Is there any way to boot straight into CFW whenever a 3DS is turned on?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by oscc, Jul 27, 2015.

  1. oscc

    oscc Member

    Jan 23, 2014
    I know it's not that difficult to jump to CFW via ESET or whatever method but I was wondering if there's a way to have a 3DS boot straight into CFW whenever turned on

    Edit: Excuse my lack of technical knowledge/terminology, hope my question makes sense
  2. KashiToxicBlood

    KashiToxicBlood how2hakpls

    Jan 30, 2015
    United States
    same place as Huntereb
  3. OctopusRift

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Nov 19, 2014
    Saint Kitts and Nevis
    Get outta here kashi. Crushing hopes and dreams.
    KashiToxicBlood likes this.
  4. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Mar 17, 2010
    It's not possible, because exploits rely on known entry points. The only feasible way it could be done is if someone found an exploit in the home menu. The problem with that is that we can't really modify much because the 3DS would not accept the modified data, we're pretty much limited to modifying save data and extdata to get what we want, because that's the only thing we can encrypt/sign correctly. There's probably not much to exploit in the home menu, I doubt it uses savedata/extdata much. Maybe it could be exploited through a hacked theme, that's the only thing I can think of.

    If in the future a bootloader exploit was found, we would basically have full access to modify anything on sysNAND, and that would really open the doors when it comes to things like this. We could install the CFW directly onto the system and it would boot just like the regular firmware. But that's a near impossible task when we have no way of accessing the bootloader, since it's stored on the CPU chip and is read and write protected. To explain a bit, it's just about the first thing the 3DS executes when it's powered on, and it verifies the integrity of the system firmware and halts the boot process if it finds that important parts of the system firmware have been compromised. In other words, trying to modify or replace most parts of the system firmware without a bootloader exploit would result in an expensive paperweight.
    It's possible to dump the bootloader ROM by physically scanning the layers of the chip with some sort of x-ray or something, I'm not sure about the specifics, but it has to be done professionally and it's quite expensive to get it done. Efforts to fund this were made in the 3DS chip decapping project but it seems like the guy ran away with all the money after he had enough. And the ROM dump or any exploits found in it would never have been released anyway as the person in charge of the project was against piracy IIRC, the project was more for educational purposes than piracy/CFW enabling.