Hacking Ways Nintendo Can Kill A9LH?

[The Catboy]

Or, they'd have to sneakily drop a malicious arm9loaderhax.bin bricker on your console, and I'm pretty sure they can't do that legally in MANY jurisdictions.

Nintendo isn't Gateway, they won't brick your system with a bricker update.

 

[chaoskagami]

Nintendo isn't Gateway, they won't brick your system with a bricker update.

Like I said, they aren't that bad. Sony, on the other hand...they would, if it was legal. It isn't, obviously.

I'd go so far as to say that Nintendo wants to patch homebrew but that they may not see it as a direct threat. Especially considering OOTHax, SMCH, etc remain unpatched.

 

[ishygdaft]

Like I said, they aren't that bad. Sony, on the other hand...they would, if it was legal. It isn't, obviously.

I'd go so far as to say that Nintendo wants to patch homebrew but that they may not see it as a direct threat. Especially considering OOTHax, SMCH, etc remain unpatched.

Bet they didn't see the downgrade bullet being as big a thing as it was.
They're probably mad now, I'd imagine 11.1 will do it's best to patch that stuff.
Oh, Oothax is partly patched, it takes a lot of tries to get it to work on the latest firmware.

 

[chaoskagami]

Bet they didn't see the downgrade bullet being as big a thing as it was.
They're probably mad now, I'd imagine 11.1 will do it's best to patch that stuff.
Oh, Oothax is partly patched, it takes a lot of tries to get it to work on the latest firmware.

I'm a CFW dev. Trust me, I'm aware. It's due to removal of internet access and ASLR. They could fix the game on cartridges and it wouldn't be usable on 9.2/whatever, though, and that's more what I'm referring to.

 

[ishygdaft]

I'm a CFW dev. Trust me, I'm aware. It's due to removal of internet access and ASLR. They could fix the game on cartridges and it wouldn't be usable on 9.2/whatever, though, and that's more what I'm referring to.

I see, you're talking about a batch of 1.1 carts.
Yeah I don't think nintendo would bother with that

 

[memomo]

Nintendo don't care that much about security... I mean if it was easy fix they will do it, if not easy they will not do anything most likely.

Boy, it's been 3 month since the Wii U Kernal exploit is out for the latest FW, AND IT STILL NOT PATCHED

 

[Apache Thunder]

I don't think Nintendo can patch this. The process this exploit uses is a combination of a hardware flaw (memory not being cleared on reboot/alternate FIRM being used) and a early exploit of Kernel9Loader (which somehow got called Arm9LoaderHax instead of Kernel9LoaderHax....But whatever. )

Encryption of the n3DS secret sector which Kernel9Loader uses is done by using hash of OTP. But I believe that encryption is done/handled by kernel9Loader which has been exploited. Nintendo can't fix this for consoles that have already installed an exploited Kernel9Loader. They can use a new key in the n3DS secret sector, but the process to decrypt it is known now. They could update Kernel9Loader, but exploited consoles can just not use the new one. They could change how OTP is encrypted...But this requires an update to Kernel9Loader. Which again won't happen on exploited consoles because of FIRM update protections with existing CFWs.

It's possible Nintendo might try and sneak around this with a new function to update FIRM partitions, but that would most likely take two separate updates to pull off and perhaps they can brick/fix consoles already with it installed, but the userbase would wise up to it quickly and the damage would be limited. It would require a change in bootrom most likely to fix this and that requires new hardware. The code Nintendo added to get around FIRM update protection would get RE'd quickly anyway, so it's a losing battle long term. They really screwed up with it. In theory it was a decent security measure, but rushed updates to patch a previous exploit/leaked key resulted in this mistake that broke it.

The most they can do is change how the secret sector is encrypted and introduce a new key somewhere and try and hide it. But the system has been broken wide open with even their encryption algorithm being figured out. There's really nothing left for them to do at this stage that would be effective.

Plus it's late in the cycle and they may EoL the 3DS/n3DS soon when the mobile variant of the NX comes out (which could perhaps be as early as next year). So I doubt they will bother at this point. Less so with the Wii-U apparently because there hasn't been an update for it in ages despite there being exploits on latest firmware for it. It definitely appears they have moved their security team's priorities to the NX which will be the successor to the Wii-U.

 

[Tony_93]

Funny all the people asking wether Nintendo can or cannot do it, or wether is legal for them to do it or not...

Short answer is yes, they can replace your arm9loaderhax.bin in an update and just call it a "stability update", remember who's INTELLECTUAL PROPERTY is this again?

They wont because they know everyone has NAND backups and everyone could just get a harmod, flash a backup and render useless all the work and resources Nintendo would spend on a fix for this (wouldnt be a cheap job thats for sure).

 

[Apache Thunder]

Yeah. My console is already nand modded. It's really really impossible for them to uninstall my CFW. I could just flash a backup to undo all their hardwork then wait till CFW is updated to block what ever they did to brick it.

 

[Damon_girl]

I don't think it's possible for them to fix it either. A temporary fix could definitely happen, but there would be no permanent one, at least none that I can think of.

This is kind of like the iBoot exploit found in the iPhone 4. Nothing could fix it because it was a flaw with the hardware. I'm pretty sure another iBoot exploit was found on the newer iPhones but sadly it's not released to the public.

 

[OldGlass]

a little off-topic question, but how can I ensure that firm0/1 protection is on?
I'm using Luma3DS+A9LH on a N3DS.

 

[chaoskagami]

a little off-topic question, but how can I ensure that firm0/1 protection is on?
I'm using Luma3DS+A9LH on a N3DS.

If you're using Luma, it is on. Luma doesn't allow disabling it. You're good. ;P

 

[Deleted-19228]

Didn't stop them from bricking a ton of Wii's with a update

The semi-bricked Wii's were accidental.

 

[godstriker8]

Short answer they can't. But new hardware will most likely kill a9lh

A9lh happens to early in boot for the system update to fix it correct me if I'm wrong. Once you have your OTP its a wrap

They said that about boot2 for bootmii, and that still got patched.

 

[chaoskagami]

They said that about boot2 for bootmii, and that still got patched.

That wasn't patched by software. It was a hardware revision.

 

[godstriker8]

That wasn't patched by software. It was a hardware revision.

They also patched it in one of the 4.X FWs for old Wiis

 

[2ndApex]

...nice try Nintendo.

 

[chaoskagami]

They also patched it in one of the 4.X FWs for old Wiis

No they didn't. It was revertable with another exploit on older Wiis because boot0 and boot1 can't be flashed by nintendo. They're read-only. Boot2 was made non-exploitable but it was moot once we had brawlhax and letterbomb. Older Wiis could still flash modified boot2 because the bug still existed in boot1.

My Wii is one of the very first, and I never hacked it until the services were discontinued. It was running the latest firmware, and last firmware. If what you're saying is true it's impossible for me to have boot2 BootMii (I do.)

The newer consoles were fixed. You couldn't modify boot2 because the bug in boot1 was resolved, so you had to take over the first running IOS instead.

 

[Friendsxix]

Only wave of bricks I've heard of/read about involved installing a Korean system update on non-Korean Wiis, yet the Wiis received the notification to update because their regions had been changed.

To add to the actual discussion, though, they could probably find a way if they really wanted to. Either through the already mentioned file re-naming, stability update, or what have you. Honestly (without getting into the piracy discussion) I don't think it's worth their time, since the best way to do it seems to be a new hardware revision (but it'd be silly naming it the new new 3ds ).

http://wiibrew.org/wiki/Error_003
Error 003 was a deliberate attempt by Nintendo to brick Korean Wiis that were region changed to any other region. The reason I can say it was deliberate is because, as noted in the wiibrew article, the system attempts to use the Korean key to encrypt some hardcoded bytes. If the result matches what the actual Korean key would produce, it shows error 003. I cannot think of any situation where that could have been accidental.

 

[gnmmarechal]

Nintendo don't care that much about security... I mean if it was easy fix they will do it, if not easy they will not do anything most likely.

Boy, it's been 3 month since the Wii U Kernal exploit is out for the latest FW, AND IT STILL NOT PATCHED

Kernel

Sent from my Nokia 3310 using Tapatalk