NULL

"prefetch abort (svcbreak) processor ARM9" after CTRTransfer

Discussion in '3DS - Flashcards & Custom Firmwares' started by PizzaYandere37, Jun 8, 2019.

  1. PizzaYandere37
    OP

    PizzaYandere37 Member

    Newcomer
    1
    Jan 21, 2017
    France
    had to get a look at SecureInfo_A and at the 000000100 line, the 02 became 01 after a ctrnand transfer of the 11.5.0 E bin file
     
  2. TurdPooCharger

    TurdPooCharger Meh

    Member
    11
    Jan 1, 2018
    United States
    The purpose of checking those files (LFCS_B, movable, HWCAL0, HWCAL1, SecureInfo) in the [1:] SYSNAND CTRNAND, was to make sure the o3DSXL is using the correct copies so Nintendo doesn't ban that system when you use online services (Nintendo eShop, system updates, game play, theme shop, Internet browser, etc).

    Can your o3DSXL boot HOME Menu, or does the prefetch abort error still happens?
    You mentioned the o3DSXL went back to being bricked even though you tried the CTRTransfer (Type D9).

    In the other thread, ThatOneCookie has a n2DSXL where CTRTransfer(s) weren't fixing his softbrick. The only way we were able to solve and fix his brick was that he sent his NAND images over so I can temporarily use them on my n3DSXL to take a closer look for each file... by mailing his n2DSXL to my house.
    Of course, if you were to agree to this idea, it would mean trusting me to safeguard your private data. That choice is up to you.
     
    Last edited by TurdPooCharger, Jun 12, 2019
  3. PizzaYandere37
    OP

    PizzaYandere37 Member

    Newcomer
    1
    Jan 21, 2017
    France
    I'm sorry but I won't send it, the cost of an airiship is too much just for that, but, if you're ok, I would be ok for a discord call where I'll turn on my cam so you can see my 3DS
     
  4. TurdPooCharger

    TurdPooCharger Meh

    Member
    11
    Jan 1, 2018
    United States
    Check PM inbox. Pigeon Express Carrier is extremely cost efficient!
     
  5. TurdPooCharger

    TurdPooCharger Meh

    Member
    11
    Jan 1, 2018
    United States
    Posting a follow-up of what happened.

    After talking to @PizzaYandere37 in private, he eventually relented to overnight ship his o3DSXL. While the price to mail from France to Florida and back wasn't cheap by any means, he was able to amass payment in a timely fashion.
    Debugging his o3DSXL as-is proved unwieldy due to a bulky body case. Safe removal of the case wasn't an option because of it's frail condition... I didn't want to send back his o3DSXL with it broken.


    Because I'm a stickler for good form factor when it comes to handheld electronics and to get around this problem, the o3DSXL NAND images [ ctrnand_full.bin, twln.bin, twlp.bin, and essential.exefs ] were dumped and temporarily used on my nephew's o2DS.

    After examining the files mentioned from post #13, the causes of the brick became apparent.

    Oh dear...

    What happened to PizzaYandere37's o3DSXL was very unfortunate. There was a prior attempt at region changing the firmware from native (EUR) to (USA). The SecureInfo_A shown in that picture found in [1:] SYSNAND CTRNAND comes from the public CTRTransfer image, 11.5.0-38U_ctrtransfer_o3ds.bin; CW72535537 is not the o3DXL's serial number when compared against the inspect.log from the [2:] SYSNAND TWLN. That means the real & original SecureInfo, LFCS, and movable were lost along the way presumably from failed or incomplete CTRTransfer(s). Only the HWCAL0.DAt and HWCAL1.DAt were intact.

    What made matters worse is that GodMode9 never had the chance to properly backup those three files for the essential.exefs. To make the situation even more shitty, the o3DSXL's first [sys|emu|red]nand.bin image backed up when it was first hacked was lost after his old computer died and was sold off last year.


    In order to get the o3DSXL in a bootable state, the movable.sed was replaced with another dummy copy but in functional format.
    • This file has the size of 0x120 (288) bytes filled with all zeros (00), except for block 0x00-0x03 having the magic header (53 45 45 44 - SEED).

    The replacement SecureInfo_A was borrowed from the 11.5.0-38E_ctrtransfer_o3ds.bin edited with the o3DSXL's actual serial number. Although this file is no longer signed where uninstalling custom firmware would brick the o3DSXL, it is hoped that Nintendo doesn't notice anything amiss should those first 0x100 (256) bytes are ever checked.

    Lastly, the LocalFriendCodeSeed_B was not replaced in the initial firmware repair.


    After updating the firmware to 11.10.0-43E, fixing the TWL system titles, and adding CTRNAND Luma3DS with GodMode9 payload, I took the fixed images from the o2DS, reflashed them back on the o3DSXL, and mailed backed his system.

    To get around the issue of not being able to access Nintendo eShop or use other online services,

    @PizzaYandere37 was tasked to:
    1. Create an initial dummy user profile.
    2. Format System Memory in order to make another dummy user profile.
      • This converts the movable.sed to 320 bytes with AES-CMAC.
    3. (Real Nintendo) System Transfer his o3DS profile over to the o3DSXL.
      • The o3DS movable.sed gets sent to the o3DSXL. (ie, given a real/valid movable.sed).
      • This links the NNID to the o3DSXL. As far as Nintendo server record is concerned, his o3DSXL should be able to visit Nintendo eShop.
    4. Copy and share the o3DS LocalFriendCodeSeed_B over to the o3DSXL after the System Transfer.
      • This allows the o3DSXL to regain access to other online services: game play, Internet.
      • However, there's the risk that LFCS_B might get banned/burned if both o3DS and o3DSXL are using it at the same time.

    ***

    I'm glad I got a chance to study this brick as it helped to point out some weaknesses in the current version of the CTRTransfer (Type D9) script. It wouldn't have fixed this brick mainly due to poor handling or distinguishing whether those essential files are valid or good copies. The next planned release of Type D9 will include fixes so bricks like this one won't be a problem to at least allow the 3DS/2DS to boot HOME Menu.
     
    Last edited by TurdPooCharger, Jun 16, 2019
    KleinesSinchen likes this.
  6. PizzaYandere37
    OP

    PizzaYandere37 Member

    Newcomer
    1
    Jan 21, 2017
    France
    Well, I'm happy that my problem could help you xD
     
Loading...