[Question] Homebrew/CFW on a Development Unit?

Discussion in '3DS - Flashcards & Custom Firmwares' started by NekoMichi, Mar 29, 2016.

  1. NekoMichi

    NekoMichi Retro Collector

    Jun 4, 2015
    Minus World
    Disclaimer: I don't have access to an actual development unit, these are just hypothetical questions.

    It's to my understanding that the "Panda" developer 3DS units are pretty much identical to retail units in terms of hardware, however they are running a special firmware that does not allow retail software to be run without being signed for that specific device.

    That being the case, how would one be able to access the Homebrew Launcher on such a unit, and subsequently create an emuNAND/install a CFW? Ninjhax, OoTHax, and SmashHax would not be possible since the games can't run on a dev unit, that leaves BrowserHax. The dev units have firmwares labelled 0.0.0 under Settings, so does that mean a specific payload must be made for them in order to load the Homebrew Launcher?

    And if a CFW were somehow installed with signature patching, would that enable the dev unit to run retail carts?

    Thanks in advance and I understand if these can't be answered due to lack of public knowledge or NDA-restricted information.
  2. BigPanda

    BigPanda Advanced Member

    Jul 18, 2016
    The only difference between Panda units and Retail units is the keys/certs used for encryption and signing. The version is not displayed in the setting menu by choice of Nintendo.

    Games can run on dev unit if you decrypt them using a retail 3DS unit (xorpads) and rebuild the game into a Debug signed CIA (Witch is possible since the common key is public in the SDK since it is needed to sign the debug cia)

    The problem with the Retail Cartridges is that the keys are different and the header also.
  3. dankzegriefer

    dankzegriefer GBAtemp Advanced Fan

    Aug 19, 2015
    United States
    ReiNand has a version for Panda Units but it's very barebones. Also I'm 90% sure ninjhax cannot run on devkits, so MSET exploit is used, or arm9loaderhax.
  4. mathieulh

    mathieulh GBAtemp Fan

    Feb 28, 2008
    Dev units basically use other keys, the main difference is that the dev private RSA exponents are known (used in the SDK tools) and therefore allow an official developer to sign content for his own dev unit, he however has to use pre-built accessdesc.
    As such, while the homebrew launcher does not run on dev (mostly because it relies on home menu ROPs that would need to be ported to the dev home menu), it doesn't need one to run software as you can sign and encrypt your own cia/ncch for development unit, which means you don't need an exploit to run your software on the device (you however need one for privilege escalation purposes, to run code on the arm9 for example)
    dankzegriefer likes this.