Homebrew Im BACK (again)! Questions holy damn

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,228
Trophies
1
Location
Ireland
Website
github.com
XP
4,888
Country
Ireland
So ive been back and gone and back and gone and back etc a lot for this scene.
I have not even heard of boot9strap, or this nds-boot or something and this flashcart exploit.

I have some BURNING Questions!

1) Can someone explain exactly how this flashcart exploit came about?
What I mean is, that bootloader exploit was announced and eventually stuff came about it, but then while I was 100% away from the scene (not expecting to be back)
I spotted a recommended video about using an R4i Gold RTS to hack any firmware 3DS.
Can someone explain how this just came out of the blue and how exactly this works and why it cant be patched? (Apart from blacklisting the cards).
Was someone holding the exploit til R.I.P days of the 3DS system family to release it for future-ness or was it just coincidentally found by some magical human being?

2) I see it requires pretty much just a 3DS (or DS/LITE/i) and a Magnet.
I have a n2DS XL on the way from Amazon and a R4i Gold 3DS Plus (+) (the one with the ntrboot switch) but I probably wont have a magnet
by the time it gets here. I do have some random magnets around the place but im worried none will be powerful enough and theres no magnets sold around where I am
So I dont want to wait a long time for amazon or ebay and pay like 10£ shipping just for a $2 magnet.
Any ideas what I can use?
I have a o3DS non XL, and dont they have a thing where you put 2 of em on top of each other and they both do the sleep mode/screens off thing caused by the magnets.
Would I be able to use the o3DS for this purpose? (Its broken btw, screen connectors and a black wire singed off on the left of the top screen and the top right bit is completely snapped off).

3) Since I was out (Basic CFW installation + LumaCFW time) has there been any new cool things to install on the system?
As in, is there cool stuff you can do that you couldnt back then? Like is there improved load time, easier startup, better hotkey systems
Or any cool apps/features like some insane theme options or an improved livestream mechanic?

4) Is there anything you think I have plain missed in my Q&A here?
Is there something DOPE I didnt ask about here that came about?

As always amazing 3DS community <3
 

punderino

aka Big-PeePee Swinger
Member
Joined
Jan 5, 2016
Messages
1,239
Trophies
0
Age
31
Location
Kansas City, Missouri
Website
www.anus.trade
XP
2,124
Country
United States
Nope haha, Got 1 single HDD in good condition, sold it like a week ago.
Rip. As to the first question. They decrypted the bootrom, arm9, and arm11. They got the keys to the cartridges in the factory that Nintendo can flash a system with and ntrboothax uses that against the system to flash boot9strap
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,228
Trophies
1
Location
Ireland
Website
github.com
XP
4,888
Country
Ireland
Rip. As to the first question. They decrypted the bootrom, arm9, and arm11. They got the keys to the cartridges in the factory that Nintendo can flash a system with and ntrboothax uses that against the system to flash boot9strap
Wait so nintendo had a cartridge that essentially updates systems offline, and they just Reversed em and used em with flashcarts? Smart af but how did they get that exactly?
 

punderino

aka Big-PeePee Swinger
Member
Joined
Jan 5, 2016
Messages
1,239
Trophies
0
Age
31
Location
Kansas City, Missouri
Website
www.anus.trade
XP
2,124
Country
United States
Wait so nintendo had a cartridge that essentially updates systems offline, and they just Reversed em and used em with flashcarts? Smart af but how did they get that exactly?
Something like that. Like if you turned your system off during a update, they had a special signed cartridge and once they put it in a system and held the combo w/ the magnet it would reflash the NAND afaik. So they just implemented that into boot9strap. I don't know the very specifics.
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,228
Trophies
1
Location
Ireland
Website
github.com
XP
4,888
Country
Ireland
Something like that. Like if you turned your system off during a update, they had a special signed cartridge and once they put it in a system and held the combo w/ the magnet it would reflash the NAND afaik. So they just implemented that into boot9strap. I don't know the very specifics.
Interesting, surprised that leak even got out but damn impressive haha
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,228
Trophies
1
Location
Ireland
Website
github.com
XP
4,888
Country
Ireland
Maybe you can get a magnet from a home worker store that sells Screwdrivers and so... Also, talking about screwdrivers, maybe you have a magnetized screwdriver you could use.
I do have a magnetized screwdriver but its just the tip and its not INSANELY strong, but I have a shit ton of magnetized screw types that insert into it, maybe ill be lucky if I put all 40 of em next to abxy lmao
 
Joined
Nov 29, 2017
Messages
108
Trophies
0
XP
98
Country
Netherlands Antilles
Dunno bout everyone else, but I just used a simple fridge magnet and it works. Don't need no special 'insanely strong' super magnet or such. Positioning of the magnet to trigger sleep mode that's the key.
 

DarkRioru

reach for the stars
Member
Joined
Aug 29, 2015
Messages
2,113
Trophies
0
Age
24
Location
looking up at the stars
Website
steamcommunity.com
XP
1,803
Country
United States
I do have a magnetized screwdriver but its just the tip and its not INSANELY strong, but I have a shit ton of magnetized screw types that insert into it, maybe ill be lucky if I put all 40 of em next to abxy lmao
I used a child lock magnet that's used for unlocking cabnets... do you have one of those?
 

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,468
Trophies
2
XP
14,186
Country
Micronesia, Federated States of
Wait so nintendo had a cartridge that essentially updates systems offline, and they just Reversed em and used em with flashcarts? Smart af but how did they get that exactly?
If you want to get filled in on the b9s/bootrom/ntrboot saga, just read the slide presentation of one of the lead devs.
https://sciresm.github.io/33-and-a-half-c3/
Highly recommended.
 
  • Like
Reactions: Cralex

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
22,387
Trophies
4
Location
Space
XP
12,098
Country
Norway
So ive been back and gone and back and gone and back etc a lot for this scene.
I have not even heard of boot9strap, or this nds-boot or something and this flashcart exploit.

I have some BURNING Questions!

1) Can someone explain exactly how this flashcart exploit came about?
What I mean is, that bootloader exploit was announced and eventually stuff came about it, but then while I was 100% away from the scene (not expecting to be back)
I spotted a recommended video about using an R4i Gold RTS to hack any firmware 3DS.
Can someone explain how this just came out of the blue and how exactly this works and why it cant be patched? (Apart from blacklisting the cards).
Was someone holding the exploit til R.I.P days of the 3DS system family to release it for future-ness or was it just coincidentally found by some magical human being?

2) I see it requires pretty much just a 3DS (or DS/LITE/i) and a Magnet.
I have a n2DS XL on the way from Amazon and a R4i Gold 3DS Plus (+) (the one with the ntrboot switch) but I probably wont have a magnet
by the time it gets here. I do have some random magnets around the place but im worried none will be powerful enough and theres no magnets sold around where I am
So I dont want to wait a long time for amazon or ebay and pay like 10£ shipping just for a $2 magnet.
Any ideas what I can use?
I have a o3DS non XL, and dont they have a thing where you put 2 of em on top of each other and they both do the sleep mode/screens off thing caused by the magnets.
Would I be able to use the o3DS for this purpose? (Its broken btw, screen connectors and a black wire singed off on the left of the top screen and the top right bit is completely snapped off).

3) Since I was out (Basic CFW installation + LumaCFW time) has there been any new cool things to install on the system?
As in, is there cool stuff you can do that you couldnt back then? Like is there improved load time, easier startup, better hotkey systems
Or any cool apps/features like some insane theme options or an improved livestream mechanic?

4) Is there anything you think I have plain missed in my Q&A here?
Is there something DOPE I didnt ask about here that came about?

As always amazing 3DS community <3
ntrboot (the DS flashcart exploit) as well as sighax (what eventually turned into Boot9Strap) were mentioned during 33c3 (a hacking conference) a year ago. Nothing was released, but it gave devs something to go off of.
The only problem was, both required a bootrom dump, as they had to find the signature check flaw in the bootrom that allow both of these to work. With the flaw found, they were able to create a key that was able to sign .firm binaries that would be recognized by the 3DS as legit.
They didn't have a lot to go off of as far as obtaining the bootrom, so it took a while, but a few months later sighax was finally released, and shortly after Boot9Strap (a refined, safer version of sighax) followed.
ntrboot took a lot longer, as they wanted to ensure it supported multiple flashcarts, so prices wouldn't skyrocket like they did with Cubic Ninja when that was first announced as a homebrew entrypoint. Which was probably a good call, as flashcart prices don't seem to have been affected much at all (R4i Gold 3DS went up in price by a few dollars on nds-card but quickly went back down)

ntrboot is actually a feature of the bootrom, but it was never intended to be able to load self-signed .firm binaries, so it would have been completely secure if it wasn't for the signature checking flaw.
Sighax and Boot9Strap simply make use of that same flaw by acting as a bootloader that is self-signed and can be installed into the FIRM0/FIRM1 partitions with software or hardware. But in order to do that, you need direct access to the NAND, which normal 3DS-side homebrew doesn't give you, and that's where ntrboot comes in.
 

einhuman197

Well-Known Member
Member
Joined
Aug 17, 2015
Messages
985
Trophies
0
Location
Inside your bootloader (´◉◞౪◟◉)
XP
759
Country
Germany
I do have a magnetized screwdriver but its just the tip and its not INSANELY strong, but I have a shit ton of magnetized screw types that insert into it, maybe ill be lucky if I put all 40 of em next to abxy lmao
They don't have to be insanely strong. A few stacked above the sensor should do it. Good luck:)
 

You may also like...

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Lol