Would be nice if it could display some contact information for if someone finds your 3DS.
I think the point is you only copy the OTP to the card if you forget the pin.And if your console is stolen with the SD inside... The console will be always unlocked.
You need the pin as txt file on the SDCard. So if the console is stolen you can just read pin code on the SDcardI think the point is you only copy the OTP to the card if you forget the pin.
He was talking about when it is written to the NAND, and a suggestion for a back door is having the OTP on the card.You need the pin as txt file on the SDCard. So if the console is stolen you can just read pin code on the SDcard
Correct.Nice ^^
So if I can't remember the PIN, my 3DS is useless if I have no hardmod and a NAND backup?
N3DS Space, from here: https://splash.3dsthem.es/?q=user:HeyItsJonoEDIT: What spash screen are you using in the video?
Correct. It's only written to SD temporarily while I figure out how to write it to NAND and read back from NAND.He was talking about when it is written to the NAND, and a suggestion for a back door is having the OTP on the card.
The risk of brick is not really any higher than installing any other A9LH payload. Just make sure you make a note of the PIN once NAND PIN storage is implemented. For now if you forget it you can just delete the pin.txt from the SD card to get around it.I would totally use this, but the risk of a brick is kind of a turn off for me...
Actually somebody else mentioned that but I forgot to add it to the to-do list.Would be nice if it could display some contact information for if someone finds your 3DS.
Forgetting the PIN is a stupid idea.this is a stuipd idea forget the pin and your 3ds is like a brick
Hmm, what can you do in hourglass9? Just restore a NAND backup?You should be able to boot into Hourglass9 at least without the pin. The owner of the console is going to be the only person with a backup.
In the meanwhile, maybe you can encrypt that file using a key extracted from the console. Provided that you have a NAND backup, it should be possible to decrypt the key in case you forget the PIN (without restoring the backup), without a pointless backdoor.Currently, the PIN is loaded from a file on SD (/pin.txt). This means that editing the file will change the PIN, and deleting it will remove the requirement to enter the PIN. This will change once NAND reading and writing has been added, at which point the PIN will be stored in NAND and it will not be possible to change it until the PIN has been entered. This will mean that there will be absolutely no way to circumvent the PIN lock.
I have no idea. But it's not really worth adding encryption/decryption since SD storage of the PIN is temporary.In the meanwhile, maybe you can encrypt that file using a key extracted from the console. Provided that you have a NAND backup, it should be possible to decrypt the key in case you forget the PIN (without restoring the backup), without a pointless backdoor.
I'm not sure which console-specific keys can be accessed, though...
Is it possible?
Also, it's only because of the PIN I chose that it's 6-digit. You could use any length of PIN you like.Anyway... if you forget the PIN and don't even have a NAND backup, you could always try every possible combination (but since it's a 6-digit code, good luck with that... 10^6=1000000)
you keep your nand backups on your SD? Or your OTP? There's no reason for that tbh.And if your console is stolen with the SD inside... The console will be always unlocked.
make it generate a key file or some thing and if its on the sd it will let you boot it with out a pin and every key file is different for every 3ds those other solutions will let a theif brick your 3ds they could just download the hourglass9 bin file to get in it needs to be different for every 3ds@Quantumcat
The problem with booting hourglass9 if the PIN is incorrect is that the user could replace the hourglass9 payload with something else (i.e. CFW) to get the 3DS to boot even with an incorrect PIN. A couple of ideas which occur to me are:
Of the two solutions, I am leaning more towards the first. What do you think?
- Once NAND reading and writing is working, the hourglass9.bin payload could be stored as a file in NAND, and then saved to SD any time it is needed. That way, only hourglass9 will be bootable if an incorrect PIN is entered
- Extract the parts of hourglass9 which write the NAND backup and incorporate it directly into 3DSafe
I don't know why this is a problem. Remember that you would have to restore a NAND from the device itself. So if the 3DS were to be stolen, somebody would have to restore YOUR NAND backup using a hardmod. For that to happen, the 3DS thief would have to know where I live, know where I keep my NAND backup, break in to my house and steal it. I think at that point I have bigger problems than my 3DS
I don't know what that has to do with Apple. But the only person who would not know my 3DS PIN would be a thief. And if they've got my property, then I'm absolutely happy for the 3DS to be a brick.
Too easy to circumvent. Thief google's 3DS PIN code, finds the GitHub page for 3DSafe, and obtains the backdoor combination, rendering the PIN completely useless.
Let me reiterate: I will not be adding a back door function to this payload. If you don't like the idea of a locked NAND with no way of bypassing the lock, then don't use it.
what good would that do ? since hourglass9 will never overwrite a9lh, it won't replace the stage1/2 of a9lh and thus won't help to recover from a forgotten pin code. also, sorry to bust your bubble, but if you allow people to overwrite their nand, people on O3DS can easily bypass your stage 1 and 2 thanks to the fact that a9lh is totally standardized, simply repace firm0 by a o3ds firm that is smaller than a9lh firm1 (and they exist) and it totally bypasses the pin code and if the used firm is from before 11.0, a downgrade will bring them back to an exploitable firmware.@Quantumcat
The problem with booting hourglass9 if the PIN is incorrect is that the user could replace the hourglass9 payload with something else (i.e. CFW) to get the 3DS to boot even with an incorrect PIN. A couple of ideas which occur to me are:
Of the two solutions, I am leaning more towards the first. What do you think?
- Once NAND reading and writing is working, the hourglass9.bin payload could be stored as a file in NAND, and then saved to SD any time it is needed. That way, only hourglass9 will be bootable if an incorrect PIN is entered
- Extract the parts of hourglass9 which write the NAND backup and incorporate it directly into 3DSafe
You can do a MD5 or SHA1 verification to see if the payload is actually hourglass9@Quantumcat
The problem with booting hourglass9 if the PIN is incorrect is that the user could replace the hourglass9 payload with something else (i.e. CFW) to get the 3DS to boot even with an incorrect PIN. A couple of ideas which occur to me are:
Of the two solutions, I am leaning more towards the first. What do you think?
- Once NAND reading and writing is working, the hourglass9.bin payload could be stored as a file in NAND, and then saved to SD any time it is needed. That way, only hourglass9 will be bootable if an incorrect PIN is entered
- Extract the parts of hourglass9 which write the NAND backup and incorporate it directly into 3DSafe
So that mean if we hate someone we can use your "3DSafe" one him and choose a random password and then boom he can never play with it !!!!!!The idea is that there is no backdoor. If there's a backdoor, it's useless.
The code is on GitHub, so if anybody wants to fork it and add a backdoor then that's up to them, but in this release there won't be one.