[HELP] I made a huge mistake while installing a9lh again

Discussion in '3DS - Flashcards & Custom Firmwares' started by Miguel Gomez, Jan 5, 2017.

  1. Miguel Gomez
    OP

    Miguel Gomez GBAtemp Addict

    Member
    2,475
    634
    Jan 10, 2016
    Planet Earth
    So as you can see on this thread, I successfully installed arm9loaderhax on the o3DSXL.
    Now, I got myself another 3DS with 9.9.0 and I tried installing a9lh again. However, during the process of downgrading to 2.1.0, I noticed that the downgrade can't proceed because of lack of space(the SD Card is 2GB which is a bad memory). I accidentally press continue and it proceeds. Since I panicked, I forced shutdown the 3DS. Afterwards, the 3DS no longer respond. It feels like Black Screen of Death with no display and has blue light(red if low battery).

    While searching for answers, it seems that no one mentioned this issue during downgrading. The only solution is to open the insides of the 3DS console and unplug/plug the WiFi chip. I did that but no results.

    I'm afraid that there's no answers to fix it and I wasted cash just to buy another one. So to save the 3DS that I spent P11K, can you help me fix it?

    If no solution, I really had no choice but to buy another one instead.
     
  2. Aletron9000

    Aletron9000 3DS Master

    Member
    1,603
    457
    May 10, 2016
    United States
    3DS ARM9 CPU
    Wait, you forced turned it off in the middle of the transfer? It is bricked. If you have a nand backup, then you can get a hardmod and restore the backup. If you don't have a nand backup, then you have a brick that cannot be repaired.
     
    Quantumcat and Ryccardo like this.
  3. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    Until sighax comes out, at least
     
  4. Aletron9000

    Aletron9000 3DS Master

    Member
    1,603
    457
    May 10, 2016
    United States
    3DS ARM9 CPU
    How would sighax help with this?
     
  5. pre10c

    pre10c GBAtemp Fan

    Member
    309
    43
    Jan 15, 2016
    Belgium
    Wait what ?? You tried a downgrade with a bad memory card??
     
    Aletron9000 likes this.
  6. Gnarmagon

    Gnarmagon Noob <3

    Member
    498
    77
    Dec 12, 2016
    Germany
    How did you got all the Files on a 2GB Card ???
    Ctransfer ≈ 1GB
    Backup of SysNand ≈1.2GB....
     
  7. pre10c

    pre10c GBAtemp Fan

    Member
    309
    43
    Jan 15, 2016
    Belgium
    Well from the looks off it he didn't make a backup ;)
     
  8. Miguel Gomez
    OP

    Miguel Gomez GBAtemp Addict

    Member
    2,475
    634
    Jan 10, 2016
    Planet Earth
    Yeah. You're right. I didn't make a backup. Welp, what a waste.
    Might as well sell it and if someone had hardmod he/she might fix it.
     
  9. pre10c

    pre10c GBAtemp Fan

    Member
    309
    43
    Jan 15, 2016
    Belgium
    If there's no backup then there's no way of fixing it, even with a hardmode. And to be rude, this is what you get when not taking backups and using a wanky SD card.
     
  10. Gnarmagon

    Gnarmagon Noob <3

    Member
    498
    77
    Dec 12, 2016
    Germany
    You can just swap the Board ;)
     
  11. Astral_

    Astral_ GBAtemp elder

    Member
    426
    37
    Oct 24, 2002
    France
    France
    This is not recoverable. You could still sell it as bricked for spare parts...
     
  12. Urbanshadow

    Urbanshadow GBAtemp Maniac

    Member
    1,299
    476
    Oct 16, 2015
    Manually injecting via hardmod another console's manually encripted nand using sighax's magic signature. It would bypass bootrom sig and size checks, get successfully decrypted and executed as in a vanilla system. Heaven, my friend.
     
    Last edited by Urbanshadow, Jan 5, 2017
    piterayo and Quantumcat like this.
  13. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    Not entirely correct. It cannot create a universal NAND image, console unique encryption is actually based on the OTP. What we can do, however, is use the known plaintext attack on one of the firm partitions to generate an xorpad, which we use to encrypt a sighax firm for injection back in, the injected firm can just be a payload like decrypt9, which can simply do a ctrtransfer to recover the system from there... Still, pretty simple method :)
     
  14. Urbanshadow

    Urbanshadow GBAtemp Maniac

    Member
    1,299
    476
    Oct 16, 2015
    I stand corrected then. I have to admit it's hard to me to undestand derrek sometimes.

    For this to work with op without a nand backup, you are hoping to have a clean firm0 or firm1 in op's nand, then dump it encrypted to disk with a hardmod. To perform the plaintext, that is.
     
    Last edited by Urbanshadow, Jan 5, 2017
    KiiWii likes this.
  15. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    Yeah, they should be clean, they aren't touched until the end, so the firm partitions will be OK
     
  16. Urbanshadow

    Urbanshadow GBAtemp Maniac

    Member
    1,299
    476
    Oct 16, 2015
    Question: From that point, the ctrtransfer will be done using op's real signature or sighax one?
     
  17. Miguel Gomez
    OP

    Miguel Gomez GBAtemp Addict

    Member
    2,475
    634
    Jan 10, 2016
    Planet Earth
    In short, the 3DS is fully bricked and cannot restored without backups.
    RIP

    I wonder if the Nintendo Switch might have an exploit to access Homebrew. We'll see that on March.
    Hopefully, the Switch might have 3DS Compatibility.
     
  18. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    Huh? This question doesn't really make sense... Let me break it down a bit. It seems you're getting signatures and encryption mixed up. Sighax only applies to a decrypted version of the firmware. We can basically "replace" the signature with one that simply verifies as correct always. From there, we load a payload. The main reason we must do this is because ctrnand (the thing we're trying to recover) is encrypted with console unique keys as well, and is too unpredictable to reliably decrypt (we don't have plaintext) so, we need to gain arm9 code execution to use the AES engine, which has the keys set properly for us, then we can encrypt a new ctrnand partition for the OP and install a new firm in place, once that's done they should be good to go

    — Posts automatically merged - Please don't double post! —

    It can be restored without backups once we have a correct sighax signature. It will need to be hard modded, however
     
    Miguel Gomez and Urbanshadow like this.
  19. ArviDroid

    ArviDroid Infamous temper

    Member
    294
    16
    Mar 26, 2016
    I did A9LH with a 2GB Sd card. It worket out nicely with ~80mb of free space left. I didn't have about anything on it. Or are the NAND backups bigger on a new 3DS for example?
     
    Last edited by ArviDroid, Jan 16, 2017
  20. Miguel Gomez
    OP

    Miguel Gomez GBAtemp Addict

    Member
    2,475
    634
    Jan 10, 2016
    Planet Earth
    Great. I might as well give the brick 3DS to someone with Hardmod experience.