Is it possible to write a file to NAND?

Discussion in '3DS - Flashcards & Custom Firmwares' started by mashers, Sep 6, 2016.

  1. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,154
    Jun 10, 2015
    Kongo Jungle
    I have just discovered that Luma now allows you to set a PIN which locks access to the 3DS on boot. This is great, because it helps to prevent people from using my 3DS if it's lost or stolen. The PIN is stored in /luma/pin.bin on the SD card. If you delete the file, Luma will no longer prompt you for the PIN. Clearly if a thief understands about CFW and knows what they're doing, they could put the SD card in their computer and delete the file. So, I'm wondering if it's possible to write the PIN to a file on the NAND itself? That way it would be impossible to circumvent the PIN lock. Of course, replacing arm9loaderhax.bin with a different CFW would work, but I believe A9LH can now boot without an SD card so presumably the Luma payload can now be located in NAND as well.
     
  2. TheKawaiiDesu

    TheKawaiiDesu Ball of Kawaiiness

    Member
    1,429
    1,497
    Aug 23, 2015
    Korea, North
    Lowee
    GodMode9 lets you copy files, create directories and such, so I'm pretty sure it is possible.
    However, if the thief know what he's doing, then he'll also know that he can simply either put another arm9loaderhax.bin (from another CFW) on the SD card, or use GodMode9 to erase the pin.bin, so that wouldn't really solve the problem.

    EDIT: A payload that only loads the CFW on NAND (and ignores the arm9loaderhax.bin file) could be done I guess, but if you forget your code, then you pretty much have a brick.
     
    Last edited by TheKawaiiDesu, Sep 6, 2016
    VinsCool likes this.
  3. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,154
    Jun 10, 2015
    Kongo Jungle
    Good to know it's possible. As for having a brick if you forget the code, yes of course this would be a risk. A sensible user would write the code down and keep it at home away from the 3DS. I've got a hardmod so could just restore a NAND backup.

    So, to get this to work would require the following:
    1. Use a version of A9LH which would ignore a payload on the SD card if one were present, and which boots the payload from NAND
    2. Use a minimal CFW which is installed to NAND and requires no payload on the SD card
    3. Modify this CFW to read a pin from a file on the NAND and if present prompt the user to enter the PIN
    4. After successfully entering the pin, chainload another A9LH payload from SD card (the actual CFW to be launched)
    Since A9LH itself will ignore the payload loaded in step 4, it would be impossible to circumvent the PIN request without modifying the NAND. And since the minimal CFW in the NAND loads the PIN file from NAND too, it's impossible to delete or change it without modifying NAND.

    Does that sound reasonable?
     
  4. HyperT

    HyperT GBAtemp Advanced Fan

    Member
    674
    169
    Jun 4, 2016
    Or a timed switch.
    Default boot = minimal cfw on nand
    Once nand cfw is loaded you can tell system you want to default load sdcard/Full CFW for a day or two; or up to a week
    After the time is up system relocks with default switch to nand CFW.

    Perhaps idiotic but could you use otp.bin in anyway to dynamically create a password? i.e. let the system read the 200 characters or whatever it is; and ask the user for a couple random place numbers 24th; 45th; 92nd etc.
     
  5. Skyshadow101

    Skyshadow101 The Sky Is The Limit!

    Member
    911
    314
    May 22, 2016
    United States
    The Underground
    That would be very easy to forget. And what happens if you lose your otp and forget the numbers it's asking for? It would pretty much be a brick.

    OP, just insert the pin into the NAND with Godmode9, and put a small tracking chip onto the motherboard. Make sure to delete Godmode9 after using it. Also write the pin in multiple places. Like a text document on your computer. Or maybe even ON the tracking chip with sharpie or something.

    Sent from my Browser on a New 3DS XL with A9LH
     
    Last edited by Skyshadow101, Sep 6, 2016
  6. Quantumcat

    Quantumcat Dead and alive

    Member
    10,424
    5,499
    Nov 23, 2014
    Australia
    Canberra, Australia
    Ive never used the PIN, but does it have something like, if this 3DS is found please call... or email....? I imagine if someone found it and couldn't find the owner, it would be unuseable and they'd just throw it away.