- Joined
- Dec 1, 2009
- Messages
- 2,228
- Trophies
- 0
- Age
- 40
- Location
- Canada
- Website
- www.shophandmade.com
- XP
- 1,326
- Country
I mostly buy used n3DS XLes here. And it's getting bad - I haven't seen a 10.7 in the wild in a while.
Oh? How's that?
That's the first i've heard of it. Can you give more info?
There is, however, a method to dump the hash of the OTP on version 9.6.0-X. Because Kernel9Loader does not clear the SHA_HASH register after it has been used, dumping the SHA_HASH will give the hash of the OTP which was handed over to Kernel9 from Kernel9Loader. In addition, there is a long standing vulnerability where an MCU reboot caused by the i2c will not clear RAM like it's supposed to.
This allows for a hardware based attack where arbitrary data is written to nand_sector96+0x10 in a SysNAND backup and flashed to the device. Afterwards we wire the i2c to MCU reboot on our command, write a payload (which will write 0x1000A040 - 0x1000A060 to a file on the SD card) to arm9 memory somewhere, fill all memory with a NOP sled followed by a JMP instruction pointing to the payload. We can then MCU reboot repeatedly (incrementing nand_sector96+0x10 by 1 each time) until the Kernel9Loader jumps to the payload by random chance.
That's still for 9.6I think this is it (quoted from Plailect's guide). There are apparently a couple of people on here that have done it that way but I don't remember any of their names. Note that a standard NAND only hardmod is not sufficient.
That was fixed in newer versions of the arm9loader. Also, it only allows for OTP dumping, not actual a9lh installing which needs arm9 control.I think this is it (quoted from Plailect's guide). There are apparently a couple of people on here that have done it that way but I don't remember any of their names. Note that a standard NAND only hardmod is not sufficient.
Quote from the one that hinted the dsiwarehax(this quote is a bit old, but still useful)@Tenshi_Okami You are right NTRCardHax was fixed in 10.4.0-x
Needs FPGA aka hardware.
NTRCardHax might not be patched on 10.4 > no but it needs arm11 kernel access to cause the arm9 buff overflow
Wtf? Arm11 kernel access = FULL ARM11 CONTROL. What are you on about?Quote from the one that hinted the dsiwarehax(this quote is a bit old, but still useful)
Does memchunkhax 2 enables enough arm11 kernel access for this? I don't think so
Wtf? Arm11 kernel access = FULL ARM11 CONTROL. What are you on about?
Ok so
i just remembered this
Yellows8 was doing an app for Homebrew where you could install an DSI exploited Saves
But it never went to something...
But it means that's possible...so this could mean that they could do DSIwarehax without the need of an A9LH 3DS
But this project is RIP like i said before...But at least this could be helpful for someone who knows
--------------------- MERGED ---------------------------
I dont think it would, but hey, There was a new commit 3 days ago. So who knows..Hope this gets worked on further - right now I'm just using a throwaway NNID (deleting it after the full install) and then reinstalling sysnand a9lh (no NNID) onto my system.
What if they put it in horizontal? :cI bought a black n3DS earlier this week at Wal-Mart, it came on 9.6U firmware. Granted I asked the staff how they stocked the products(newer in front, oldest in the back) and got the furthest back n3DS. All you really have to do is to double check how the company stocks and play the game from there like I did.
Yeah i was just going to type that lolWell even if it get worked it needs another way to get access for 11.0 as it shouldn"t be able to get access to svcBackdoor as svcBackdoor was removed for ARM11.
@Tenshi_Okami You are right NTRCardHax was fixed in 10.4.0-x
That was fixed in newer versions of the arm9loader. Also, it only allows for OTP dumping, not actual a9lh installing which needs arm9 control.
In fact, don't quote me on this, but I think this is what lead to the arm9loader update, which lead to a9lh.
But like I said, this was for 9.6.0(guide doesn't say it was patched...)The thing I posted regarding the brute force method does not require the use of a DS/3DS card so I don't see what it has to do with NTRCardHax since it is based on rewriting the NAND over and over via hardmod and then doing a hardware reset.