SD card corrupted. No backups - on updated sysnand with Luma.

Discussion in '3DS - Flashcards & Custom Firmwares' started by astrangeone, Sep 13, 2016.

  1. astrangeone
    OP

    astrangeone GBAtemp Addict

    Member
    2,026
    586
    Dec 1, 2009
    Canada
    Canada
    I was just attempting a DSiWare downgrade on a new Nintendo 3DS XL, and my card corrupted while putting on the public.sav. I put everything back onto a fresh micro SD - armloaderhax.bin, luma folders, and even put Hourglass9 back into place.

    Hourglass9 is not working. Even renamed to y_Hourglass9.bin doesn't work.

    What am I missing?
     
  2. Hayato213

    Hayato213 GBAtemp Regular

    Member
    115
    16
    Dec 26, 2015
    United States
    Try decrypt9, but I'm guessing it won't boot since your are also missing your OTP file
     
    Last edited by Hayato213, Sep 13, 2016
  3. astrangeone
    OP

    astrangeone GBAtemp Addict

    Member
    2,026
    586
    Dec 1, 2009
    Canada
    Canada
    Ah, I have the OTP file on a DVD-R I burnt. It's habit. That's what I need to make it work?

    Just tested - doesn't seem to work. I'm going to redownload Hourglass9 and reinstall it.
     
    Last edited by astrangeone, Sep 13, 2016
  4. Hayato213

    Hayato213 GBAtemp Regular

    Member
    115
    16
    Dec 26, 2015
    United States
    Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
    The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the arm9loader does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the arm9loader to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
    I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)
    Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.


    This explain why you need OTP for for A9LH, it is someone else explanation not mine btw, as long you have all the necessary required file then your system can boot
     
  5. astrangeone
    OP

    astrangeone GBAtemp Addict

    Member
    2,026
    586
    Dec 1, 2009
    Canada
    Canada

    Thanks, and I knew all that. My system is booting fine, and I'm going to do the DSiWare transfer tomorrow for a friend, but I just wanted to make a backup of my NAND before hand - otherwise I'm stuck reinjecting fbi to h&s.
     
  6. Hayato213

    Hayato213 GBAtemp Regular

    Member
    115
    16
    Dec 26, 2015
    United States
    You are welcome and Im glad you fixed your 3ds

    — Posts automatically merged - Please don't double post! —

    Remember to backup your SD card without the games to your computer as backup.