Hacking NTRCardHax Progress?

WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,877
Country
United States
gudenaurock said:
Do you know that it's encrypted beond the normal for GW?
Click to expand...
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.

Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
 
Last edited by WulfyStylez,
  • Like
Reactions: Zidapi
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,161
Trophies
1
Age
33
Website
normmatt.com
XP
2,201
Country
New Zealand
WulfyStylez said:
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.

Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
Click to expand...
You need to be very adept at reverse engineering to make much progress on their payloads :P
 
  • Like
Reactions: WulfyStylez
gudenau

gudenau

Largely ignored
Member
Level 16
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,422
Country
United States
WulfyStylez said:
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.

Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
Click to expand...
Where did you get this info? Could be an interesting project. Anyone have a GW to spare for tinkering?
 
WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,877
Country
United States
gudenaurock said:
Where did you get this info? Could be an interesting project. Anyone have a GW to spare for tinkering?
Click to expand...
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.

Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
 
Last edited by WulfyStylez,
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,161
Trophies
1
Age
33
Website
normmatt.com
XP
2,201
Country
New Zealand
WulfyStylez said:
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.

Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
Click to expand...
Nah its easier than that... but I don't want them to fix it :P
 
  • Like
Reactions: WulfyStylez
gudenau

gudenau

Largely ignored
Member
Level 16
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,422
Country
United States
WulfyStylez said:
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.

Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
Click to expand...
Why not follow the arm11 stuff for the arm9 stuff? You can so that now.
 
WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,877
Country
United States
gudenaurock said:
Why not follow the arm11 stuff for the arm9 stuff? You can so that now.
Click to expand...
That's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!
 
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,161
Trophies
1
Age
33
Website
normmatt.com
XP
2,201
Country
New Zealand
WulfyStylez said:
That's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!
Click to expand...
Yeah working through their obfuscation payloads is fun... I wrote an emulator just to make that easier for myself :P
 
zoogie

zoogie

playing around in the end of life
Developer
Level 24
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,000
Country
Micronesia, Federated States of
Bump for a big update on ntrcardhax.

@d3m3vilurr has finally achieved public implementation of ntrcardhax for his korean new3ds. Hopefully, he can provide some instructions on how to install it. :)



https://github.com/d3m3vilurr/ntrcardhax/tree/more (payload tool and 3dsx exploit launcher)
https://github.com/d3m3vilurr/Decrypt9WIP/releases (payload flasher for ak2i embedded in d9)

People may be asking why do we need this when there's already a9 sploits on 9.2. Because, with this, we can use dgtool potentially to downgrade nfirm to 10.3 and just use ntrcardhax right there on firmware 11.x to install a9lh. In short, we can avoid the risk and trouble of ctrnand downgrades to 9.2 completely.
 
Last edited by zoogie,
  • Like
Reactions: The Catboy, Zidapi, RyDog and 6 others

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    NinStar @ NinStar: there a bunch of good games missing, one of them (which makes a lot of sense for this type of...