[Help] Installed wrong OTP. Am I screwed?

Discussion in '3DS - Flashcards & Custom Firmwares' started by SanchezTG, May 13, 2016.

  1. SanchezTG
    OP

    SanchezTG Member

    Newcomer
    10
    0
    Oct 15, 2011
    United States
    Edit: I do not have a NAND backup from before I used the wrong OTP. I also do not have the right OTP file for this system. I installed the hard mod and I'm ready to try anything.

    Original:


    Hey, I accidentally used the wrong OTP file when using SafeA9LHInstallerv1.5.2. I do not have a NAND backup for this sytem and can't boot into recovery. It just has a black screen on startup. How screwed am I?

    I have another 3DS with A9LH installed. I also have a RaspberryPi, as I remember that being useful for unbricking certain bricks (Gateway, I believe). What are my options?
     
    Last edited by SanchezTG, Jun 5, 2016


  2. SomeGamer

    SomeGamer Within Hyrule Castle

    Member
    5,729
    2,676
    Dec 19, 2014
    Hungary
    I think it's permanently bricked.
     
  3. Sora Takihawa

    Sora Takihawa AFF (Akiba Freedom Fighter)

    Member
    1,304
    174
    Oct 11, 2015
    Germany
    Akiba (Akihabara)
    without nand backup even a raspberry pi and hardmod wont help.
    you should always make a sysnand backup or youre screwed.
     
  4. GerbilSoft

    GerbilSoft GBAtemp Addict

    Member
    2,038
    2,231
    Mar 8, 2012
    United States
    How exactly did you even get to the point of running SafeA9LHInstaller without any NAND backups?

    If it's an O3DS/2DS, you *may* be able to restore FIRM0/FIRM1 manually via a hardmod using a known plaintext attack, similar to the 10.4+ downgrade method.
    If it's an N3DS, you're probably out of luck, since one of the sectors required for arm9loader was overwritten.
     
    Last edited by GerbilSoft, May 13, 2016
  5. SanchezTG
    OP

    SanchezTG Member

    Newcomer
    10
    0
    Oct 15, 2011
    United States
    I very dumbly picked up the wrong O3DS when I was at that step in the guide by Plialect. It is an O3DS and I can do the hardmod on it. What would be required next?
     
  6. GerbilSoft

    GerbilSoft GBAtemp Addict

    Member
    2,038
    2,231
    Mar 8, 2012
    United States
    The known plaintext downgrade is detailed here: https://github.com/Plailect/Guide/wiki/Hardmod-Downgrade - but this won't work as-is for this situation.

    @Plailect Is it actually possible to recover FIRM1 here? I'm not positive if this method would work to cross-flash between an N3DS FIRM (as installed by SafeA9LHInstaller) and an O3DS FIRM due to the encryption.
     
    Last edited by GerbilSoft, May 13, 2016
  7. Boogieboo6

    Boogieboo6 @realDonaldTrump

    Member
    936
    1,249
    Jul 30, 2015
    United States
    You need a nand backup. A hardmod just lets you write a non-rekt nand to the console. Your 3ds is a permanent potato because you have no nand backup. Or maybe just listen to GerbilSoft.
     
    Ricken likes this.
  8. SomeGamer

    SomeGamer Within Hyrule Castle

    Member
    5,729
    2,676
    Dec 19, 2014
    Hungary
    No necessarily. A9LH install messes with FIRM, which we downgrade.
     
    Harvest God and Boogieboo6 like this.
  9. Plailect

    Plailect GBAtemp Advanced Fan

    Member
    516
    1,222
    Jan 30, 2016
    United States
    This is fixable, but you will need a hardmod and the OTP that you used for the install. If we also know what FIRM version you started with (I'm assuming 9.2, correct me otherwise), then we can do a plaintext firm attack to swap the FIRM in NAND since we know what payload you installed.
     
    dimmidice likes this.
  10. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,314
    1,712
    May 30, 2015
    United States
    Actually, if all that was done was using the wrong OTP, then it's entirely possible to easily fix this, (with a hardmod) you'll need to actually use the old sector generator for a9lh and generate the PROPER sector, with the right OTP, then simply install that at the correct offset (sector 0x96 which is offset 0x96 * 0x200 in NAND)
     
    Last edited by dark_samus3, May 14, 2016
    Purge likes this.
  11. Plailect

    Plailect GBAtemp Advanced Fan

    Member
    516
    1,222
    Jan 30, 2016
    United States
    True, and that's far easier.

    Unfortunately, this doesn't change the requirements to fix, so the hardmod and OTP will still be needed.
     
  12. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,314
    1,712
    May 30, 2015
    United States
    Yep, and if the OP is up to soldering some wires, then it'd be a simple fix :)
     
  13. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,409
    19,835
    Sep 13, 2009
    Antarctica
    Between insane and insecure
  14. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,314
    1,712
    May 30, 2015
    United States
    Not true, the only thing wrong with his system would be the secret sector, as long as he as his OTP all he has to do is what we mentioned above :)
     
  15. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,409
    19,835
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    Oh, I didn't know there was a fix without the need for a NAND back up. I learned something new, thanks ^_^
     
  16. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,314
    1,712
    May 30, 2015
    United States
    With what I'm currently working on, you'll need minimal stuff to entirely fix a 3ds.. you'll need some files from CTRNAND, (moveable.sed, secureinfo_a) the NCSD header from the console you intend on fixing and some external hardware (to perform a9lh without OTP), after that you simply do a9lh without OTP (requires some small soldering), put the proper NCSD header into NAND, then using the a9lh, boot up D9, from there you can regenerate all of the encryption you'll need and then you copy your original secureinfo_a and moveable.sed back in... you'll also need to recalculate the AES-MAC for the title.db... from there you'll be able to boot into home menu, but it'll have no applications, however you'll still be able to use applets (like browser), since we can control which version the CTRNAND is, we'll just have a 9.2 image or something with browserhax and we can start sysUpdater and reinstall everything... Long process, but it'll save a console
     
    Quantumcat and Lilith Valentine like this.
  17. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,409
    19,835
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    I am 100% interested in seeing the end results in this project! No really, I love hearing members working to better the community!
     
  18. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,314
    1,712
    May 30, 2015
    United States
    now if only we could get people to start backing up their files!
     
  19. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,409
    19,835
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    It's sad that people don't do regular backups. I know I do backups, battery testing, system clean up, ect. every Thursday since I am off every Thursday.
     
  20. Boogieboo6

    Boogieboo6 @realDonaldTrump

    Member
    936
    1,249
    Jul 30, 2015
    United States
    It's good you do backups, but doesn't all that every Thursday seem a bit excessive?