[Question] Obtaining OTP

Discussion in '3DS - Flashcards & Custom Firmwares' started by moopas, Feb 26, 2016.

  1. moopas
    OP

    moopas Advanced Member

    Newcomer
    80
    9
    Aug 7, 2010
    United States
    Greetings.

    As the title suggests, I have a question regarding the method of obtaining the OTP file.

    I read through the tutorial several times, but am not personally savvy about coding, hex editing, etc. So while I have downgraded from 10.3 to 9.2, setup and unlinked emunand, setup coldboot into a cfw and everything, I have done so by following tutorials and asking questions. With that said, I apologize if my question here on this topic is glaringly clear and redundant

    Question: In the OTP guide, everything seems straightforward and easy, but upon the step of running python to unbrick the 2.1 emunand, then restoring that unbricked nand to sysnand. My question is "why can't we just restore that unbricked nand to emunand?"

    I have not obtained my OTP because I have everything running excellently, and have been and seen repeated warnings of easily bricked sysnands despite perfect attempts, so I am waiting for a safer method. Just wondering why nothing can be done to get the OTP from the unbricked nand if restored to emunand.

    Followup question: Will there be a way to more safely obtain the OTP anytime soon via how I stated via a new method any time soon? Just curious.

    Thanks for taking the time to read this, as well as any responses offered.
     


  2. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    Because there was no CFW back in the days of 2.1, so there is no CFW that will boot it.
     
  3. moopas
    OP

    moopas Advanced Member

    Newcomer
    80
    9
    Aug 7, 2010
    United States
    Ah, that does make a lot of sense. How hard would it be to make one? Would that be the safest and easiest way?
     
  4. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    It still wouldn't work. The Keys will have already been initialized and locked away before you got into 2.1 because you booted >4.0 first. Guess I should have stated that as the reason.
     
  5. moopas
    OP

    moopas Advanced Member

    Newcomer
    80
    9
    Aug 7, 2010
    United States
    Ah, okay. I always thought booting emunand counted as a second boot, didn't realize that the system restraints of the initial sysnand boot were still there. That's what I meant by my question was probably redundant. So to clarify, even booting into any emunand, the sysnand used to initialize that emunand is what locks the OTP region?

    Just out of curiosity then, may I ask what method would make it safer? (I'm not asking you to make it or if it is out)
     
  6. dkabot

    dkabot Better With Others' Systems Than Their Own

    Member
    998
    349
    Sep 9, 2014
    United States
    It's pretty safe as-is. Sysupdater will tell you if the downgrade has errors, and the fix N3DS needs is done automatically by a script.
    All I can think of is a CFW to boot 2.1 (to confirm it works, only) and maybe more checks on the script that patches N3DS encryption.
     
  7. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
  8. moopas
    OP

    moopas Advanced Member

    Newcomer
    80
    9
    Aug 7, 2010
    United States
    Very nice. I do have an N3DS, so as you said, it would still be fine.

    From your experience, is getting the OTP worth the risk of messing with sysnand and all of the random bricks people are warning of? Or should I wait since I'm currently in a great spot with coldbooting cfw and emunand. (Decent 90% bootrate)
     
  9. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    The only way to *really* make it safe is to keep a backup and do a hard mod. Either way, keep a backup. You can hard mod (or pay someone to do it for you) later if you mess something up. Only bricks I've heard of though are from idiots who tried installing a9lh that was compiled with someone else's OTP. OThers are just people that THOUGHT they had bricked because they didn't have an a9lh payload setup properly.

    @Stecker8 just keep trying. If you try like 5 times in a row and it won't work, turn off your wifi, go into your browser settings, clear cache and delete cookies, then go to the web address again (nevermind that it yells at you because your wifi is off), then turn on your wifi and refresh the browser page. That should get it working.
     
    Last edited by urherenow, Feb 26, 2016
  10. dkabot

    dkabot Better With Others' Systems Than Their Own

    Member
    998
    349
    Sep 9, 2014
    United States
    In my experience, getting the OTP is the safe, tested, easy part.
    Installing A9LH is where I clench and where something died for some reason.

    That said, this is emerging stuff that's really just going places.
    So far we have the option of CFW on SysNAND (can still use EmuNAND if you wish), basic Decrypt9 on boot (dump/restore only), some slight brick protection (once it's installed, you can always restore if FIRM0/1 are intact), faster boot, 100% boot rate and whatever comes in the future.

    It's up to you whether it's worth atm as compared to Menuhax
     
  11. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
    freeze :hateit:
     
  12. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    Using everything from the guide?

    Section IV - Restoring the System
    1. Copy all files from New_3DS_Spider_[U/E/J]/Section_IV/Copy_To_SD_Card/ to your SD card. Replace any existing files.
    2. Delete any sysNAND or emuNAND .bin files from the root of your SD card.
    3. Copy sysNAND.bin and emuNAND.bin from New_3DS_Spider_[U/E/J]/Section_I/Backup/ to the root of your SD card.
    4. Rename sysNAND.bin to NAND.bin on your SD card.
    5. Reinsert your SD card and go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
    6. After Decrypt9 has loaded, follow the options on the main menu to restore your sysNAND and your emuNAND from NAND.bin and emuNAND.bin respectively.
    7. Shut down your 3DS and delete all files on the SD card using your computer. (Do not format.)
    8. Copy all files from New_3DS_Spider_[U/E/J]/Section_I/Backup/SD_Backup to your SD card.
    9. Reinsert the SD card and reboot!
    EDIT:oops.. obviously from the o3ds guide, if that's what you're using :P

    1. Copy all files from Old_3DS_Spider_[U/E/J]/Section_IV/Copy_To_SD_Card/ to your SD card. Replace any existing files.
    2. Delete any sysNAND or emuNAND .bin files from the root of your SD card.
    3. Copy sysNAND.bin and emuNAND.bin from Old_3DS_Spider_[U/E/J]/Section_I/Backup/ to the root of your SD card.
    4. Rename sysNAND.bin to NAND.bin on your SD card.
    5. Reinsert your SD card and go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
    6. After Decrypt9 has loaded, follow the options on the main menu to restore your sysNAND and your emuNAND from NAND.bin and emuNAND.bin respectively.
    7. Shut down your 3DS and delete all files on the SD card using your computer. (Do not format.)
    8. Copy all files from Old_3DS_Spider_[U/E/J]/Section_I/Backup/SD_Backup to your SD card.
    9. Reinsert the SD card and reboot
     
    Last edited by urherenow, Feb 26, 2016
  13. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
    Yes and using this
    Section III - Getting the OTP
    1. Copy all files from Old_3DS_Spider_[U/E/J]/Section_III/Copy_To_SD_Card/ to your SD card. Replace any existing files.
    2. Go to http://dukesrg.github.io/2xrsa.html?arm11.bin on your 3ds.
    3. Wait for the flashes. You can power off after about ten seconds of flashing.
    4. Check for a file named a9f.bin on the SD card. If the exploit was successful then it should be 256 Bytes.
    5. Remove your SD card and copy a9f.bin to your computer.
    6. Rename a9f.bin to OTP.bin.
    7. Backup OTP.bin somewhere safe.
     
  14. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    did you check for a9f.bin? Is it 0kb?
     
  15. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
    Yes and it doesn´t exist
     
  16. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    Create it, then try again. Just a blank file named a9f.bin.
     
  17. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
    Testing it
     
  18. urherenow

    urherenow GBAtemp Addict

    Member
    2,867
    834
    Mar 8, 2009
    United States
    Japan
    Sorry if it doesn't work. I used Cubic Ninja. I HAD to create a blank OTP.bin. You are on 2.1 sysnand, I assume...
     
    Last edited by urherenow, Feb 26, 2016
  19. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
    It doesn´t work
     
  20. AnukWolf

    AnukWolf GBAtemp Regular

    Member
    107
    36
    Oct 14, 2015
    Gambia, The
    When I did those steps the first time, I only saw one black flash and then it froze, is it the same for you?
    The reason was, that I forgot the first step, aka copying everything from Section III to sd card. There should be a arm11.bin file on your sd root then.
    I followed the n3ds spider guide and I didn't need to create an empty a9f.bin.