Hacking NTRCardHax Progress?

WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,867
Country
United States
gudenaurock said:
Do you know that it's encrypted beond the normal for GW?
Click to expand...
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.

Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
 
Last edited by WulfyStylez,
  • Like
Reactions: Zidapi
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,159
Trophies
1
Age
32
Website
normmatt.com
XP
1,962
Country
New Zealand
WulfyStylez said:
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.

Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
Click to expand...
You need to be very adept at reverse engineering to make much progress on their payloads :P
 
  • Like
Reactions: WulfyStylez
gudenau

gudenau

Largely ignored
Member
Level 14
Joined
Jul 7, 2010
Messages
3,855
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
4,547
Country
United States
WulfyStylez said:
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.

Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
Click to expand...
Where did you get this info? Could be an interesting project. Anyone have a GW to spare for tinkering?
 
WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,867
Country
United States
gudenaurock said:
Where did you get this info? Could be an interesting project. Anyone have a GW to spare for tinkering?
Click to expand...
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.

Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
 
Last edited by WulfyStylez,
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,159
Trophies
1
Age
32
Website
normmatt.com
XP
1,962
Country
New Zealand
WulfyStylez said:
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.

Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
Click to expand...
Nah its easier than that... but I don't want them to fix it :P
 
  • Like
Reactions: WulfyStylez
gudenau

gudenau

Largely ignored
Member
Level 14
Joined
Jul 7, 2010
Messages
3,855
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
4,547
Country
United States
WulfyStylez said:
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.

Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
Click to expand...
Why not follow the arm11 stuff for the arm9 stuff? You can so that now.
 
WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,867
Country
United States
gudenaurock said:
Why not follow the arm11 stuff for the arm9 stuff? You can so that now.
Click to expand...
That's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!
 
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,159
Trophies
1
Age
32
Website
normmatt.com
XP
1,962
Country
New Zealand
WulfyStylez said:
That's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!
Click to expand...
Yeah working through their obfuscation payloads is fun... I wrote an emulator just to make that easier for myself :P
 
zoogie

zoogie

playing around in the end of life
Developer
Level 24
Joined
Nov 30, 2014
Messages
8,507
Trophies
2
XP
14,439
Country
Micronesia, Federated States of
Bump for a big update on ntrcardhax.

@d3m3vilurr has finally achieved public implementation of ntrcardhax for his korean new3ds. Hopefully, he can provide some instructions on how to install it. :)



https://github.com/d3m3vilurr/ntrcardhax/tree/more (payload tool and 3dsx exploit launcher)
https://github.com/d3m3vilurr/Decrypt9WIP/releases (payload flasher for ak2i embedded in d9)

People may be asking why do we need this when there's already a9 sploits on 9.2. Because, with this, we can use dgtool potentially to downgrade nfirm to 10.3 and just use ntrcardhax right there on firmware 11.x to install a9lh. In short, we can avoid the risk and trouble of ctrnand downgrades to 9.2 completely.
 
Last edited by zoogie,
  • Like
Reactions: The Catboy, Zidapi, RyDog and 6 others
General chit-chat
Help Users
  • JuanMena @ JuanMena:
    Kissing random dudes choking in celery? Really? Need to study for that?
  • K3N1 @ K3N1:
    Yes it requires a degree
  • K3N1 @ K3N1:
    I could also yank out the rest of my teeth but theirs professionals for that
  • x65943 @ x65943:
    If your throat closes, putting oxygen in your mouth will not solve anything - as you will be introducing oxygen prior to the area of obstruction
  • JuanMena @ JuanMena:
    Just kiss me Kyle.
  • x65943 @ x65943:
    You either need to be intubated to bypass obstruction or create a stoma inferior to the the area of obstruction to survive
  • x65943 @ x65943:
    "Just kiss me Kyle." And I thought all the godreborn gay stuff was a smear campaign
  • JuanMena @ JuanMena:
    If I die, tell my momma I won't be carrying Baby Jesus this christmas :sad::cry:
  • K3N1 @ K3N1:
    Smear campaigns are in The political section now?
  • JuanMena @ JuanMena:
    Chary! Chary! Chary, Chary, Chary!
  • Sonic Angel Knight @ Sonic Angel Knight:
    Pork Provolone :P
  • Psionic Roshambo @ Psionic Roshambo:
    Sounds yummy
  • K3N1 @ K3N1:
    Sweet found my Wii u PSU right after I ordered a new one :tpi:
  • JuanMena @ JuanMena:
    It was waiting for you to order another one.
    Seems like, your PSU was waiting for a partner.
  • JuanMena @ JuanMena:
    Keep them both
    separated or you'll have more PSUs each year.
  • K3N1 @ K3N1:
    Well one you insert one PSU into the other one you get power
  • JuanMena @ JuanMena:
    It literally turns it on.
  • K3N1 @ K3N1:
    Yeah power supplies are filthy perverts
  • K3N1 @ K3N1:
    @Psionic Roshambo has a new friend
     +1
  • JuanMena @ JuanMena:
    It's Kyle, the guy that went to school to be a Certified man Kisser.
  • Psionic Roshambo @ Psionic Roshambo:
    Cartmans hand has taco flavored kisses
  • A @ abraarukuk:
    hi guys
  • Iron_Masuku @ Iron_Masuku:
    test
  • Iron_Masuku @ Iron_Masuku:
    Hello
  • Skelletonike @ Skelletonike:
    hmm
    Skelletonike @ Skelletonike: hmm