a clean firm0 or firm1 in op's nand, then dump it encrypted to disk with a hardmod. To perform the plaintext, that is.
Yeah, they should be clean, they aren't touched until the end, so the firm partitions will be OK
 

Miguel Gomez

Well-Known Member
OP
Member
Joined
Jan 10, 2016
Messages
2,867
Trophies
0
Age
25
Location
Planet Earth
XP
1,530
Country
In short, the 3DS is fully bricked and cannot restored without backups.
RIP

I wonder if the Nintendo Switch might have an exploit to access Homebrew. We'll see that on March.
Hopefully, the Switch might have 3DS Compatibility.
 

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Question: From that point, the ctrtransfer will be done using op's real signature or sighax one?
Huh? This question doesn't really make sense... Let me break it down a bit. It seems you're getting signatures and encryption mixed up. Sighax only applies to a decrypted version of the firmware. We can basically "replace" the signature with one that simply verifies as correct always. From there, we load a payload. The main reason we must do this is because ctrnand (the thing we're trying to recover) is encrypted with console unique keys as well, and is too unpredictable to reliably decrypt (we don't have plaintext) so, we need to gain arm9 code execution to use the AES engine, which has the keys set properly for us, then we can encrypt a new ctrnand partition for the OP and install a new firm in place, once that's done they should be good to go

--------------------- MERGED ---------------------------

In short, the 3DS is fully bricked and cannot restored without backups.
RIP

I wonder if the Nintendo Switch might have an exploit to access Homebrew. We'll see that on March.
Hopefully, the Switch might have 3DS Compatibility.
It can be restored without backups once we have a correct sighax signature. It will need to be hard modded, however
 

ArviDroid

Infamous GBAtemper
Member
Joined
Mar 26, 2016
Messages
428
Trophies
0
Age
24
XP
1,793
Country
Sweden
How did you got all the Files on a 2GB Card ???
Ctransfer ≈ 1GB
Backup of SysNand ≈1.2GB....

I did A9LH with a 2GB Sd card. It worket out nicely with ~80mb of free space left. I didn't have about anything on it. Or are the NAND backups bigger on a new 3DS for example?
 
Last edited by ArviDroid,

Miguel Gomez

Well-Known Member
OP
Member
Joined
Jan 10, 2016
Messages
2,867
Trophies
0
Age
25
Location
Planet Earth
XP
1,530
Country
Huh? This question doesn't really make sense... Let me break it down a bit. It seems you're getting signatures and encryption mixed up. Sighax only applies to a decrypted version of the firmware. We can basically "replace" the signature with one that simply verifies as correct always. From there, we load a payload. The main reason we must do this is because ctrnand (the thing we're trying to recover) is encrypted with console unique keys as well, and is too unpredictable to reliably decrypt (we don't have plaintext) so, we need to gain arm9 code execution to use the AES engine, which has the keys set properly for us, then we can encrypt a new ctrnand partition for the OP and install a new firm in place, once that's done they should be good to go

--------------------- MERGED ---------------------------


It can be restored without backups once we have a correct sighax signature. It will need to be hard modded, however
Great. I might as well give the brick 3DS to someone with Hardmod experience.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    straferz @ straferz: Anybody know why this is happening to my ACWW town...