Probably method to implement new keys into GW with the current exploit:

Discussion in '3DS - Flashcards & Custom Firmwares' started by PedroDJavier, May 5, 2014.

  1. PedroDJavier
    OP

    PedroDJavier GBAtemp Regular

    Member
    180
    20
    Oct 25, 2013
    Hi guys! first, excuse my bad english.

    A quick explanation: So, 6.3 and lower uses Old keys, and 7.0 and higer uses new keys. Let´s uses, NK (NEW KEY) OK (OLD KEY).

    We need to upgrade real NAND to 7.x or higer to apply the NK so.. why not...?

    1.- Backup real nand (better by soldering because GW sometimes in normal 3ds, not XL, don´t dump as well some special NAND chips..)

    2.-Update real nand to last version, i think, bootrom will be updated too.

    3.- Restore 4.x nand; bootrom will continue updated but we will can continue using the ds profile exploit because we´re in 4.x

    4.- Launch GW 2.1 (or not?) not probably, but is probable that emunand will load the NK title like youtube. Else, gateway would make a new launcher that supports the NK.


    Ok guys.. is probably that ?
    Thanks for your attention!
     
  2. DRWS

    DRWS Advanced Member

    Newcomer
    58
    11
    Sep 19, 2010
    United States
    No, the bootrom is on the NAND. If you revert to an older firmware by loading an older NAND you will get the old bootrom as well.
     
  3. Bonny

    Bonny GBAtemp Advanced Fan

    Member
    616
    104
    Dec 8, 2008
    Germany
    Bavaria
    I love theories!

    Question: Since gbatemp.net exists, did ever one of these "user-theories" came true / did work?
     
    matt123337 and robo989 like this.
  4. IronClouds

    IronClouds GBAtemp's Pokébro

    Member
    1,019
    460
    May 8, 2010
    United States
    Party pooper.
     
  5. robo989

    robo989 GBAtemp Regular

    Member
    145
    56
    Jul 13, 2010
    United States

    Hehe, my thoughts entirely.
    Theories on the internet only come from people of sub standard IQ who don't know what they're talking about, hence the theory, they don't even realize the complexity of the problem they have a theory on.
    ...The irony :)

    Unfortunately for the more intellectual amongst us, the internet gives every idiot a voice, that's great on the whole...just when it comes to "theories"....it's one of the negatives we have tolerate.
     
  6. tyons

    tyons GBAtemp Advanced Fan

    Member
    642
    97
    Jul 11, 2012
    Italy
    get your superiority complex elsewhere, all-perfect being.
     
  7. Arras

    Arras GBAtemp Guru

    Member
    5,880
    2,713
    Sep 14, 2010
    Netherlands
    Let's put it this way: if it really was as easy as update->downgrade and it works, the solution would have been found ages ago.
     
  8. misterb98

    misterb98 Moral Gateway User. Wat.

    Member
    450
    142
    Aug 24, 2010
    United States
    So either we need CFW or we need a 7.X exploit. Preferably both ^^
     
  9. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,116
    4,068
    Oct 7, 2007
    United States
    Levelland, Texas
    This won't work because boot rom is part of the NAND that you backed up. It gets reset back to old 4.5 when you restore it. The only way to do what you "theorized" is to decrypt the NAND, and go into it's file system and separate bootrom code from the rest and replace it with the newer one. That on top of the fact you might get a blue screen crash due to possible incompatible code. It's like trying to get Win7 to boot by using Windows 98's old kernel. You're gonna have a bad time... :P

    Since you'd need to know the private key of the 3DS you are trying this on, it's a moot point. If you had the ability to decrypt the NAND, you wouldn't need to do this in the first place. At this point I don't see 7.0 keys working until a 6.0+ exploit is found that has the same kernel access that the current 4.5 one does.

    You can't alter the filesystem at all if it's encrypted. Even if you know the specific sectors the bootrom was stored in, swapping it out will cause the 3DS to fail to decrypt it due to multiple CRC checks failing and the encryption means that it needs to be consistent with with the rest of the filesystem.

    That's just another random pipe dream. There's a hacking theories sticky thread...where you not aware of it? Mods/Admins have repeatedly stated that you need to post stuff like this in that thread. Stop cluttering up this section with random theory threads when there's more important stuff to be filling that space. :P
     
  10. Snailface

    Snailface My frothing demand for 3ds homebrew is increasing

    Member
    4,324
    1,983
    Sep 20, 2010
    Engine Room with Cyan, watching him learn.
    When has the bootrom ever been on the NAND?
    The NAND is R/W, which would invalidate the term bootROM.
     
    KiiWii, JayRo and Kaphotics like this.
  11. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,116
    4,068
    Oct 7, 2007
    United States
    Levelland, Texas
    Yeah another reason why this is a useless thread. Boot roms are typically permanent, thus the 7.0 keys wouldn't be stored there anyways.

    Which is why a old Wii with an exploitable boot rom can't be patched by Nintendo without a hardware revision. If there was such an exploit in the 3DS, it would be a major fail on Nintendo's part. Sure it would be pretty kick ass if there was one, but don't count on it. I would bet Nintendo learned their lesson with the Wii... :P
     
  12. Oxybelis

    Oxybelis GBAtemp Fan

    Member
    349
    74
    Jan 10, 2010
    They learned some lessons, but f0f still hacked Wii U
     
  13. Idaho

    Idaho GBAtemp Advanced Fan

    Member
    672
    402
    Oct 3, 2013
    France
    Well the best solution would be to find a solution to definitely flash the eeprom with a custom firmware, so if Gateway really wants those new keys, they will be looking for potential flaws in the bootloader to bypass those silly checks...