Hi is there anyway to get multiple roms xorpads at one time? How could i do it?
Just drag multiple roms onto ctrKeyGen.py.
Hi is there anyway to get multiple roms xorpads at one time? How could i do it?
Wel, that's something I would like to understand too.I not understanding some parts. Now can decrypt nand yes? Possible to create nand for forced downgrade? If not why not?
New version of the multitool thing:
https://www.sendspace.com/file/hnqb4b
Xorpad generation speed is roughly twice as fast as the current version! ~3.55MB/s, up from ~1.8MB/s.
I haven't thoroughly tested it, though. So please test all aspects of it.
Wel, that's something I would like to understand too.
Yeah we can dump NANDs and decrypt and encrypt back the FAT16 partition, where most of the stuff is stored... But it seems we can't decrypt the firmware partition, and that's what would be relevant for a downgrade.
Yeah but I wonder... Gateway has total control over the emunand and it's possible to make a system transfer from a real system to the emunand... So if we coud grab the necessary data from this transfered emunand and decrypt the firmware partition, could't we modify it (downgrade as necessary) and flash it back to the original system via a hardware mod? (implying the original info isn't lost in the transfer)To decrypt the NAND you need control over ARM9. But if you have that, you don't have any real reason to downgrade. Unless you can somehow use one 3DS to decrypt the NAND of another on a higher firmware, I'm not sure how helpful downgrading would be.
you would need xorpads from the original 3ds too or you couldn't encrypt back to the original 3ds's unique encryption, and you can only obtain them via arm9 control.....i think the only real stuff you might be able to do is maybe make a custom emunand.....maybe like changing region, but again now we can install title updates from other regions....the use would be rather limitedYeah but I wonder... Gateway has total control over the emunand and it's possible to make a system transfer from a real system to the emunand... So if we coud grab the necessary data from this transfered emunand and decrypt the firmware partition, could't we modify it (downgrade as necessary) and flash it back to the original system via a hardware mod? (implying the original info isn't lost in the transfer)
IF someone were able to reverse the hidden hardware crypto, and IF you had a way to dump the appropriate per-console keys without needing a Process9 exploit, it might be possible, but those are both very big 'if's and the amount of time and effort it'd require is probably comparable to just finding a new kernel exploit.
so is there any plans to fix the romfs issues with makerom, or is it just to keep this availableNew update:
1. Committed sbJFn5r's experimental changes to the git repo.
2. Merged einstein95 PR to implement padding via rsf in CDNto3DS.py: https://github.com/Relys/3DS_Multi_Decryptor/pull/1
3. Merged idunoe's PR to support CIA building in CDNto3DS.py: https://github.com/Relys/3DS_Multi_Decryptor/pull/2
4. Uploaded applestash's fork of Project_CTR to git and changed readme files to redirect there: https://github.com/Relys/Project_CTR
So. This is the improved way to hack your 3ds alternatively. Because I'm looking forward to doing so
Well. I took back that Micro SD Card holder and SD card. But unless there are other exploits. I still have my 4 GB SD card left. SoAll this can do it decrypt your files. If you want to edit things directly, I'm pretty sure there are checks that need to be patched. I know Gateway disables checks on roms and most CIAs, but I'm not so sure about NAND. You can probably do a little testing by messing with the NAND and injecting it into EmuNAND.
0004001
JPN USA EUR
00020000 00021000 00022000
Wouldn't it be better to just decrypt the update partition from a 9.2.0-20E game?Is it possible to receive a full update and build up a 3ds/cia including it for offline purpose?
Code:0004001 JPN USA EUR 00020000 00021000 00022000
I already have extracted my ticket keys and downloaded the file (v9.2.0-20E), but its only 5 MB and seems only a part of it.