Hacking Video Guide to unbricking without existing nand dump, using the new method.

[bostonBC]

At this point, don't think the NAND has been decrypted or probably ever will.

Ok cool. That would be neat if they figure out the NAND keys, then I imagine you could take any 3DS and downgrade it.

 

[Deleted User]

Ok I take it back, it has been decrypted but the following: (courtesy of mathieulh)

The eMMC (why does everyone call it a NAND ? Well, I guess it does use one anyway) is encrypted using a per 3DS key set by the bootrom to an AES hardware keyslot, these keyslots are write only and cannot be read.

Therefore the only way to decrypt the content of an eMMC chip is to use the AES hardware engine of the 3DS it came from. The whole process is rather slow and can only be done if you are running your own ARM9 code on the device (aka kernel mode).

Also, just to be sure we are on the same page here, you obviously can't write back the decrypted content to the eMMC pages, it needs to be encrypted with the right key.

You get the idea.

 

[bkifft]

gamesquest1: You might want to add an annotation along the lines of "don't do the format, now that the write protection is removed it would actually kill your NAND" at around 7:55.

 

[gamesquest1]

gamesquest1: You might want to add an annotation along the lines of "don't do the format, now that the write protection is removed it would actually kill your NAND" at around 7:55.

Yeah i was going to add that earlier but wasn't sure if i was going ott with the warnings.....suppose you cant be too safe

 

[gamesquest1]

bkifft nice to see you removed the lock and force erase function, now i don't have to worry about someone ignoring the captions