Homebrew safefirmraunchhax - new Arm9 exploit discussion

Does the exploit work for you?

  • Total voters
    48
SRKTiberious

SRKTiberious

Well-Known Member
Member
Level 4
Joined
Sep 4, 2014
Messages
240
Trophies
0
Age
41
XP
404
Country
United States
gamemasteru03 said:
So I guess 9.2 is dead and 11.2 is the new heaven.
Click to expand...
Since we were only using 9.2 for access to ARM9, this is to be expected.

Similarly, we only go to 2.1 for dumping the OTP. If there were any way to get that data without being on such an old firmware, then the 2.1 downgrade method would be obsolete as well, and we'd be able to simply install A9LH from 11.2.

See, the guide's core goals are, in order:
  1. Retrieve OTP data (unique to each console, which is why there's the big red warning about bricking with other OTPs)
  2. Use OTP and access to install A9LH
Any other steps taken, such as ARM11 access, are done in pursuit of the first goal not yet completed. This is also why the DSiWare games were important. DS mode has full ARM9 access, so getting an exploit to run code in that environment was crucial, since you need ARM9 to install 2.1 firmware, allowing us to get the OTP easily. Now, of course, we can just safehax and get ARM9 access that way.

Naturally, if there happened to be some kind of exploit found to break the permissions and dump OTP anyway on whatever firmware, then that would be what we'd CTRTransfer to, or if it happened to be on 11.2, then there could be a single app to dump OTP and then install A9LH.
 
  • Like
Reactions: EthanAddict
Soulsilve2010

Soulsilve2010

Well-Known Member
Member
Level 6
Joined
Sep 3, 2016
Messages
397
Trophies
0
Location
United States,Indiana
XP
917
Country
United States
julialy said:
There is probably something wrong with your computer.
I would suggest you would try another computer.
Click to expand...

I have been having some issues with my laptops wireless lately.I redownloaded again,gonna try one more time.

Edit:I ran my pcs drive repair on my sd card and now the files can be copied.So it was really an issue with my sd cards file system.
 
Last edited by Soulsilve2010,
E

Elaugaufein

Well-Known Member
Member
Level 4
Joined
Jan 26, 2010
Messages
220
Trophies
0
XP
396
Country
Most people on N3DS 11.2 don't even really need to go to 2.1 now really they could do OTPless a9lh albeit with a tiny brick risk. They could then dump the OTP with SigHax when / if it comes out for the small handful of stuff that's useful for.
 
uyjulian

uyjulian

Homebrewer
OP
Member
Level 13
Joined
Nov 26, 2012
Messages
2,567
Trophies
2
Location
United States
Website
sites.google.com
XP
3,893
Country
United States
SRKTiberious said:
Since we were only using 9.2 for access to ARM9, this is to be expected.

Similarly, we only go to 2.1 for dumping the OTP. If there were any way to get that data without being on such an old firmware, then the 2.1 downgrade method would be obsolete as well, and we'd be able to simply install A9LH from 11.2.

See, the guide's core goals are, in order:
  1. Retrieve OTP data (unique to each console, which is why there's the big red warning about bricking with other OTPs)
  2. Use OTP and access to install A9LH
Any other steps taken, such as ARM11 access, are done in pursuit of the first goal not yet completed. This is also why the DSiWare games were important. DS mode has full ARM9 access, so getting an exploit to run code in that environment was crucial, since you need ARM9 to install 2.1 firmware, allowing us to get the OTP easily. Now, of course, we can just safehax and get ARM9 access that way.

Naturally, if there happened to be some kind of exploit found to break the permissions and dump OTP anyway on whatever firmware, then that would be what we'd CTRTransfer to, or if it happened to be on 11.2, then there could be a single app to dump OTP and then install A9LH.
Click to expand...
If somebody dumps arm9 bootrom and releases it publicly (bootrom dumping was described at 33c3 but dumps weren't released), we wouldn't need the OTP, we would just need to insert a crafted signature into our firmware that launches whatever payload we want.
That way, we can get boot-time custom firmware without downgrading; just replace firmware with custom firmware and off we go!

After stuff is figured out publically, all we would need to do is:
1. put files on SD card
2. go to Nintendo 3DS Sound, and run soundhax
3. soundhax loads fasthax
4. safefirmlaunchhax uses fasthax exploit to load an arm9 binary
5. that arm9 binary inserts the FIRM into the NAND
6. restart the 3DS

Boom, now custom firmware is installed after launching the soundhax! Few-click installation :-)
Another thing that would be nice is that FBI would be automatically installed after custom firmware is installed.
 
Last edited by uyjulian,
Bros.Life

Bros.Life

Well-Known Member
Member
Level 6
Joined
Apr 12, 2015
Messages
223
Trophies
0
XP
862
Country
Brazil
SRKTiberious said:
Since we were only using 9.2 for access to ARM9, this is to be expected.

Similarly, we only go to 2.1 for dumping the OTP. If there were any way to get that data without being on such an old firmware, then the 2.1 downgrade method would be obsolete as well, and we'd be able to simply install A9LH from 11.2.
Click to expand...

So, what would you recommend me to do? I have menuhax installed in 9.2 plus Luma CFW and EmuNand on 11.2. Everything worked and works fine so far. Do you think I need to change to the newest method? Could my hax become obsolote in the future or be patched?

Thanks
 
SRKTiberious

SRKTiberious

Well-Known Member
Member
Level 4
Joined
Sep 4, 2014
Messages
240
Trophies
0
Age
41
XP
404
Country
United States
Bruno Gava Raphael said:
So, what would you recommend me to do? I have menuhax installed in 9.2 plus Luma CFW and EmuNand on 11.2. Everything worked and works fine so far. Do you think I need to change to the newest method? Could my hax become obsolote in the future or be patched?

Thanks
Click to expand...
Personally, I wouldn't recommend anything at the moment. I haven't been on a setup like that for some time now, so I don't want to give you any advice that might brick you.

I will say, however, that the menuhax/RedNAND combination is obsolete as far as running CFW is concerned. A9LH is a single-run setup, and offers 100% boot rate and faster boot times (due to being SysNAND-based), and can be updated at will, as an A9LH Luma3DS setup will block overwriting A9LH during the process.

You could, though it might be redundant, even continue to run a RedNAND even with A9LH, and up until just recently, I did just that.
 
Xiphiidae

Xiphiidae

Member
Level 9
Joined
Sep 13, 2009
Messages
2,107
Trophies
1
XP
1,684
Country
Australia
shchmue said:
been having no luck with waithax and safehax even on the newest builds but just tried this safehax with fasthax re-integrated and it didn't work either
UNTIL
i used oot3dhax instead of soundhax then it worked first try! on 11.0.0-33U
Click to expand...
Same here. Switched to oot3dhax (*hax 2.7) and it worked first try.
 
  • Like
Reactions: shchmue

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://www.youtube.com/watch?v=HHNH5pnioQk