[Release] BootRom Dumper (A9LH Only!)

Discussion in 'The Edge of the Forum' started by Supster131, Apr 1, 2016.

  1. Supster131
    OP

    Supster131 (づ。◕‿‿◕。)づ *:・゚✧

    Member
    3,193
    2,210
    Jan 19, 2016
    United States
    My Computer
    EDIT: Yes, of course this was an April Fools joke, lol. The story I gave was bullshit obviously :P Only truth to it was that mid-kid and Aurora helped me create this (they pretty much did all the work, I just changed a bit of the text). So huge thanks to them for making this possible! As promised, I will release the source for it (I don't know why anyone would want it though). It's based on Aurora's SafeA9LHinstaller.

    [Source] https://mega.nz/#!8Is0GYwR!hl-Bo8NdQoXAWFvZgql_YMqpgjgucDIX8CqpBKrG50w

    ORIGINAL POST:
    After a long while of testing and debugging, this was finally made possible. A bootrom dumper for the 3DS!
    [​IMG]
    This project started a few weeks ago. I was over on #cakey and was asked by mid-kid if I can help him out on something. I agreed. He told me he was working on something that would change the world. He sent me an early build of the bootrom dumper and it bricked my 2DS. Fortunately I have a hardmod for it. We continued testing, but it simply wouldn't want to work. A few days later I asked Aurora for some help. She was kind enough to lend a hand. She was able to find the correct offsets of the bootrom and even integrate screen-init to the payload (due to some people using her fork of A9LH. So yes, you can use this on any fork of A9LH). Finally, a few days ago Aurora and mid-kid got the dumper to work. You should have seen their reactions, they were almost going insane. As for what the bootrom can be used for, I wasn't told. I was simply told I had the rights to share this.

    We tried making this work with 9.2 sysNAND, but it simply wouldn't work. It would freeze the system and create a corrupted file. So we opted to keep it A9LH only, since there's flaw in that the bootrom reads from a special SD card used at the factory. We originally dumped it that way, but we found that it was inefficient and risky. After some trial and error a safer way to dump the bootrom was found. Unfortunately we still couldn't to get it to work with HBL as the bootrom would have already been locked at that point.

    Also, due to the request of mid-kid and Aurora, I cannot share the source code for this at the moment. They still need some time to clean up and polish the code. They told me they will most likely release the source for it in a day or two.

    Download link: https://mega.nz/#!tRdxBKIC!Yk_w3zpfJ9bcGhVSKa_MpsQC3Q58Gfj86nEf6U2qW6w

    Shout out to @mid-kid and @Aurora Wright for making this possible!
    Shout out to @daxtsu and icecream for helping me test this!

    Edit: Thanks to @astronautlevel for making the first ever bootrom exploit. It's similar to A9LH.
     
    Last edited by Supster131, Apr 2, 2016


  2. nooby89

    nooby89 A normal member with a stupid alias

    Member
    1,613
    223
    Aug 18, 2015
    Canada
    ...
    April Fool?

    I will test that...
     
  3. Just Passing By

    Just Passing By GBAtemp Advanced Maniac

    Member
    1,562
    594
    Jan 3, 2016
    United States
    THIS IS AMAZING!... If I knew what it's used for... lol.
     
  4. zoogie

    zoogie simple pimp tool

    Member
    6,321
    7,993
    Nov 30, 2014
    United States
    What are the odds this dumps the bootrom
    Warning: Spoilers inside!
     
    Games&Stuff and nooby89 like this.
  5. Just Passing By

    Just Passing By GBAtemp Advanced Maniac

    Member
    1,562
    594
    Jan 3, 2016
    United States
    It's still the 31st for me. If this is a joke, I'm gonna be very disappointed. "Change the world" they said. F*ck that if it's for april fools.
     
    Last edited by Just Passing By, Apr 1, 2016
    Gray_Jack likes this.
  6. GraFfiX420

    GraFfiX420 GBAtemp Regular

    Member
    151
    43
    Oct 14, 2009
    United States
    Dumped mine twice just to be sure...
     
  7. LinkSoraZelda

    LinkSoraZelda GBAtemp Advanced Maniac

    Member
    1,980
    625
    Aug 12, 2015
    United States
    Land of the Rising Orange
    I thought this was a troll post, but I don't know.
     
  8. astronautlevel

    astronautlevel The Young Descendent of Tepes

    Member
    4,039
    4,979
    Jan 26, 2016
    United States
    That Nightly Site™
    I weep for humanity.

    EDIT: Holy shit this actually works.
     
    Last edited by astronautlevel, Apr 1, 2016
    Supster131 likes this.
  9. hudhair

    hudhair GBAtemp Advanced Fan

    Member
    633
    76
    Apr 23, 2013
    United States
    Whats it used for?
     
  10. nooby89

    nooby89 A normal member with a stupid alias

    Member
    1,613
    223
    Aug 18, 2015
    Canada
    Me too, I am on 31st, but it's an April Fool Homebrew.
     
    Just Passing By likes this.
  11. astronautlevel

    astronautlevel The Young Descendent of Tepes

    Member
    4,039
    4,979
    Jan 26, 2016
    United States
    That Nightly Site™
    Theoretically, dumping the boot rom would grant us the last NCCH, which would grant us the ability to fully encrypt and decrypt NANDs.

    Also, if there was any vulnerability in the bootloader, it would grant us full system access a lot easier than a9lh.
     
  12. Biff627

    Biff627 GBAtemp Maniac

    Member
    1,063
    378
    Aug 15, 2015
    United States
    Damn i wish this was real.... Fuckin april 1st jokes
     
    Bubsy Bobcat likes this.
  13. williamdabastrd

    williamdabastrd GBAtemp Regular

    Member
    105
    24
    Apr 10, 2010
    United States
    Ohio
    Wow, this works nicely! :)
     
    Supster131 likes this.
  14. Psi-hate

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,646
    1,046
    Dec 14, 2014
    United States
    Houston
    Nah it's real. I beta tested it a bunch of times. It has a few unsuccessful dumps, but you just need to keep trying.
     
    Supster131 likes this.
  15. Faru

    Faru GBAtemp Regular

    Member
    148
    68
    Nov 13, 2015
    United States
    Regardless if this is an April Fools joke or not, I'm downloading this shit anyway!

    I wonder what we could do with this..
     
  16. LinkSoraZelda

    LinkSoraZelda GBAtemp Advanced Maniac

    Member
    1,980
    625
    Aug 12, 2015
    United States
    Land of the Rising Orange
    Hey! It works! I'm going insane!
     
    Supster131 likes this.
  17. ShadowOne333

    ShadowOne333 GBAtemp Guru

    Member
    7,068
    4,476
    Jan 17, 2013
    Mexico
    RickRoll dumper.

    Why can't we use it without A9?
    And what consoles is it working for?
    This looks fishy...
     
  18. GraFfiX420

    GraFfiX420 GBAtemp Regular

    Member
    151
    43
    Oct 14, 2009
    United States
    Me too, I literally just shit myself!
     
  19. Psi-hate

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,646
    1,046
    Dec 14, 2014
    United States
    Houston
    You need a9lh because any later point blocks access to the bootrom.
     
    Noroxus, PokeAcer and Supster131 like this.
  20. Biff627

    Biff627 GBAtemp Maniac

    Member
    1,063
    378
    Aug 15, 2015
    United States
    If someone actually tests this please let me know...