So how did we get 10.3 EmuNAND support?

Discussion in '3DS - Flashcards & Custom Firmwares' started by Jiro2, Jan 15, 2016.

  1. Jiro2

    Jiro2 GBAtemp Advanced Fan

    Mar 28, 2011
    United States
    The "Clarification Thread - What is going on?" thread which describes all the recent findings specifically says that none of them allow greater than 9.5 EmuNAND on N3DS. Yet now we have Gateway providing it, and since other firmwares have it in progress this isn't something special that only Gateway has. Was there some additional exploit, on top of all the ones described in that thread, which allows N3DS EmuNAND? (And is this something that Nintendo could easily block for future firmwares just like they blocked greater than 9.5, or is it something that we'll probably still be able to have in the future, like EmuNAND on old 3DS?)
  2. GotKrypto67

    GotKrypto67 Web developer and more

    Jul 21, 2015
    Korea, North
    The Chamber of Kim
    The exploit was likely used to find the keys using the provided algorithm that was demoed at the talk smea and company held. Nintendo can't block it again without a new hardware revision.
    Kafke and DesuIsSparta like this.
  3. Memoir

    Memoir Just a Memory

    GBAtemp Patron
    Memoir is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jun 24, 2007
    United States
    Somewhere, over there!
    1. Gateway didn't make it possible, I'll say that tight now.

    2. Someone found a way to acquire the keys used to achieve 9.6+ emunand.
  4. Vappy

    Vappy GBAtemp Advanced Maniac

    May 23, 2012
    There are at least two vulnerabilities that can be used to dump the N3DS keys, they're both detailed here ("Uncleared OTP hash keydata in console-unique 0x11 key-generation" and "CFG_SYSPROT9 bit1 not set by Kernel9"), and no there is nothing Nintendo can do to fix this for any current N3DS.
  5. Zidapi

    Zidapi GBAtemp Psycho!

    Dec 1, 2002
    It's already been confirmed by devs that they obtained them by downgrading a new3DS (yes, I do mean new3DS) to firmware 2.0

    Firmware 3.0 and lower didn't clear the keys, so they dumped the OTP registers which provided them with the keys they needed.

    At least this is my understanding of things.

    Source: various posts littered throughout the reiNAND thread.
    MelonGx, Cortador and Memoir like this.
  6. Kibido

    Kibido GBAtemp Advanced Fan

    Apr 3, 2014
    I didn't understand jack shit of what you guys just said, but anyways...

    wohoo emu 10.3! ⸜₍๑•⌔•๑ ₎⸝
    zoogie and Aman27deep like this.
  7. Thirty3Three

    Thirty3Three Musician Member

    Mar 22, 2013
    United States
    Wherever you want me, baby.
    The New NEW Nintendo 3DS!
  8. bkifft

    bkifft avowed Cuthwaldian

    Jun 10, 2010
    Gambia, The
    You can always update emu using the vanilla (as in no memchunk shenanigans) version of sysupdater.
  9. MelonGx

    MelonGx GBAtemp Advanced Maniac

    Jan 8, 2009
    BTW, if anyone wants to dump O3DS JPN OTP, he/she can buy a brand new New Love Plus O3DS exclusive pack (2.1.0-4J) for this, since nobody have done this thing before.

    (For I know, O3DS USA/EUR OTP have already been dumped but JPN is not.)
  10. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Nov 18, 2012
    United States
    Las Vegas
    CFG_SYSPROT9 was unset before 3.0, 3.0 is the version which actually fixed the vulnerability. So the entire OTP can be dumped on any 3DS (including N3DS) at 2.x and below. There's also the fact that the SHA registers which hash OTP weren't cleared before K9L handed off to ARM9 kernel, so that makes two vulnerabilities. I executed k9lhax and exploited that one in May for my N3DS, so I personally find it easier to do this than to downgrade. It doesn't really matter which you get though, the OTP or the hash, because both give you the same result in terms of deriving keys.
    Last edited by shinyquagsire23, Jan 16, 2016
    Zidapi and Vappy like this.
  11. Zidapi

    Zidapi GBAtemp Psycho!

    Dec 1, 2002
    Thank you for elaborating further on this topic.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice