[RELEASE] OTPHelper - OTP dumping & downgrade helper

Discussion in '3DS - Homebrew Development and Emulators' started by d0k3, Mar 1, 2016.

  1. d0k3
    OP

    d0k3 3DS Homebrew Legend

    Member
    2,641
    2,654
    Dec 3, 2004
    Gambia, The
    OTPHelper is a small tool designed for helping with the downgrade and OTP dumping processing. OTPHelper won't handle the process alone (that's not even possible), but it will help to make downgrading and OTP dumping simpler, more streamlined and more safe. Use this tool in conjunction with @Plailect's guide.

    snap069.png snap071.png

    Source code: https://github.com/d0k3/OTPHelper
    Binaries: https://github.com/d0k3/OTPHelper/releases
    Last Stable Version: https://github.com/d0k3/OTPHelper/releases/tag/v0.85



    FEATURES:

    OTPHelper aims to simplify these processes, as described in Plailects guide.
    • Actual dumping of the OTP.bin (0x100 or 0x108, only on FW < 3.0) included for convenience. Not shown in the screenshots, this is in the ARM9.bin.
    • Generate OTP0x108.bin from OTP.bin (on FW 9.0+), if you forgot getting that file the first time around.
    • Unbricking the FW 2.1 EmuNAND (N3DS only). This does, in one step, what would otherwise require: two NAND XORpads, the emuNAND_bricked.bin backup on your PC, 3DSFAT16Tool, hex-editing the header of the emuNAND_bricked.bin and writing back the fixed emuNAND_bricked.bin backup via Decrypt9WIP. So, much faster.
    • Includes EmuNAND/SysNAND Backup&Restore, CTRNAND Dump&Inject, FIRM Dump&Inject and Padgen features from Decrypt9WIP for convenience.
    • Multiple safety clamps in place to make this as safe as possible.
    • Various options to restore your SysNAND to working order in case something goes wrong.
    If you're going to try this, make sure you read everything below, give us feedback, and also vote here!


    WARNING:

    No use in beating around the bush, stuff like this is dangerous by nature and there will never be complete safety. There are bricked consoles, and you may even encounter one if you did nothing wrong. I am not responsible for any problems caused by this and I'm still recommending a NANDmod to everyone doing the whole downgrade process. Keep in mind that this is based on bugs and holes in Nintendos own FW and that nobody is perfect.


    HOW SAFE IS THIS?
    You read the warning above? Good! As of now, there are no known issues with 0.71 (I'll update if anything comes up) and we get only positive feedback. Furthermore, v0.71 (compared to v0.5) adds multiple safety checks that prevent typical user mistakes, so this version protects you from yourself, too. This is safer than it ever was and has been tested succesfully by several people, but, regardless of OTPHelper version and/or downgrading method: Bricks are still not impossible. This gist of this: If you cannot afford or do a hardmod yourself and/or if a brick of your 3DS would be your absolute worst nightmare - don't do it, it is not worth it for you. Everyone who can live with the risk (which *might* be pretty small by now), go ahead.


    TESTER CREDITS:
    Thank these fearless people:
     
    Last edited by d0k3, Apr 5, 2016
  2. Naked_Snake

    Naked_Snake Constant Miscreant

    Member
    1,146
    292
    Oct 6, 2013
    Hyrule Field
    If I hadn't of already dumped mine this would have been beautiful 2 weeks ago lol
     
    Harvest God likes this.
  3. Keizel

    Keizel GBAtemp Fan

    Member
    361
    111
    Jun 28, 2015
    Very useful, thanks @d0k3
     
  4. DjoeN

    DjoeN Captain Haddock!

    Member
    5,194
    1,498
    Oct 21, 2005
    Belgium
    Somewhere in this potatoland!
    Great to see easier tools for helping to get OTP, Still i hope for you ppl with hardmods will test this for you!
     
  5. Februarysn0w

    Februarysn0w School Idol Festival

    Member
    1,205
    518
    Oct 31, 2014
    Mino city Osaka
    thank you for your NICE releae. This is useful to install arm9haxloader to new console.

    by the way you looks professional about nand and emunand, so I really want to ask you this question.
    Can I restore emunand backup to sysnand? Are there any difference bfw both nand dump image?
     
    Last edited by Februarysn0w, Mar 1, 2016
  6. MajinCubyan

    MajinCubyan The Funky Super Saiyan

    Member
    GBAtemp Patron
    MajinCubyan is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    591
    949
    Nov 24, 2014
    United States
    Orre
    Great job, if only I had waited til today I could try this on my n3ds. But I have two o3ds that I will test this on and let you know how it goes.
     
  7. DeathChaos25

    DeathChaos25 Unmei wo kaeru!

    Member
    1,306
    668
    Oct 21, 2015
    This is amazing, I'll tag this for when I get my O3DS XL back from hardmodding and attempt to dump my OTP.
     
  8. d0k3
    OP

    d0k3 3DS Homebrew Legend

    Member
    2,641
    2,654
    Dec 3, 2004
    Gambia, The
    Let me know how it goes. This tool will be a lot more helpful for N3DS, though, as it streamlines some stuff that would otherwise be a pain to do manually.
     
    Sev501 and MajinCubyan like this.
  9. Just Passing By

    Just Passing By GBAtemp Advanced Maniac

    Member
    1,562
    594
    Jan 3, 2016
    United States
    Nice job. It's a simple tool, but it gets the job done. I'd help test but I don't have a hardmod :(
     
  10. d0k3
    OP

    d0k3 3DS Homebrew Legend

    Member
    2,641
    2,654
    Dec 3, 2004
    Gambia, The
    I can't give you a 100% safe reply for that, that depends on what you did with your EmuNAND before. Normally, if you didn't do any modifications to it, it should be safe to inject a EmuNAND dump over SysNAND. Don't do this if you have no other means of going back (NANDmod, A9LH) though.
     
    Sev501 and Februarysn0w like this.
  11. capito27

    capito27 GBAtemp Advanced Fan

    Member
    873
    1,006
    Jan 19, 2015
    Swaziland
    well, you get a softbrick from going to O3DS 7.X home menu on N3DS (simply the menu asks you to discover miiverse but fails miserably and prevents you to start any application, a reboot doesn't fix it) and going any higher than 8.0 O3DS included produces a hardbrick on N3DS, so you can't even run the arm9 payload to switch keyslot crypto at all. hope this helps
     
  12. d0k3
    OP

    d0k3 3DS Homebrew Legend

    Member
    2,641
    2,654
    Dec 3, 2004
    Gambia, The
    Understood, that means the option to switch back the crypto to slot 0x5 is useless, and so is the option to inject the N3DS header. Will think about removing these two. They might still be useful for fixing mistakes, though.
     
  13. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    So, I'm going back down to 2.1 to test, but looking through the repo, it seems the framebuffer addresses are incompatible with the browser exploit for 2.1... it'd probably be a good idea to check somehow (maybe check crypto stuff since it doesn't work on 2.x) which version the person is on, and adapt the framebuffer to there... if you need the addresses

    #define TOP_SCREEN0 (u8*)(0x181E6000)
    #define TOP_SCREEN1 (u8*)(0x18273000)
    #define BOT_SCREEN0 (u8*)(0x1848F000)
    #define BOT_SCREEN1 (u8*)(0x184C7800)

    otherwise the otp dump options are kinda useless
     
    Last edited by dark_samus3, Mar 1, 2016
  14. TR_mahmutpek

    TR_mahmutpek GBAtemp Advanced Fan

    Member
    637
    134
    Jul 28, 2015
    Good work. I will try it if it reach stable. Very thanks :)
     
  15. d0k3
    OP

    d0k3 3DS Homebrew Legend

    Member
    2,641
    2,654
    Dec 3, 2004
    Gambia, The
    Alright, thanks. I'm unsure about how to test crypto stuff, though.... Any other ideas on how to find out safely if we're on 2.1?
    Another idea would be to use these framebuffers for the GW Launcher.dat only. As I understand, the GW Launcher.dat is the only payload working on 2.1 & the GW Launcher.dat is also pretty much useless on more recent FW versions. Correct?
     
  16. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    actually the gateway.dat doesn't work from 2.1 (I had some bad info from someone else) but there is a spider exploit for 2.x called 2xrsa: https://github.com/b1l1s/2xrsa which needs those framebuffers to work...
     
  17. Swiftloke

    Swiftloke Hwaaaa!

    Member
    1,770
    1,520
    Jan 26, 2015
    United States
    Nowhere
    Saw this in github, was wondering when I'd come out, features etc. Good job! I'll test the OTP dumper on my o3ds.
    Wait, what's the emuNAND header got to do with al9h on o3ds?
     
    Last edited by Swiftloke, Mar 1, 2016
  18. d0k3
    OP

    d0k3 3DS Homebrew Legend

    Member
    2,641
    2,654
    Dec 3, 2004
    Gambia, The
    Does that load the .bin or the .dat? I will find some way of correctly setting the framebuffers, will need to think it over, though.
     
  19. dark_samus3

    dark_samus3 GBAtemp Addict

    Member
    2,326
    1,728
    May 30, 2015
    United States
    the .bin... no other changes are needed, just framebuffers :)
     
  20. Plailect

    Plailect GBAtemp Advanced Fan

    Member
    516
    1,222
    Jan 30, 2016
    United States
    Once it's working and confirmed stable this will be exactly what the community needs. The OTP guide can be made easier than ever, and perhaps after that a9lhax can be made the new standard.
     
    CeeDee, Sev501, daxtsu and 4 others like this.