Is al9h really that secure?

Discussion in '3DS - Flashcards & Custom Firmwares' started by annoyingcalc, Dec 7, 2016.

  1. annoyingcalc
    OP

    annoyingcalc GBAtemp Regular

    Member
    162
    27
    Mar 16, 2014
    United States
    I've been reading about how Al9h + Luma3DS should be able to survive updates, but what about if Nintendo was really trying to remove it? I mean, it seems to me like the "arm9loaderhax.bin" on the SD card or NAND will run every start up. What stops Nintendo from modifying these files? I heard about there being write protection to the FIRM, but I haven't heard of anything that stops them from modifying files on the SD card. What if they made something that every shutdown deleted arm9loaderhax.bin (Making you have to plugin the SD card to your computer every time you want to boot up) or even worse, replace it with their own file that could delete all "not acceptable" content on the SD including EmuNAND. Of course we could patch this out, but this would require a patch to be made. Everyone who updated (who may or may not have a recent backup) would lose all of their stuff. (Assuming Nintendo wants to take a Gateway approach to things)



    Or am I completely wrong and would this not work?
     


  2. Ominous66521

    Ominous66521 GBAtemp Maniac

    Member
    1,053
    234
    Feb 7, 2016
    United States
    If Nintendo knew how to get rid of it they wouldn't of made a bug bounty trying to bribe hackers for a solution.
     
  3. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,725
    2,481
    Jul 23, 2012
    United States
    Octo Canyon
    They wouldn't be doing this if they were going to kill off the 3DS, so we might even get another Pokemon gen down the road. Hopefully it will be exclusive to the N3DS, and really take advantage of all the hardware. I feel Sun and Moon almost did that.
     
  4. wormdood

    wormdood pirate booty inspector

    Member
    3,103
    1,274
    Jan 3, 2014
    United States
    behind a parental advisory sticker
    i think they have a way to shut it down now just haven't implemented it yet because you would just downgrade and that would be the reason for removing all the dsi downgrade games/the bounty (potentially collecting up all the new hacks) so they can keep you out once they shut you out


    #big n is coming for you
     
    Last edited by wormdood, Dec 7, 2016
  5. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,725
    2,481
    Jul 23, 2012
    United States
    Octo Canyon
    I'm surprised they haven't started un-A9LHing systems with 11.0 to be honest. If hackers can do it, Nintendo can eventually undo it.
     
  6. wormdood

    wormdood pirate booty inspector

    Member
    3,103
    1,274
    Jan 3, 2014
    United States
    behind a parental advisory sticker
    thats what im talking about but if they are gonna do it efficiently they gotta wait until they shut down the new hacks slowhax ect. that most you tempers keep blabbing on about like they don't monitor this site among others
     
  7. Joom

    Joom  ❤❤❤

    Member
    3,701
    2,470
    Jan 8, 2016
    United States
    They're fishing for 33c3 speakers, nothing more. All the other bullshit they posted is just a guise. Think about it. They posted this just a couple weeks before a major ARM11 kexploit is announced as well as other major findings. They're hoping that at least one major speaker is gonna take the bait.
     
    Shadow#1 and wormdood like this.
  8. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,725
    2,481
    Jul 23, 2012
    United States
    Octo Canyon
    Let's hope the dev's don't take the money and sell us out... And if a dev does sell us out, they should have their GBATemp account perma-banned if they're a member here.
     
  9. ceelo

    ceelo GBAtemp Regular

    Member
    243
    57
    Mar 9, 2008
    United States
    Whoa whoa now, that could be overkill /s.

    Anyway if I recall correctly, I think the safe bit about a9lh is that it starts before the payloads load, so Nintendo can't really do anything about it as its there before whatever Nintendo would have to load. Like bootmii on wii.
     
  10. Gray_Jack

    Gray_Jack GBAtemp Advanced Fan

    Member
    722
    261
    Jan 13, 2016
    A9LH exploitation uses flaws in the hardware, it can never be patched without hardware revision. If I'm not mistaken, all we need is the right key to jump to the hax payload write inside the FIRM0 and loaded in the ARM9 memory.

    If nintendo modify the arm9loaderhax.bin payload inside the SD to uninstall the A9LH implementation, we can always install it again (although it will not be easy, since we need hardmod, DSi Downgrade or bruteforce to reinstall it) and even if ninty patch hardmode FIRM downgrade and DSi Downgrade, the bruteforce method will always be alive (although it's much, much more complicated than any other method, and that's why it's not in the Plailect guide)
     
  11. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,725
    2,481
    Jul 23, 2012
    United States
    Octo Canyon
    I think a major hardware revision would need to be made with e-fuses in the NAND or somewhere for them to block the NAND hardmod downgrades. Like, if a user attempts one, the console would brick, for example.
     
  12. Goombi

    Goombi Meme crypto = my crypto

    Member
    143
    53
    Jun 1, 2014
    France
    RnVja1lvdU15RHVkZQ
    To un-A9LH you need the OTP. And you also need it to detect tempered secret sector. So what's left to detect A9LH'd console? arm9loaderhax.bin is on SD card and an arbitrary name. So we're left with FIRM0 (which is tempered and kept outdated) and FIRM1 (kept outdated). So at best they can detect it by checking FIRM partitions but can't "un-A9LH" (because of the tempered key). And I think bricking consoles is out of question.
     
  13. Joom

    Joom  ❤❤❤

    Member
    3,701
    2,470
    Jan 8, 2016
    United States
    Wrong. Just overwrite FIRM. Decrypt9 can easily uninstall A9LH with a NAND restore.
     
    Gray_Jack likes this.
  14. Gray_Jack

    Gray_Jack GBAtemp Advanced Fan

    Member
    722
    261
    Jan 13, 2016
    It's very possible to patch hardmod downgrade, for instance, with the 10.4 update the system won't boot using 9.0 NATIVE_FIRM, it made obligatory to use th 10.4 NATIVE_FIRM or above.
    If they do that again, let's say 1.X.X update they do that again, making impossible to the system to boot with 10.4 NATIVE_FIRM (the one we use to be able to downgrade hardmod and DSi) and making mandatory the use of 11.0/11.1/11/2 or above to boot the system, making impossible to do hardmod downgrade and DSi downgrade
     
  15. ScarletDreamz

    ScarletDreamz [Debug Mode]

    Member
    2,458
    1,032
    Feb 16, 2015
    United States
    California
    Yeah, keep talking, keep giving nintendo ideas on how to screw us lol.

    Why? because he worked his ass off reverse engineering and exploiting, and decided to make some money out of that?
     
  16. Goombi

    Goombi Meme crypto = my crypto

    Member
    143
    53
    Jun 1, 2014
    France
    RnVja1lvdU15RHVkZQ
    But doesn't that NAND restore also restore the secret sector? On O3DS you are right since the normal FIRM does not use that sector. I need to check what happens under normal a9l exec with tampered key.
     
  17. Joom

    Joom  ❤❤❤

    Member
    3,701
    2,470
    Jan 8, 2016
    United States
    No. With Hourglass9, yes; A9LH is preserved during a restore. With Decrypt9, it has to be specifically told to retain A9LH after a restore.
     
  18. Gray_Jack

    Gray_Jack GBAtemp Advanced Fan

    Member
    722
    261
    Jan 13, 2016
    They did it once, it's not like they don't know this, they are just waiting the "right time" to do that (thought ninty was never time wise xD A bunch of failures 'cause they have ideas way ahead of it's time and too much holes in the system because they waited too much to patch it)
     
    Quantumcat likes this.
  19. Pokem

    Pokem GBAtemp Advanced Fan

    Member
    869
    261
    Jul 22, 2016
    United States
    Let's all get paid 20 grand by discussing ways to patch A9LH and link this thread to a Nintendo rep
     
    ScarletDreamz likes this.
  20. Gray_Jack

    Gray_Jack GBAtemp Advanced Fan

    Member
    722
    261
    Jan 13, 2016
    LOL
    As I already said, A9LH is impossible to patch without hardware revision xD