NAND/emuNAND Encryption and Transfer Curiosity

Discussion in '3DS - Flashcards & Custom Firmwares' started by drfsupercenter, Apr 29, 2014.

  1. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Alright, so I was curious about something recently and haven't had it properly explained.

    Scenario 1:
    Person 1 and Person 2 both have a 3DS XL running 4.5.0-10U. They both use Gateway's launcher to backup their NAND. (And for sake of discussion, let's say they also "format emuNAND" which copies the system NAND to the first part of the SD card)
    If person 1 and 2 swap SD cards after creating emuNAND, it's my understanding that neither will work. Correct?

    Scenario 2:
    Person 1 has a fully updated 3DS (7.1), Person 2 has a 4.5 system with a hardware NAND flasher installed. Person 2 makes a backup of 4.5 using Gateway's launcher. They then update to 7.1. Person 1 does a system transfer to person 2's system. Person 2 then backs up the NAND using the hardware flasher, then restores 4.5 the same way.
    Using the "NAND formatter" utility someone on gbatemp wrote, person 2 can now play person 1's games from an emuNAND.

    I can confirm scenario 2, as I have two 3DS systems and did this exact thing myself. I even transferred it back after a week to system 1 (from the real NAND, not emulated), and can still use the backup.

    Now, here's my question. Why doesn't scenario 1 work while scenario 2 does?

    As far as I know, every 3DS has its own set of keys for decrypting the encrypted contents. See also: movable.sed.

    The file also gets remade every time you format the NAND, which is why your SD card will no longer work and you have to redownload your programs.

    And therefore, since movable.sed is part of the NAND, wouldn't it transfer over in scenario 1 as well? A similar scenario is formatting your real NAND while leaving the emuNAND untouched - the emuNAND still boots perfectly fine, I can confirm this as well.

    From what I've heard from others, all the system transfers do is transfer NAND contents like pictures, settings and the like, as well as movable.sed - everything else is done via SD which is why DSiware gets moved to the SD and back, and all your games still work fine by just putting the SD in system 2 after a transfer.

    So why exactly does scenario 2 work but scenario 1 doesn't? Hopefully someone can help me understand.
     
  2. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    Hmm, I notice that the target system keeps its original profile (name, birthday, country, etc).
    And I think the Wi-Fi settings are retained too.

    Maybe it just intentionally doesn't transfer system settings.
     
  3. untok

    untok GBAtemp Regular

    Member
    158
    7
    Dec 25, 2012
    Finland
    Hmm if i understand 2 option ownership of games moved to another system and then worked to new and old system. But if old source system connect same id than transferred id to eshop then games dissapear to source backed up system because ticket are moved on new system.
     
  4. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    The tickets might disappear, but I'm under the impression that having a different emuNAND simply *will not boot*, it has to be created from your own system
    So I just don't get why scenario 2 magically works but 1 doesn't. Is there some hidden piece of information I'm missing (like a separate hardware key, not movable.sed)?

    I'm not really even fussed about downloaded games, I'm more interested in just getting it to boot. I haven't tried scenario 1 myself as I only have one 3DS on 4.5, but I'm going off of what I've read.
     
  5. gamesquest1

    gamesquest1 Nabnut

    Member
    GBAtemp Patron
    gamesquest1 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    14,150
    9,504
    Sep 23, 2013
    each nand is uniquely encrypted, the console itself has its own unique encryption key......switching the SD with emunand from console 1 to console 2 means console 2 is unable to decrypt the firmware stored on the emunand partition as it was created using console 1's unique key, if it worked like what you are asking downgrading consoles using someone Else's nand dump would work
     
  6. migles

    migles Mei the sexiest bae

    Member
    GBAtemp Patron
    migles is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,994
    4,704
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    it's been a while since i had this idea on my head, what happens when you have a nand backup of a 4.5 console, move the games to a new system and restore the nand, game cloning?
     
  7. gamesquest1

    gamesquest1 Nabnut

    Member
    GBAtemp Patron
    gamesquest1 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    14,150
    9,504
    Sep 23, 2013
    more of a temporary game clone, if the console with the restored nand connects to the internet its illegitimate games self destruct, if you keep it offline it works though
     
  8. migles

    migles Mei the sexiest bae

    Member
    GBAtemp Patron
    migles is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,994
    4,704
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    we need someone very rich who bought all the digital games, and clone is console, everyone gets all the games! and nintendo will put down system transfer, like they did with nikki :C
     
  9. orochi115

    orochi115 GBAtemp Regular

    Member
    150
    50
    Jun 8, 2013
    Switzerland

    First, the NAND key is stored inside some secure area of the hardware. "System Transfer" doesn't transfer raw data directly. It involves re-encryption, I think.
    You mentioned "moveable.sed" is only used to enc/dec title data on SD card. It has nothing to do with NAND encryption.

    Scenario 2 can be simplified. You can just update emuNAND to 7.1 and do sys transfer to emuNAND 7.1. That's almost the same. No hardware flasher is needed.
     
  10. orochi115

    orochi115 GBAtemp Regular

    Member
    150
    50
    Jun 8, 2013
    Switzerland
    Some of the settings are not transferred on purpose. I think it's by design.
     
  11. gamesquest1

    gamesquest1 Nabnut

    Member
    GBAtemp Patron
    gamesquest1 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    14,150
    9,504
    Sep 23, 2013
    that would still require the person to do the system transfer a whole lot of times, and if anyone connects online their games get deleted :hateit:
    not exactly a convenient or realistic thing as you could be sure someone would just rob all the games and not transfer them to the next person.....basically its not really going to happen
     
    migles likes this.
  12. drfsupercenter
    OP

    drfsupercenter Flash Cart Aficionado

    Member
    1,898
    234
    Mar 26, 2008
    United States
    So you're saying it re-encrypts the NAND contents to match the hardware key and then when you transfer it back does the same process again?

    As for scenario 2, when I did it initially, Gateway 2.1 wasn't out yet and emuNAND still wasn't very stable :P