Hacking SD card corrupted. No backups - on updated sysnand with Luma.

astrangeone

Well-Known Member
OP
Member
Joined
Dec 1, 2009
Messages
2,228
Trophies
0
Age
40
Location
Canada
Website
www.shophandmade.com
XP
1,326
Country
Canada
I was just attempting a DSiWare downgrade on a new Nintendo 3DS XL, and my card corrupted while putting on the public.sav. I put everything back onto a fresh micro SD - armloaderhax.bin, luma folders, and even put Hourglass9 back into place.

Hourglass9 is not working. Even renamed to y_Hourglass9.bin doesn't work.

What am I missing?
 

Hayato213

Newcomer
Member
Joined
Dec 26, 2015
Messages
20,163
Trophies
1
XP
21,456
Country
United States
Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the arm9loader does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the arm9loader to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)
Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.


This explain why you need OTP for for A9LH, it is someone else explanation not mine btw, as long you have all the necessary required file then your system can boot
 

astrangeone

Well-Known Member
OP
Member
Joined
Dec 1, 2009
Messages
2,228
Trophies
0
Age
40
Location
Canada
Website
www.shophandmade.com
XP
1,326
Country
Canada
Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the arm9loader does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the arm9loader to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)


Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.


This explain why you need OTP for for A9LH, it is someone else explanation not mine btw, as long you have all the necessary required file then your system can boot


Thanks, and I knew all that. My system is booting fine, and I'm going to do the DSiWare transfer tomorrow for a friend, but I just wanted to make a backup of my NAND before hand - otherwise I'm stuck reinjecting fbi to h&s.
 

Hayato213

Newcomer
Member
Joined
Dec 26, 2015
Messages
20,163
Trophies
1
XP
21,456
Country
United States
Thanks, and I knew all that. My system is booting fine, and I'm going to do the DSiWare transfer tomorrow for a friend, but I just wanted to make a backup of my NAND before hand - otherwise I'm stuck reinjecting fbi to h&s.

You are welcome and Im glad you fixed your 3ds

--------------------- MERGED ---------------------------

Remember to backup your SD card without the games to your computer as backup.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    I haven't been upgraded to village hoe yet
  • PandaPandel @ PandaPandel:
    thats a shame
  • K3Nv2 @ K3Nv2:
    It's one of the finest honors at temp
  • Vulpeka @ Vulpeka:
    I was here in 2008
  • PandaPandel @ PandaPandel:
    says you joined 2009
  • Vulpeka @ Vulpeka:
    Yeah
    after i got my acecard i joined
  • Vulpeka @ Vulpeka:
    Lurking
  • Vulpeka @ Vulpeka:
    At least we are busier than gamefaqs
  • PandaPandel @ PandaPandel:
    this place def has enough people on it that it feelscozy
  • Vulpeka @ Vulpeka:
    Development. For my nintendos wiiu and 3ds is great all the stuff in the ds days was great
  • Vulpeka @ Vulpeka:
    i am happy to see this as an active home for projects
  • K3Nv2 @ K3Nv2:
    #10YearGang
  • Vulpeka @ Vulpeka:
    On game faqs i have a 2006 account
  • Vulpeka @ Vulpeka:
    Here i should have joined earlier
  • K3Nv2 @ K3Nv2:
    Funny how people argue that social media destroyed message boards then I show them temp
  • Vulpeka @ Vulpeka:
    I miss skulltag
  • Vulpeka @ Vulpeka:
    Some fourms died with the project
  • Vulpeka @ Vulpeka:
    Skulltag was an online doom source port based on zdoom it was extremely fun
  • K3Nv2 @ K3Nv2:
    Generally forums that had rules longer than the Bible died people don't want a strict website on the internet they wanna look at boobs and pirate Nintendo games
    +1
  • Vulpeka @ Vulpeka:
    or drama and bad moderators lol
  • K3Nv2 @ K3Nv2:
    Reddit is basically the new message boards
  • PandaPandel @ PandaPandel:
    i am a simple girl all i want is booba and nintendo
  • Vulpeka @ Vulpeka:
    reddit is terrible
  • PandaPandel @ PandaPandel:
    reddit is cheeks
  • K3Nv2 @ K3Nv2:
    @PandaPandel, I got man boobs :creep:
    K3Nv2 @ K3Nv2: @PandaPandel, I got man boobs :creep: