Homebrew [Release] Luma3DS mod to "unban" a console with 022-2812

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
All of the credits go to the main developers of Luma3DS CFW, of course.

So I made a little mod for Luma3DS that effectively allows you to "unban" a console that has been banned with a 022-2812 error. Whether that be the Sun and Moon stuff years ago or whatever else, it should do the trick. The caveat: it requires another console of the same region/model to spoof. If by some chance you have one, keep reading!

The mod requires a decrypted OTP dump from an unbanned 3DS. The mod spoofs the CTCert that lies in the console's OTP. Normally, you can't change the CTCert as its burned onto the SoC (AFAIK), but boot9 loads the decrypted OTP into the ITCM. So while you can't modify the OTP, you can just modify the contents of the ITCM every time the console boots up. That's what the payload does. It reads a decrypted OTP dump from /luma/otp.bin, and loads the relevant fields into the ITCM every boot, essentially spoofing the other console's CTCert.

Here's the repo link: https://github.com/truedread/Luma3DS

Let me know if you guys find any bugs!

Usage Steps
  1. You must unlink the NNID from the banned 3DS. Unfortunately, this will invalidate the tickets of legitimate purchases, but if you got banned this way do you even care? (Psst...regenerate the tickets after unlinking)
  2. To unlink the NNID without formatting, use Plailect's GM9 script
  3. Dump the encrypted OTP from the unbanned console (boot9strap users: hold Start + Select + X on boot to dump to /boot9strap/ directory)
  4. Decrypt the encrypted OTP with otptool or my Python script
  5. On the banned 3DS, copy the unbanned decrypted OTP to /luma/otp.bin
  6. Either download the compiled boot.firm attached or compile it yourself and place it on the banned 3DS's root directory, overwriting the old Luma3DS boot.firm
  7. That's it!
Notes
  • If otp.bin doesn't exist, the 3DS will boot normally, so be careful!
  • There's a bug that I found which prevents me from loading GodMode9 through the Luma3DS chainloader. But, reverting to GM9 1.8.0 fixed it. Not sure what the issue is.
  • I am not responsible for any damage caused to your console. You banned it, you're responsible.

EDIT: For people that have issues compiling otptool or that don't have access to a Unix machine, I made a quick little Python script that decrypts the OTP the same way: https://gist.github.com/truedread/01c48e0b0ab804c27e6a611c65e1f04a.

It requires Python 3 as well as the library pycryptodomex. Once installed, run "python otp.py -i ENCRYPTED_OTP.bin -o DECRYPTED_OTP.bin" and you should be good to go!
 

Attachments

  • boot.firm.zip
    156.2 KB · Views: 296
Last edited by truedread,

E1ite007

Weird avatar guy
Member
Joined
Nov 19, 2016
Messages
959
Trophies
0
Website
ughax.tk
XP
2,060
Country
Mexico
Wait, what?
So... can we unban 3DS' from any ban type in existence?
Also, I would love to test this, but I don't have any banned console anymore, and the only ban I had was the 002-0102 type. I could try to get one of my test consoles banned, but I don't know if we can get this type of ban anymore 'cause... well, Nintendo is pullin' the 3DS' plug.
 
Last edited by E1ite007,

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
Wait, what?
So... can we unban 3DS' from any ban type in existence?
Also, I would love to test this, but I don't have any banned console anymore, and the only ban I had was the 002-0102 type. I could try to get one of my test consoles banned, but I don't know if we can get this type of ban anymore 'cause... well, Nintendo is pullin' the 3DS' plug.

Yeah, part of the reason why I thought it was okay to post something like this is that the 3DS is almost EOL. As for 002-0102, it should work for it as well since this mod treats your banned console like an entirely new console (it might be overkill bc AFAIK there are other methods that don't require spoofing another console's entire identity).
 
  • Like
Reactions: E1ite007

E1ite007

Weird avatar guy
Member
Joined
Nov 19, 2016
Messages
959
Trophies
0
Website
ughax.tk
XP
2,060
Country
Mexico
Yeah, part of the reason why I thought it was okay to post something like this is that the 3DS is almost EOL. As for 002-0102, it should work for it as well since this mod treats your banned console like an entirely new console (it might be overkill bc AFAIK there are other methods that don't require spoofing another console's entire identity).
Nice, but 002-0102 bans are easy (in theory) to solve.
Anyway, having this huge step towards a kinda open-environment on the 3DS where we can practically make this kind of things... it's pretty, pretty neat.
 

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
Nice, but 002-0102 bans are easy (in theory) to solve.
Anyway, having this huge step towards a kinda open-environment on the 3DS where we can practically make this kind of things... it's pretty, pretty neat.

Exactly, which is why it's only really meant for 022-2812 bans in my opinion. The only problem is, you need an unbanned 3DS to do this :/ If you buy another 3DS to unban your current one, why not just use the one you bought as your main? For me, it comes down to the fact that I would have to reinstall all of my games, saves, themes, and then start using it. Even then, my personal banned 3DS was a special edition that I really liked. I didn't want to throw it away.

I would like someone to test spoofing an old 3DS's OTP on a new 3DS. I'm almost positive it won't work, as it is a device model mismatch, but it would be interesting to see. Another thing I would like to see tested is the same unbanned OTP on multiple consoles. Logically, that certificate would probably get banned. But if Nintendo just stopped caring, then we could use this to actually unban 3DS's for free!
 
  • Like
Reactions: E1ite007

E1ite007

Weird avatar guy
Member
Joined
Nov 19, 2016
Messages
959
Trophies
0
Website
ughax.tk
XP
2,060
Country
Mexico
Exactly, which is why it's only really meant for 022-2812 bans in my opinion. The only problem is, you need an unbanned 3DS to do this :/ If you buy another 3DS to unban your current one, why not just use the one you bought as your main? For me, it comes down to the fact that I would have to reinstall all of my games, saves, themes, and then start using it. Even then, my personal banned 3DS was a special edition that I really liked. I didn't want to throw it away.

I would like someone to test spoofing an old 3DS's OTP on a new 3DS. I'm almost positive it won't work, as it is a device model mismatch, but it would be interesting to see. Another thing I would like to see tested is the same unbanned OTP on multiple consoles. Logically, that certificate would probably get banned. But if Nintendo just stopped caring, then we could use this to actually unban 3DS's for free!
It has to be from an unused console? Or can we use on multiple consoles the same CTCert file?
'Cause if we can use the same CTCert on multiple consoles, we could make it like in the old days of that iso site where you could find multiple LocalFriendCodeSeed_B files to use and all would work fine.
 

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
It has to be from an unused console? Or can we use on multiple consoles the same CTCert file?
'Cause if we can use the same CTCert on multiple consoles, we could make it like in the old days of that iso site where you could find multiple LocalFriendCodeSeed_B files to use and all would work fine.

Well, there's nothing stopping you from using the same CTCert on multiple consoles. However, I think if an NNID is linked to that CTCert, no more NNID's can ever be linked to it again. That's the catch. You could use the same CTCert on multiple consoles, you just gotta trust that no one that's using that CTCert registers an NNID...or else everyone else has to use that NNID.
 
  • Like
Reactions: E1ite007

cvskid

Well-Known Member
Member
Joined
Apr 13, 2014
Messages
2,760
Trophies
1
XP
2,736
Country
United States
Exactly, which is why it's only really meant for 022-2812 bans in my opinion. The only problem is, you need an unbanned 3DS to do this :/ If you buy another 3DS to unban your current one, why not just use the one you bought as your main? For me, it comes down to the fact that I would have to reinstall all of my games, saves, themes, and then start using it. Even then, my personal banned 3DS was a special edition that I really liked. I didn't want to throw it away.

I would like someone to test spoofing an old 3DS's OTP on a new 3DS. I'm almost positive it won't work, as it is a device model mismatch, but it would be interesting to see. Another thing I would like to see tested is the same unbanned OTP on multiple consoles. Logically, that certificate would probably get banned. But if Nintendo just stopped caring, then we could use this to actually unban 3DS's for free!
Can you just buy 3ds OTP's online like you can with say, ps3 console id's to unban a ps3 system?
 
  • Like
Reactions: E1ite007

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
Can you just buy 3ds OTP's online like you can with say, ps3 console id's to unban a ps3 system?

I don't see why not. You just have to trust that no one else uses that OTP, or else it'll probably get banned. And make sure you're the first one to register an NNID on that OTP.
 
  • Like
Reactions: cvskid

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
So, the whole implication of this being, that if your stupidly stuck on wanting one system, is to buy a second and still have like everything be useless as before?

Not quite. Like I said before:

[...] The only problem is, you need an unbanned 3DS to do this :/ If you buy another 3DS to unban your current one, why not just use the one you bought as your main? For me, it comes down to the fact that I would have to reinstall all of my games, saves, themes, and then start using it. Even then, my personal banned 3DS was a special edition that I really liked. I didn't want to throw it away [...]

So, there are legitimate reasons for this mod. However, it's a small niche. The only way I could see this reaching widespread public use is through this mod facilitating the selling of unbanned OTPs, like how people sell unbanned PS3 IDs. I personally use it because I stupidly got my Majora's Mask n3DS XL banned, and I had a spare n3DS non-XL. So, I threw the spare's OTP on my banned one, made a new NNID, and regenerated tickets for previous purchases. After that, it was just like nothing even happened.

Also, what do you mean by useless? I'm confused as to what you're implying.
 
Last edited by truedread,

gamemasteru03

Nintendo nerd
Member
Joined
Sep 18, 2016
Messages
1,219
Trophies
0
XP
2,205
Country
United States
All of the credits go to the main developers of Luma3DS CFW, of course.

So I made a little mod for Luma3DS that effectively allows you to "unban" a console that has been banned with a 022-2812 error. Whether that be the Sun and Moon stuff years ago or whatever else, it should do the trick. The caveat: it requires another console of the same region/model to spoof. If by some chance you have one, keep reading!

The mod requires a decrypted OTP dump from an unbanned 3DS. The mod spoofs the CTCert that lies in the console's OTP. Normally, you can't change the CTCert as its burned onto the SoC (AFAIK), but boot9 loads the decrypted OTP into the ITCM. So while you can't modify the OTP, you can just modify the contents of the ITCM every time the console boots up. That's what the payload does. It reads a decrypted OTP dump from /luma/otp.bin, and loads the relevant fields into the ITCM every boot, essentially spoofing the other console's CTCert.

Here's the repo link: https://github.com/truedread/Luma3DS

Let me know if you guys find any bugs!

Usage Steps
  1. You must unlink the NNID from the banned 3DS. Unfortunately, this will invalidate the tickets of legitimate purchases, but if you got banned this way do you even care? (Psst...regenerate the tickets after unlinking)
  2. To unlink the NNID without formatting, use Plailect's GM9 script
  3. Dump the encrypted OTP from the unbanned console (boot9strap users: hold Start + Select + X on boot to dump to /boot9strap/ directory)
  4. Decrypt the encrypted OTP (I use otptool)
  5. On the banned 3DS, copy the unbanned decrypted OTP to /luma/otp.bin
  6. Either download the compiled boot.firm attached or compile it yourself and place it on the banned 3DS's root directory, overwriting the old Luma3DS boot.firm
  7. That's it!
Notes
  • If otp.bin doesn't exist, the 3DS will boot normally, so be careful!
  • There's a bug that I found which prevents me from loading GodMode9 through the Luma3DS chainloader. But, reverting to GM9 1.8.0 fixed it. Not sure what the issue is.
  • I am not responsible for any damage caused to your console. You banned it, you're responsible.
This is pretty nice ill link to this in my unban guide. I have one question though how is this more useful / better than injecting a local friend code seed b from another console along with a modified secure info A?
 

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
This is pretty nice ill link to this in my unban guide. I have one question though how is this more useful / better than injecting a local friend code seed b from another console along with a modified secure info A?

That doesn't fully clear a 022-2812 ban. With that, you can go online but you won't be able to use any Nintendo Network features.
 

lone_wolf323

Well-Known Member
Member
Joined
May 27, 2011
Messages
4,992
Trophies
1
XP
4,044
Country
Canada
Not quite. Like I said before:



So, there are legitimate reasons for this mod. However, it's a small niche. The only way I could see this reaching widespread public use is through this mod facilitating the selling of unbanned OTPs, like how people sell unbanned PS3 IDs. I personally use it because I stupidly got my Majora's Mask n3DS XL banned, and I had a spare n3DS non-XL. So, I threw the spare's OTP on my banned one, made a new NNID, and regenerated tickets for previous purchases. After that, it was just like nothing even happened.

Also, what do you mean by useless? I'm confused as to what you're implying.
You are still with having a useless NNID to yourself. You clear out the 3ds system, yet a NNID which could of had like 100's to 1000's of dollars of purchased items now is nothing.
 

truedread

Active Member
OP
Newcomer
Joined
Apr 1, 2014
Messages
41
Trophies
0
Age
26
XP
162
Country
United States
You are still with having a useless NNID to yourself. You clear out the 3ds system, yet a NNID which could of had like 100's to 1000's of dollars of purchased items now is nothing.

The NNID is banned, so that's to be expected. When you do the mod it doesn't wipe your console, it just clears the tickets of purchased items. Those tickets can easily be regenerated on a new NNID and keep the downloads intact, save files and all. The only thing you'd lose is the legitimacy of those downloaded games, of which it doesn't really matter since the 3DS is basically EOL.
 
General chit-chat
Help Users
    KenniesNewName @ KenniesNewName: YouTube