Hacking Possible to xorpad ENTIRE NAND?

drfsupercenter

Flash Cart Aficionado
OP
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,173
Country
United States
Got a question that I'm not sure has been asked before.

I know we can use VOiD's multi-decrypter to create a xorpad of the NAND FAT16 partition, and decrypt that portion of it using xor.

What I'd like to do is to try to modify the contents of my NAND from the computer and flash it back to the 3DS. I've got a NAND flash port installed so corrupting it isn't a big concern.

Here's what I tried.

Using just the VOiD software, I did a NAND dump and made a xorpad. I then followed the steps to xor the FAT16 partition (by chopping off the first bit of the NAND dump)

On my system, I had the profile name set to "lol"
So I extracted the file at /data/[id]/sysdata/00010017

Searching around in hex showed that the username was in there twice. Since re-injecting the file adds a bunch of metadata, I tried searching in the decrypted FAT16 .img itself, and it was also only in there twice.

FWIW, I searched for "6c006f006c" in hex. The 3DS uses UCS-2 meaning there's a 0x00 between each letter, "lol" would have just been 6c 6f 6c. So anyway, I changed the lol to kek, leaving the zeroes between each letter. Basically I changed 6 bytes in the entire file.

Saved it, ran xor again - comparing to the original encrypted file, only 6 bytes were different... as I would have expected. But what about that header?? I can't flash it back to the 3DS without that.

So I took the original one from my original NAND dump and appended it to the edited-and-reencrypted file. I also padded the end of it to match the right size (seems that xoring it removes a bunch of 0x00s at the end)

Flashed it to the 3DS and rather than being bricked... it started up as if I had just done a system format, asking me to fill in the profile information.

Huh???

So I'm assuming that bit of data before the FAT16 partition is some sort of sanity check. Meaning you can't just edit the FAT16 and expect it to work. Am I correct in thinking that?

And if so... is there a way to create a xorpad of the *entire* NAND so I can edit it like I described?
 

motezazer

Well-Known Member
Member
Joined
Feb 6, 2015
Messages
1,214
Trophies
0
Age
25
XP
1,452
Country
France
There are checks, yes, but WITHIN the FAT16. There is an AES-MAC for all data within the data folder. No need for decrypting the rest of the NAND (and it's not the same encryption).
 

drfsupercenter

Flash Cart Aficionado
OP
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,173
Country
United States
There are checks, yes, but WITHIN the FAT16. There is an AES-MAC for all data within the data folder. No need for decrypting the rest of the NAND (and it's not the same encryption).


Oh, so maybe that's why it didn't work, since I just modified the data without fixing the checks.

Do you know if it's possible to do that? The problem is that if I use WinImage to overwrite the file with a new file, it puts in all the metadata (date created, date modified etc) which the original FAT16 doesn't have.
 

motezazer

Well-Known Member
Member
Joined
Feb 6, 2015
Messages
1,214
Trophies
0
Age
25
XP
1,452
Country
France
Nobody has made one yet?

Somehow I would figure being able to edit your NAND is something lots of people would want the ability to do.

Perhaps some scene core members (like yellows8) made one, but a public way to recalculate AES-MACs is not known (but, as we have access to decrypt9 source code, I don't think it would be difficult).
 
  • Like
Reactions: Margen67

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Skelletonike @ Skelletonike:
    If the remaster is exclusive to the series x, I'll probably dust mine off
    +1
  • Skelletonike @ Skelletonike:
    Haven't used it since Starfield.
    +1
  • Skelletonike @ Skelletonike:
    I did originally buy a lot of games for it... But since it went multiplat, there was no reason to buy games for it.
    +1
  • BigOnYa @ BigOnYa:
    It should be on PC game pass also, along with Series console. New Doom coming May 15th looks good too. https://youtu.be/s1i3YfGl5ag?si=Um_nlUcmNsUy_9qc
    +1
  • Skelletonike @ Skelletonike:
    pc yeah, I just don't like the whole exclusives being released for all systems, kills the whole point of having an xbox at the moment.
  • Jayro @ Jayro:
    Don't buy Anbernic's emulation garbage. Be a real man, and step up to MiSTer FPGA.
    +1
  • Jayro @ Jayro:
    It's the rabbithole hobby you didn't know you needed. ^_^
  • The Real Jdbye @ The Real Jdbye:
    i have too many rabbithole hobbies
  • CallMeKii @ CallMeKii:
    need
  • CallMeKii @ CallMeKii:
    messages
  • CallMeKii @ CallMeKii:
    new rank
  • DinohScene @ DinohScene:
    don't spam for those messages please
    +3
  • SylverReZ @ SylverReZ:
    @realtimesave, You do know that I've been watching you this whole time. /jk :ninja:
  • DinohScene @ DinohScene:
    furry goon porn
  • SylverReZ @ SylverReZ:
    @realtimesave, Yeah, weed isn't for everyone and all.
  • Skelletonike @ Skelletonike:
    I feel like I just missed some phrases o.O
  • SylverReZ @ SylverReZ:
    @Skelletonike, :blink: Missed what now in chat?
  • Skelletonike @ Skelletonike:
    you're mentioning realtimesave, but there's no messages from him, so it seems off
  • console @ console:
    I agree with BigOnYa. I look at DOOM: The Dark Ages look stunning like bloody h*ll. That's like Doom 5th games I think. Awesome. I had few friends who are horror gaming fans would love it. I have to talk my friends about new Doom game upcoming. Cheers :yay:
  • console @ console:
    I'm shocked about hacker got in Google email to attack random people emails.

    Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

    https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html

    If anyone get weird messages in email. Never open it and delete them and move on. They need take very careful.

    Big happen will hit young people very hard and their email accounts can get hacked without warning. :blink:
  • Veho @ Veho:
    I liked Doom: The Dark Ages when it was called Hexen ;O;
    +1
  • console @ console:
    Awesome. I had play Doom 3 long time ago on my PC with Windows XP. So fun time and it's scare me out when reach at end of level that drive me insane.
    console @ console: Awesome. I had play Doom 3 long time ago on my PC with Windows XP. So fun time and it's scare me...