Hacking [Release] 3DSafe: In-NAND PIN lock for 3DS

[ironmaster49]

@mashers great job with your pinlocker software but i am paranoid that i will lose my otp.bin and forget my pin so im worried about using it.
Edit: Is it possible to use a9lh to dump my otp because i dont know if the otp.bin on my pc is for my 2ds or 3ds xl. I have firmware 11.0 already and corbenik cfw

Another edit. Can we have a pincode thing that loads after the cfw loads so i can just restore nand if i forget my pincode? Its just to block people that dont know 3ds hacks to use 3ds, i dont need utmost security i dont personally know anyone else personally that even knows about 3ds hacking scene basics. Its just to prevent the chance of brick.

Another edit to be more specific: It loads after the cfw but before the home menu loads for protection against unauthorized access, but is not as strong as @mashers current pinlock so i can just restore the nand if anything goes wrong.

I may be too demanding but thank you for your work your pincode is really good, it just scares me.
I found my otp if i use the wrong otp will my ds brick or will nothing happen thanks

 

[mashers]

@Posghetti
Thanks mate

@Billy Acuña
Actually I didn't think of storing them in NAND. I was intending to embed them in the payload which would limit what I could do graphically as the payload can't exceed a certain size. But storing them in NAND is a great idea! Thanks!

@ironmaster49
I think if you run SafeA9LHInstaller from A9LH it saves your OTP from memory to SD. Not 100% sure though. If you want a pin code which isn't NAND based, you could use Luma as your CFW. It has a PIN built in, but it's SD based so if you forget the PIN you can just delete a file from SD to allow it to boot.

 

[ironmaster49]

@Posghetti
Thanks mate

@Billy Acuña
Actually I didn't think of storing them in NAND. I was intending to embed them in the payload which would limit what I could do graphically as the payload can't exceed a certain size. But storing them in NAND is a great idea! Thanks!

@ironmaster49
I think if you run SafeA9LHInstaller from A9LH it saves your OTP from memory to SD. Not 100% sure though. If you want a pin code which isn't NAND based, you could use Luma as your CFW. It has a PIN built in, but it's SD based so if you forget the PIN you can just delete a file from SD to allow it to boot.

If i use the wrong otp.bin will it brick my 3ds or will nothing happen? Thanks. Because im not sure if my otp.bin is for my 2ds or 3ds xl

 

[mashers]

If i use the wrong otp.bin will it brick my 3ds or will nothing happen? Thanks. Because im not sure if my otp.bin is for my 2ds or 3ds xl

In 3DSafe? No it won't brick. It will just tell you the OTP isn't valid for the console and then you'll have to enter the PIN.

 

[ironmaster49]

In 3DSafe? No it won't brick. It will just tell you the OTP isn't valid for the console and then you'll have to enter the PIN.

Thank you mate i will try both otps thanks. I have saved my otp on cloud storage too xD

 

[Billy Acuña]

@Posghetti
Thanks mate

@Billy Acuña
Actually I didn't think of storing them in NAND. I was intending to embed them in the payload which would limit what I could do graphically as the payload can't exceed a certain size. But storing them in NAND is a great idea! Thanks!

@ironmaster49
I think if you run SafeA9LHInstaller from A9LH it saves your OTP from memory to SD. Not 100% sure though. If you want a pin code which isn't NAND based, you could use Luma as your CFW. It has a PIN built in, but it's SD based so if you forget the PIN you can just delete a file from SD to allow it to boot.

Actually, since you have ctrnand read/write access on 3DSafe, in theory you can load any payload from ctrnand, perhaps you can store a modified version of SaltFW and, with that, you could boot without SD with no need to make stage2's payload any bigger due firm0's size limitations

 

[Zero72463]

Doesn't Luma have this feature?

 

[Billy Acuña]

Doesn't Luma have this feature?

Nope, with Luma anyone always can delete the pin.bin, with this you cannot since is stored on the nand and you only can remove/edit it with your own otp, perfectly to avoid stealers.

 

[mashers]

Thank you mate i will try both otps thanks. I have saved my otp on cloud storage too xD

Good plan As per the installation instructions, you should check that the OTP works as a bypass immediately after setting up 3DSafe. It's better to know now if it's not going to work so you can take steps accordingly.

@Billy Acuña
Ooh I didn't know that. Well, even so I think it's best to store the images separately in CTRNAND rather than embedding them in the payload, so they can be customised if desired.

--------------------- MERGED ---------------------------

By the way, have people been able to update this using SafeA9LHInstaller after entering the PIN? I've found that the CTRNAND access in 3DSafe affects SafeA9LHInstaller's ability to access the NAND so it won't work. I have to bypass the PIN using OTP if I want to use SA9LHI since the bypass only accesses the SD card, not NAND. I'm curious to know if others are finding the same.

 

[ironmaster49]

@mashers what is your opinion on installing this program on a 3ds without a hardmod? Is it just as safe as a9lh or is it more risky? BTW what cfw do you use it looks nice on startup.What boot anim is that

 

[mashers]

@mashers what is your opinion on installing this program on a 3ds without a hardmod? Is it just as safe as a9lh or is it more risky? BTW what cfw do you use it looks nice on startup.What boot anim is that

Installing it is, in theory, no more risky than installing any other A9LH payload. The additional risk is that if you forget your PIN and lose your OTP, you can't regain access to your 3DS. I use Luma as my CFW and the image on startup is a splash screen called N3DS Space from 3dsthem.es.

--------------------- MERGED ---------------------------

I've just removed the 0.3 release from GitHub as I found that with this version, the problem with running SafeA9LHInstaller persisted even after using the OTP bypass. I think the OTP verification messes with the ability of SafeA9LHInstaller to read the necessary parts of memory or NAND so it can't gain the necessary privileges to do what it needs to do. Fortunately, Decrypt9 still seems to be able to restore a NAND dump even after going through 3DSafe 0.3, so any 0.3 users should be able to restore a NAND dump using Decrypt9 as their A9LH payload. I'm working on an update which will address this issue.

 

[ironmaster49]

Installing it is, in theory, no more risky than installing any other A9LH payload. The additional risk is that if you forget your PIN and lose your OTP, you can't regain access to your 3DS. I use Luma as my CFW and the image on startup is a splash screen called N3DS Space from 3dsthem.es.

--------------------- MERGED ---------------------------

I've just removed the 0.3 release from GitHub as I found that with this version, the problem with running SafeA9LHInstaller persisted even after using the OTP bypass. I think the OTP verification messes with the ability of SafeA9LHInstaller to read the necessary parts of memory or NAND so it can't gain the necessary privileges to do what it needs to do. Fortunately, Decrypt9 still seems to be able to restore a NAND dump even after going through 3DSafe 0.3, so any 0.3 users should be able to restore a NAND dump using Decrypt9 as their A9LH payload. I'm working on an update which will address this issue.

Good thing i never installed it, is it updateable and uninstallable? Thanks. Gonna try it now or later.

 

[mashers]

Good thing i never installed it, is it updateable and uninstallable? Thanks. Gonna try it now or later.

Don't worry, it was a non-critical bug. Basically with 0.3, you wouldn't be able to run SafeA9LHInstaller if 3DSafe was installed, so you wouldn't be able to either update 3DSafe or install a different A9LH payload to remove it. However, I've been able to work around the bug simply by putting my NAND backup on my SD card, going through 3DSafe, booting Decrypt9, and restoring my NAND backup. That left me with a clean A9LH (without 3DSafe) and the ability once again to run SafeA9LHInstaller. The next update will address this issue.

 

[mashers]

Ok this is surprising... I've actually got SafeA9LHInstaller fully integrated into 3DSafe now. That means that even though running SafeA9LHInstaller doesn't work because 3DSafe affects its ability to verify the OTP, you can still use SafeA9LHInstaller if you need to simply by running it within 3DSafe

Release coming up shortly.

 

[mashers]

Right guys, release 0.4 is now up on GitHub. This release adds a built-in version of SafeA9LHInstaller. This is because SafeA9LHInstaller doesn't work if it's booted as a payload after 3DSafe. Now, you can just run it directly from within 3DSafe if you want to update 3DSafe or install a different A9LH payload.

Edit: If you're on 3DSafe 0.3 currently, you'll have to do the following, since SafeA9LHInstaller won't allow you to update to 0.4:

1. Get past 3DSafe by entering your PIN (or using OTP bypass)
2. Run Decrypt9WIP
3. Restore a NAND backup to one without 3DSafe (or with an earlier version)
4. Run SafeA9LHInstaller and install the payloads for 3DSafe 0.4
5. From this point on, you'll be able to update your A9LH payload from within 3DSafe

 

[Conn0r]

inb4 ransomware fork

 

[mashers]

inb4 ransomware fork

Actually you're too late. Somebody has already made an obnoxious comment like that. Put simply, if you're seriously worried that somebody would ransom your 3DS (which is pretty ridiculous) then you'd be better off installing this now to prevent somebody else from doing it.

 

[MadMageKefka]

@mashers If I were going to install this and I currently have a9lh v1 installed, would I just follow plailect's a9lh update guide and replace the payload files included with these ones? I don't plan to install it just yet, gonna wait till you're done tinkering with the main functions, just wanna know.

 

[mashers]

@mashers If I were going to install this and I currently have a9lh v1 installed, would I just follow plailect's a9lh update guide and replace the payload files included with these ones? I don't plan to install it just yet, gonna wait till you're done tinkering with the main functions, just wanna know.

I haven't seen Plailect's guide (it didn't exist when I installed A9LH). However, the instructions for installing are on the GitHub page and also on the first post in this thread. The basic process is that you put the 3DSafe payloads in /a9lh on your SD card, boot your 3DS into SafeA9LHInstaller, and press SELECT to update A9LH. That will install the 3DSafe payloads as your A9LH, overwriting whatever was there before. There are other steps for safety, but that's the basic process.

 

[MadMageKefka]

I haven't seen Plailect's guide (it didn't exist when I installed A9LH). However, the instructions for installing are on the GitHub page and also on the first post in this thread. The basic process is that you put the 3DSafe payloads in /a9lh on your SD card, boot your 3DS into SafeA9LHInstaller, and press SELECT to update A9LH. That will install the 3DSafe payloads as your A9LH, overwriting whatever was there before. There are other steps for safety, but that's the basic process.

https://github.com/Plailect/Guide/wiki/Updating-arm9loaderhax
Ah, I'm almost positive it should work as I thought then. Seems like the same, simple process described here. Thanks!