1. d0k3

    OP d0k3 3DS Homebrew Legend
    Member

    Joined:
    Dec 3, 2004
    Messages:
    2,781
    Country:
    Germany
    OTPHelper is a small tool designed for helping with the downgrade and OTP dumping processing. OTPHelper won't handle the process alone (that's not even possible), but it will help to make downgrading and OTP dumping simpler, more streamlined and more safe. Use this tool in conjunction with @Plailect's guide.

    snap069.png snap071.png

    Source code: https://github.com/d0k3/OTPHelper
    Binaries: https://github.com/d0k3/OTPHelper/releases
    Last Stable Version: https://github.com/d0k3/OTPHelper/releases/tag/v0.85



    FEATURES:

    OTPHelper aims to simplify these processes, as described in Plailects guide.
    • Actual dumping of the OTP.bin (0x100 or 0x108, only on FW < 3.0) included for convenience. Not shown in the screenshots, this is in the ARM9.bin.
    • Generate OTP0x108.bin from OTP.bin (on FW 9.0+), if you forgot getting that file the first time around.
    • Unbricking the FW 2.1 EmuNAND (N3DS only). This does, in one step, what would otherwise require: two NAND XORpads, the emuNAND_bricked.bin backup on your PC, 3DSFAT16Tool, hex-editing the header of the emuNAND_bricked.bin and writing back the fixed emuNAND_bricked.bin backup via Decrypt9WIP. So, much faster.
    • Includes EmuNAND/SysNAND Backup&Restore, CTRNAND Dump&Inject, FIRM Dump&Inject and Padgen features from Decrypt9WIP for convenience.
    • Multiple safety clamps in place to make this as safe as possible.
    • Various options to restore your SysNAND to working order in case something goes wrong.
    If you're going to try this, make sure you read everything below, give us feedback, and also vote here!


    WARNING:

    No use in beating around the bush, stuff like this is dangerous by nature and there will never be complete safety. There are bricked consoles, and you may even encounter one if you did nothing wrong. I am not responsible for any problems caused by this and I'm still recommending a NANDmod to everyone doing the whole downgrade process. Keep in mind that this is based on bugs and holes in Nintendos own FW and that nobody is perfect.


    HOW SAFE IS THIS?
    You read the warning above? Good! As of now, there are no known issues with 0.71 (I'll update if anything comes up) and we get only positive feedback. Furthermore, v0.71 (compared to v0.5) adds multiple safety checks that prevent typical user mistakes, so this version protects you from yourself, too. This is safer than it ever was and has been tested succesfully by several people, but, regardless of OTPHelper version and/or downgrading method: Bricks are still not impossible. This gist of this: If you cannot afford or do a hardmod yourself and/or if a brick of your 3DS would be your absolute worst nightmare - don't do it, it is not worth it for you. Everyone who can live with the risk (which *might* be pretty small by now), go ahead.


    TESTER CREDITS:
    Thank these fearless people:
     
    Last edited by d0k3, Apr 5, 2016
  2. Naked_Snake

    Naked_Snake Constant Miscreant
    Member

    Joined:
    Oct 6, 2013
    Messages:
    1,747
    Country:
    Australia
    If I hadn't of already dumped mine this would have been beautiful 2 weeks ago lol
     
    Harvest God likes this.
  3. Keizel

    Keizel GBAtemp Fan
    Member

    Joined:
    Jun 28, 2015
    Messages:
    381
    Country:
    United States
    Very useful, thanks @d0k3
     
  4. DjoeN

    DjoeN Captain Haddock!
    Member

    Joined:
    Oct 21, 2005
    Messages:
    5,463
    Country:
    Belgium
    Great to see easier tools for helping to get OTP, Still i hope for you ppl with hardmods will test this for you!
     
  5. Februarysn0w

    Februarysn0w GBAtemp Maniac
    Member

    Joined:
    Oct 31, 2014
    Messages:
    1,205
    Country:
    Japan
    thank you for your NICE releae. This is useful to install arm9haxloader to new console.

    by the way you looks professional about nand and emunand, so I really want to ask you this question.
    Can I restore emunand backup to sysnand? Are there any difference bfw both nand dump image?
     
    Last edited by Februarysn0w, Mar 1, 2016
  6. MajinCubyan

    MajinCubyan The Funky Super Saiyan
    Member

    Joined:
    Nov 24, 2014
    Messages:
    687
    Country:
    United States
    Great job, if only I had waited til today I could try this on my n3ds. But I have two o3ds that I will test this on and let you know how it goes.
     
  7. DeathChaos25

    DeathChaos25 Unmei wo kaeru!
    Member

    Joined:
    Oct 21, 2015
    Messages:
    1,329
    Country:
    This is amazing, I'll tag this for when I get my O3DS XL back from hardmodding and attempt to dump my OTP.
     
  8. d0k3

    OP d0k3 3DS Homebrew Legend
    Member

    Joined:
    Dec 3, 2004
    Messages:
    2,781
    Country:
    Germany
    Let me know how it goes. This tool will be a lot more helpful for N3DS, though, as it streamlines some stuff that would otherwise be a pain to do manually.
     
    Sev501 and MajinCubyan like this.
  9. Just Passing By

    Just Passing By GBAtemp Advanced Maniac
    Member

    Joined:
    Jan 3, 2016
    Messages:
    1,563
    Country:
    United States
    Nice job. It's a simple tool, but it gets the job done. I'd help test but I don't have a hardmod :(
     
  10. d0k3

    OP d0k3 3DS Homebrew Legend
    Member

    Joined:
    Dec 3, 2004
    Messages:
    2,781
    Country:
    Germany
    I can't give you a 100% safe reply for that, that depends on what you did with your EmuNAND before. Normally, if you didn't do any modifications to it, it should be safe to inject a EmuNAND dump over SysNAND. Don't do this if you have no other means of going back (NANDmod, A9LH) though.
     
    Sev501 and Februarysn0w like this.
  11. capito27

    capito27 GBAtemp Advanced Fan
    Member

    Joined:
    Jan 19, 2015
    Messages:
    874
    Country:
    Swaziland
    well, you get a softbrick from going to O3DS 7.X home menu on N3DS (simply the menu asks you to discover miiverse but fails miserably and prevents you to start any application, a reboot doesn't fix it) and going any higher than 8.0 O3DS included produces a hardbrick on N3DS, so you can't even run the arm9 payload to switch keyslot crypto at all. hope this helps
     
  12. d0k3

    OP d0k3 3DS Homebrew Legend
    Member

    Joined:
    Dec 3, 2004
    Messages:
    2,781
    Country:
    Germany
    Understood, that means the option to switch back the crypto to slot 0x5 is useless, and so is the option to inject the N3DS header. Will think about removing these two. They might still be useful for fixing mistakes, though.
     
  13. dark_samus3

    dark_samus3 GBAtemp Addict
    Member

    Joined:
    May 30, 2015
    Messages:
    2,372
    Country:
    United States
    So, I'm going back down to 2.1 to test, but looking through the repo, it seems the framebuffer addresses are incompatible with the browser exploit for 2.1... it'd probably be a good idea to check somehow (maybe check crypto stuff since it doesn't work on 2.x) which version the person is on, and adapt the framebuffer to there... if you need the addresses

    #define TOP_SCREEN0 (u8*)(0x181E6000)
    #define TOP_SCREEN1 (u8*)(0x18273000)
    #define BOT_SCREEN0 (u8*)(0x1848F000)
    #define BOT_SCREEN1 (u8*)(0x184C7800)

    otherwise the otp dump options are kinda useless
     
    Last edited by dark_samus3, Mar 1, 2016
  14. TR_mahmutpek

    TR_mahmutpek medic
    Member

    Joined:
    Jul 28, 2015
    Messages:
    1,310
    Country:
    Turkey
    Good work. I will try it if it reach stable. Very thanks :)
     
  15. d0k3

    OP d0k3 3DS Homebrew Legend
    Member

    Joined:
    Dec 3, 2004
    Messages:
    2,781
    Country:
    Germany
    Alright, thanks. I'm unsure about how to test crypto stuff, though.... Any other ideas on how to find out safely if we're on 2.1?
    Another idea would be to use these framebuffers for the GW Launcher.dat only. As I understand, the GW Launcher.dat is the only payload working on 2.1 & the GW Launcher.dat is also pretty much useless on more recent FW versions. Correct?
     
  16. dark_samus3

    dark_samus3 GBAtemp Addict
    Member

    Joined:
    May 30, 2015
    Messages:
    2,372
    Country:
    United States
    actually the gateway.dat doesn't work from 2.1 (I had some bad info from someone else) but there is a spider exploit for 2.x called 2xrsa: https://github.com/b1l1s/2xrsa which needs those framebuffers to work...
     
  17. Swiftloke

    Swiftloke Hwaaaa!
    Member

    Joined:
    Jan 26, 2015
    Messages:
    1,770
    Country:
    United States
    Saw this in github, was wondering when I'd come out, features etc. Good job! I'll test the OTP dumper on my o3ds.
    Wait, what's the emuNAND header got to do with al9h on o3ds?
     
    Last edited by Swiftloke, Mar 1, 2016
  18. d0k3

    OP d0k3 3DS Homebrew Legend
    Member

    Joined:
    Dec 3, 2004
    Messages:
    2,781
    Country:
    Germany
    Does that load the .bin or the .dat? I will find some way of correctly setting the framebuffers, will need to think it over, though.
     
  19. dark_samus3

    dark_samus3 GBAtemp Addict
    Member

    Joined:
    May 30, 2015
    Messages:
    2,372
    Country:
    United States
    the .bin... no other changes are needed, just framebuffers :)
     
  20. Plailect

    Plailect GBAtemp Advanced Fan
    Member

    Joined:
    Jan 30, 2016
    Messages:
    546
    Country:
    United States
    Once it's working and confirmed stable this will be exactly what the community needs. The OTP guide can be made easier than ever, and perhaps after that a9lhax can be made the new standard.
     
    CeeDee, Sev501, daxtsu and 4 others like this.
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - [RELEASE], OTPHelper, downgrade