Hardware NAND Flash Dump (3DS)

mordos79

Member
OP
Newcomer
Joined
Aug 13, 2013
Messages
12
Trophies
0
Age
42
XP
183
Country
Serbia, Republic of
OK
have the same topic but for XL model and my message in it look like off topic
decide make this thread (close or delete if u decide that i wrong)

some info from http://www.ps3-tools.de/board.php?boardid=125&sid=f738ea48e958398fedc8478e2df593b2

points needed for dump (for CLK need desolder 3 legs of card reader and carefully bend it to reach point)
for GND use one point you like
3dsDump1.jpg


point CLK (card reader removed for better view)
3dsDump2a.jpg



or use alternative CLK from other side of MB
3dsDump2.jpg


points on sd card
3dsDump4.jpg


dont plug it to PC, turn on 3DS - screen must display blue screen with error message
BOOTROM 8046
ERRCODE: 00F800FE
00000000 00000000
00000002 00000000

now plug to PC
windows recognize drive and offer to format it (press NO, maybe only win7 ask for format), just remember drive letter

use program win32diskimager, choose drive letter that 3DS use and choose location and name file for dump. Press READ button.
Read several dumps and compare it in Hex editors or other programs that show md5 hash. It must be the same in files.

Remember all points very small (CLK for example) use flux for good soldering (any shorts and 3DS dont boot)

if you plan to write to nand optional use SAFE EJECT option in windows after write
 

mordos79

Member
OP
Newcomer
Joined
Aug 13, 2013
Messages
12
Trophies
0
Age
42
XP
183
Country
Serbia, Republic of
and now my findings

just see interesting thing have 2 3ds and both dumping and both write with success
but size of dump is different 965 632 kb and 976 896 kb

and empty space in nand in one file with 00 (976 896 kb) and second FF (965 632 kb)



965 632 kb file
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000100 4E 43 53 44 00 00 20 00 00 00 00 00 00 00 00 00 NCSD.. .........
00000110 01 04 03 03 01 00 00 00 01 02 02 02 02 00 00 00 ................
00000120 00 00 00 00 00 88 05 00 00 88 05 00 80 01 00 00 .....ˆ...ˆ..€...
00000130 80 89 05 00 00 20 00 00 80 A9 05 00 00 20 00 00 €‰... ..€©... ..
00000140 80 C9 05 00 80 AE 17 00 00 00 00 00 00 00 00 00 ۃ..ۨ..........
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000180 00 00 00 00 00 04 00 00 00 00 00 00 01 00 00 00 ................
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 30 ...............0
000001C0 41 D4 2B 3D 84 02 EB 22 B7 48 67 B7 93 A1 13 77 AÔ+=„.ë"·Hg·“¡.w
000001D0 35 6F 66 2D 0F 3C 96 07 24 59 3A AC C4 EB 21 F1 5of-.<–.$Y:¬Äë!ñ
000001E0 31 50 F9 14 A4 15 48 77 65 24 35 11 90 B1 C2 52 1Pù.¤.Hwe$5..±ÂR
000001F0 68 D2 AA 35 16 67 D6 4D CE 0D 77 14 18 92 BE 92 hÒª5.gÖMÎ.w..’¾’
00000200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000220 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000230 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ



976 896 kb file
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000100 4E 43 53 44 00 00 20 00 00 00 00 00 00 00 00 00 NCSD.. .........
00000110 01 04 03 03 01 00 00 00 01 02 02 02 02 00 00 00 ................
00000120 00 00 00 00 00 88 05 00 00 88 05 00 80 01 00 00 .....ˆ...ˆ..€...
00000130 80 89 05 00 00 20 00 00 80 A9 05 00 00 20 00 00 €‰... ..€©... ..
00000140 80 C9 05 00 80 AE 17 00 00 00 00 00 00 00 00 00 ۃ..ۨ..........
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000180 00 00 00 00 00 04 00 00 00 00 00 00 01 00 00 00 ................
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 C8 ...............È
000001C0 DF 23 88 C5 DF 23 38 C2 6B 78 85 2A 37 E5 5F B8 ß#ˆÅß#8Âkx…*7å_¸
000001D0 95 45 56 F6 1D E1 8C B5 85 82 29 B8 3F C2 36 76 •EVö.ጵ…‚)¸?Â6v
000001E0 87 6D E1 D4 D8 8F B9 DE DB D7 A6 64 7C 25 7E F1 ‡máÔØ.¹ÞÛצd|%~ñ
000001F0 F8 3A 33 7D AC 7A CD A1 8C 35 0B B4 E4 35 6C 14 ø:3}¬zÍ¡Œ5.´ä5l.
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................




someone with standard USA 3ds can make 6.2 nand (without users info etc... format nand before dump, SD card not inserted) and share for compare
i think my nands not the same in every block because the different size of nand

goal: try find unique info in dump

another little findings
in small file 965 632 kb make 2 dumps on 6.2 firmware one with user info and one with formated nand
in this file user info in nand locate here
start 0E361000
end 0E361FFF

and several more blocs
need time to research
 

Gonzo

Active Member
Newcomer
Joined
Aug 4, 2013
Messages
31
Trophies
0
XP
52
Country
Gambia, The
and now my findings

just see interesting thing have 2 3ds and both dumping and both write with success
but size of dump is different 965 632 kb and 976 896 kb

My European 3DS dump has a size of 976.896 kByte (1.000.341.504 Bytes) and this size was reported from others as well. Also it was mentioned on 3dBrew that the unused areas in NAND can either be 0x00 or 0xFF.

another little findings
in small file 965 632 kb make 2 dumps on 6.2 firmware one with user info and one with formated nand
in this file user info in nand locate here
start 0E361000
end 0E361FFF
This is interesting. That means that the user settings are located in the CTR-NAND FAT16 File System.

But I suggest to not post any dumps or part of dumps to the public - it is restricted content.
 
  • Like
Reactions: Margen67

mordos79

Member
OP
Newcomer
Joined
Aug 13, 2013
Messages
12
Trophies
0
Age
42
XP
183
Country
Serbia, Republic of
if someone have dump for my compare (usa 6.2, w/o user info)
plz pm me link (promise dont publish it or it part to public)
winrar or zip and dump size about 300mb
 
  • Like
Reactions: Margen67

mordos79

Member
OP
Newcomer
Joined
Aug 13, 2013
Messages
12
Trophies
0
Age
42
XP
183
Country
Serbia, Republic of
understand that maybe do monkey business, but have some time and some interest. maybe someone find useful info
my future research
1. find all data block in one 3ds with different firmware (long process)
2. start compare and mark blocks that have differences

first step
* region - USA
* firmware - 6.2
* file size - 976.896 kByte (1.000.341.504 Bytes)
* no user info and settings (in 3ds first launch screen)

in progress about 112 000 pages from 448 000 pages (remember maybe i made mistakes!!!)

data block locations
0 - 1f0
12e00 - 44dff
240000 - 250bff
254000 - 2545ff
258000 - 2c5bbf
2c8000 - 2d8bff
2dc000 - 2dd3ff
2e0000 - 32f3ef
330000 - 33cbff
340000 - 3405ff
344000 - 345b4f
348000 - 349b4f
34c000 - 358bff
35c000 - 35c5ff
360000 - 4ecfff
4f0000 - 5c2dff
5c4000 - 5c4026
5c8000 - 5c8027
5cc000 - 5cc027
5d0000 - 5d0027
5d4000 - 712bff
714000 - 7145ff
718000 - 774027

9011A01 - 902DF5F

B130000 - B218FFF
B530000 - B618FFF
B9301BE - B9301FF
B95CA00 - B9C445B
B9C4600 - B9C4707
B9C4801 - B9C4A5F
B9C4C00 - B9C4DFF
B9C7400 - B9C83FF
B9CC000 - B9CC32A
B9CC430 - B9CC65A
B9CC800 - B9CEC0F
B9CEE01 - B9CEFFF
B9D0000 - B9D01FF
B9D0400 - B9D05FF
B9D0A00 - B9D0BFF
B9E0C00 - B9E15FF
B9E5401 - B9E57FF
B9EAC02 - B9ECBFF
BAEB000 - BAEE1FF
BAEE400 - BAF0BFF
BAF1200 - BAF13FE
BAF1C02 - BAF1FFF
BAF2200 - BAF31FF
BAF4600 - BAF4FFF
BB34600 - BB35FFF
BB8CC00 - BB96FFF

CB8D200 - CB8D3FE
CB8E400 - CB8E5FE
CB8E800 - CB8E9FD
CB8EE00 - CB8EFFE
CB9F001 - CB9F9FF
CBA3800 - CBA3BFF
CBA9000 - CBAAFFF
CCA9400 - CCB15FE
CCB2A01 - CCB33FF
CCF2A01 - CCF43FF
CD4B000 - CD683FF

DD4C000 - DD4C45B
DD4C600 - DD4C707
DD4C800 - DD4C99F
DD4CA00 - DD4CDFF
DD4D000 - DD4D5FF
DD4E200 - DD4EBFF
DD4F000 - DD4F5FE
DD50000 - DD515FF
DD55A00 - DD58FFF
DD65A00 - DD65FFF
DD66200 - DD667FF
DD67400 - DD67DFF
DD68200 - DD687FF
DD69200 - DD6A7FF
DD6EC02 - DD721FF
DD80000 - DD8045B
DD80600 - DD80707
DD80800 - DD80A3F
DD80C01 - DD811FF
DD81A00 - DD81FFF
 
  • Like
Reactions: Margen67

greyneon

Well-Known Member
Newcomer
Joined
Sep 5, 2013
Messages
74
Trophies
0
Age
31
Location
Hidden Nuclear Base
XP
105
Country
So this is the only downgrading that's possible(if you got a NAND dump from the same 3DS of a lower FW)?

Can this be software locked? Meaning can Nintendo block this attempt?
 

spett

Member
Newcomer
Joined
Apr 9, 2012
Messages
8
Trophies
0
XP
283
Country
Norway
Did som testing today. I backed up my 5.1 firmware, updated to latest, 6.3 firmware via system update, did a backup of this too and then restored my 5.1 backup.
Here's the weird thing;
I then upgraded to 6.3 again via system update and did a second backup of the 6.3 firmware.
My two 6.3 firmwares are both valid dumps but do not match att all! Weird..
Does anyone have a theory about what's going on here?
 

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
33,868
Trophies
2
Website
trastindustries.com
XP
22,604
Country
United Kingdom
Did som testing today. I backed up my 5.1 firmware, updated to latest, 6.3 firmware via system update, did a backup of this too and then restored my 5.1 backup.
Here's the weird thing;
I then upgraded to 6.3 again via system update and did a second backup of the 6.3 firmware.
My two 6.3 firmwares are both valid dumps but do not match att all! Weird..
Does anyone have a theory about what's going on here?

When you say "do not match at all" did you run a proper differences check or just look at things

Occasionally NAND gets remapped/randomised at the sector level as a kind of reverse engineering protection/security check, I have no idea if Nintendo have employed it in the 3ds but it is far from a new technique and used by several other security systems on consoles and embedded hardware. Similarly depending upon your dumping method you might instead be encountering the write randomisation/wear levelling in action.
There are some software things but they are less likely and/or kind of similar to the more hardware level things already discussed.
 

spett

Member
Newcomer
Joined
Apr 9, 2012
Messages
8
Trophies
0
XP
283
Country
Norway
I did a simple file compare in hex editor neo. There where similarities between the two 6.3 dumps but by the look of it they looked as different as 5.1 and 6.3.
Of course, both 6.3 dumps have to contain the same content somehow..
It could just be because the wear leveling..
I'm using the SD card method to backup.
 

LuCa1988

Member
Newcomer
Joined
Mar 15, 2009
Messages
6
Trophies
0
XP
97
Country
United States
Ok now my mod works fine :lol:

Under the battery cover are the Micro SD Adapter and if i use this with a Cardreader it changes automatically to the Blue Screen.



I have made a Backup and it works fine :yaysp:



I have a idea for a Downgrade Mod but i dont have a Old Backup from version 4.5 or lower.. :cry:
Can anyone Help me? Give me a older Backup? Please? Thanks!
 

5rg

Member
Newcomer
Joined
Jul 2, 2009
Messages
20
Trophies
0
XP
240
Country
Russia
I then upgraded to 6.3 again via system update and did a second backup of the 6.3 firmware.
My two 6.3 firmwares are both valid dumps but do not match att all! Weird..
Does anyone have a theory about what's going on here?

I'll tell you more. Try to back up firmware, doesn't matter which version. Power up your console, wait couple seconds, shut down and make another back up. And you'll see that dumps will be different.
 
  • Like
Reactions: pelago

Quincy

Your own personal guitarist :3
Member
Joined
Nov 13, 2008
Messages
1,493
Trophies
0
Age
26
Location
Your house
Website
youtek.net
XP
688
Country
Netherlands
Ok now my mod works fine :lol:

Under the battery cover are the Micro SD Adapter and if i use this with a Cardreader it changes automatically to the Blue Screen.



I have made a Backup and it works fine :yaysp:



I have a idea for a Downgrade Mod but i dont have a Old Backup from version 4.5 or lower.. :cry:
Can anyone Help me? Give me a older Backup? Please? Thanks!

VERY late reaction, but could you please inform me (us) how you've done this mod?
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    elBenyo @ elBenyo: wtf @kenenthk, I...