Hacking Is it possible to write a file to NAND?

mashers

Stubborn ape
OP
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
I have just discovered that Luma now allows you to set a PIN which locks access to the 3DS on boot. This is great, because it helps to prevent people from using my 3DS if it's lost or stolen. The PIN is stored in /luma/pin.bin on the SD card. If you delete the file, Luma will no longer prompt you for the PIN. Clearly if a thief understands about CFW and knows what they're doing, they could put the SD card in their computer and delete the file. So, I'm wondering if it's possible to write the PIN to a file on the NAND itself? That way it would be impossible to circumvent the PIN lock. Of course, replacing arm9loaderhax.bin with a different CFW would work, but I believe A9LH can now boot without an SD card so presumably the Luma payload can now be located in NAND as well.
 

Deleted member 370671

Ball of Kawaiiness
Member
Joined
Aug 23, 2015
Messages
1,435
Trophies
1
Location
Lowee
XP
1,601
Country
Korea, North
GodMode9 lets you copy files, create directories and such, so I'm pretty sure it is possible.
However, if the thief know what he's doing, then he'll also know that he can simply either put another arm9loaderhax.bin (from another CFW) on the SD card, or use GodMode9 to erase the pin.bin, so that wouldn't really solve the problem.

EDIT: A payload that only loads the CFW on NAND (and ignores the arm9loaderhax.bin file) could be done I guess, but if you forget your code, then you pretty much have a brick.
 
Last edited by Deleted member 370671,
  • Like
Reactions: VinsCool

mashers

Stubborn ape
OP
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
GodMode9 lets you copy files, create directories and such, so I'm pretty sure it is possible.
However, if the thief know what he's doing, then he'll also know that he can simply either put another arm9loaderhax.bin (from another CFW) on the SD card, or use GodMode9 to erase the pin.bin, so that wouldn't really solve the problem.

EDIT: A payload that only loads the CFW on NAND (and ignores the arm9loaderhax.bin file) could be done I guess, but if you forget your code, then you pretty much have a brick.
Good to know it's possible. As for having a brick if you forget the code, yes of course this would be a risk. A sensible user would write the code down and keep it at home away from the 3DS. I've got a hardmod so could just restore a NAND backup.

So, to get this to work would require the following:
  1. Use a version of A9LH which would ignore a payload on the SD card if one were present, and which boots the payload from NAND
  2. Use a minimal CFW which is installed to NAND and requires no payload on the SD card
  3. Modify this CFW to read a pin from a file on the NAND and if present prompt the user to enter the PIN
  4. After successfully entering the pin, chainload another A9LH payload from SD card (the actual CFW to be launched)
Since A9LH itself will ignore the payload loaded in step 4, it would be impossible to circumvent the PIN request without modifying the NAND. And since the minimal CFW in the NAND loads the PIN file from NAND too, it's impossible to delete or change it without modifying NAND.

Does that sound reasonable?
 

HyperT

Well-Known Member
Member
Joined
Jun 4, 2016
Messages
674
Trophies
0
XP
232
Country
Good to know it's possible. As for having a brick if you forget the code, yes of course this would be a risk. A sensible user would write the code down and keep it at home away from the 3DS. I've got a hardmod so could just restore a NAND backup.

So, to get this to work would require the following:
  1. Use a version of A9LH which would ignore a payload on the SD card if one were present, and which boots the payload from NAND
  2. Use a minimal CFW which is installed to NAND and requires no payload on the SD card
  3. Modify this CFW to read a pin from a file on the NAND and if present prompt the user to enter the PIN
  4. After successfully entering the pin, chainload another A9LH payload from SD card (the actual CFW to be launched)
Since A9LH itself will ignore the payload loaded in step 4, it would be impossible to circumvent the PIN request without modifying the NAND. And since the minimal CFW in the NAND loads the PIN file from NAND too, it's impossible to delete or change it without modifying NAND.

Does that sound reasonable?
Or a timed switch.
Default boot = minimal cfw on nand
Once nand cfw is loaded you can tell system you want to default load sdcard/Full CFW for a day or two; or up to a week
After the time is up system relocks with default switch to nand CFW.

Perhaps idiotic but could you use otp.bin in anyway to dynamically create a password? i.e. let the system read the 200 characters or whatever it is; and ask the user for a couple random place numbers 24th; 45th; 92nd etc.
 

Skyshadow101

The Sky Is The Limit!
Member
Joined
May 22, 2016
Messages
941
Trophies
0
Location
The Underground
XP
417
Country
United States
Or a timed switch.
Default boot = minimal cfw on nand
Once nand cfw is loaded you can tell system you want to default load sdcard/Full CFW for a day or two; or up to a week
After the time is up system relocks with default switch to nand CFW.

Perhaps idiotic but could you use otp.bin in anyway to dynamically create a password? i.e. let the system read the 200 characters or whatever it is; and ask the user for a couple random place numbers 24th; 45th; 92nd etc.
That would be very easy to forget. And what happens if you lose your otp and forget the numbers it's asking for? It would pretty much be a brick.

OP, just insert the pin into the NAND with Godmode9, and put a small tracking chip onto the motherboard. Make sure to delete Godmode9 after using it. Also write the pin in multiple places. Like a text document on your computer. Or maybe even ON the tracking chip with sharpie or something.

Sent from my Browser on a New 3DS XL with A9LH
 
Last edited by Skyshadow101,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended