MilkLizard
Member
The hero we need. Godspeed Audioboxer.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
3DS HOMEBREW Discussion Thread [exploits/carts/applications/games]
- Thread starter Dash Kappei
- Start date
The hero we need. Godspeed Audioboxer.
Skyfireblaze
Member
Audioboxer
Member
OTP process? What did I miss?
OTP stands for one time password. It is something unique to every 3DS. Think of it as a unique key. It can only be exploited on firmware 2.x or lower. Nintendo patched the vulnerability starting from 3.0.
It allows us to use an arm9 hack, rather than arm11. Basically executing code before a coldboot, and more importantly before coldboot security kicks in. Uses for this are no need for an emunand as sysnand will be fully open to anything, including every update Nintendo puts out going forward. Think PSP levels of CFW.
To get it right now is incredibly risky unless you have a hardmod. On a N3DS especially as we have to downgrade our emunand to 2.1, which bricks it, then backup the bricked emunand via sysnand and hex edit it on a PC. After editing it, we have to run sysnand restore on sysnand with the edited file and pray that afterwards sysnand will boot on 2.1.
On an O3DS you can just downgrade sysnand directly to 2.1 from 9.2, but this is still risky. That can't be done on a N3DS as no N3DS ever came with 2.1 firmware.
The next big issue for N3DS is there is currently no way other than via a hardmod to upgrade from 2.1. This is because the hex editing above tricks the N3DS into being an O3DS and if you use a gamecart to upgrade to 4.x~8.x where you can run an emunand restore app it will brick outright. We are currently waiting on a 2.x browserhack which can restore a 9.2 sysnand backup without the need to go to 4.x+.
Basically if anyone shat it before to downgrade to 9.2, stay clear of the current OTP process like the plague.
Audioboxer
Member
My edited sysnand is restoring now. Eeeeeek.
It'll either work or it will brick. No inbetween.
If it bricks I'll need to install a hardmod to recover 3DS.
It'll either work or it will brick. No inbetween.
If it bricks I'll need to install a hardmod to recover 3DS.
Good luck, can't believe you would risk it at this point. It's bound to get safer and you can't even restore it yet.
But then again if you're able to hard mod it if it fails, I guess it's not that big of a deal.
Good luck, can't believe you would risk it at this point. It's bound to get safer and you can't even restore it yet.
ehhh, it's worth taking a risk sometimes
remember I was the first in this thread to downgrade their N3DS, despite everyone shouting "OH NO ITS GONNA FUCK YOUR SHIT UP"
Audioboxer
Member
Good luck, can't believe you would risk it at this point. It's bound to get safer and you can't even restore it yet.
For science! 10% to go
Restore progress will be out asap.
Skyfireblaze
Member
Alright thanks for the write-up that's all very very interesting!
I take it once this OTP process is fully figured out there might be attempts to get a 3DS's OTP different than via downgrading to 2.1? Because as it stands, unlike sysupdater downgrading the whole thing here sounds like an accident waiting to happen for mass-adoption Still having a PSP Level CFW would be amazing at this stage, especially if it can support a security layer like Pandora or BootMii, otherwise I would still think that the emuNAND principle is a safer option.
I know I might be the minority here but I look forward to the prospect of fully customizing the HomeMenu, from icons to maybe even the look of the System Setting menu and normally accessing the System Settings without getting rebooted to sysNAND Settings!
Mister_Ruck
Member
Wouldn't this stop N3DS enhanced games from recognizing the CPP and faster CPU speed? Seems like a pretty big drawback. but maybe an NTR-like could fix that. Still seems not worth the risk just for faster boots but good luck anyway
that's not the case - the emunand is still 10.5. it's the sysnand that's altered.
edit: oh yeah, the hex editing may be an issue there
You'd undo the hex editing to make it back into a N3DS again. This is not possible yet (without a hard mod) but it's being tested.
You'd just need to reinject your 9.2 NAND backup and it would fix itself. But this is not yet possible on that low firmwares through software.
Audioboxer
Member
We're only doing this to get a N3DS down to 2.1. It never shipped with a FW as low as that so some jiggery pokery is needed. Once we get the OTP file on 2.1, you go back up to 9.2 (N3DS).
By the way, success!!! It black-screened on first boot and I crapped it. Removed sdcard and it booted fine
As you can imagine 3D is completely broke, running in O3DS mode on a N3DS.
We're only doing this to get a N3DS down to 2.1. It never shipped with a FW as low as that so some jiggery pokery is needed. Once we get the OTP file on 2.1, you go back up to 9.2 (N3DS).
By the way, success!!! It black-screened on first boot and I crapped it. Removed sdcard and it booted fine
Nice, congrats! I guess this downgrade could end up being potentially safer than the -10.3 one since memchunkhax2 is so unstable.
Audioboxer
Member
Not sure about that due to the hex editing. I guess if I can do it anyone can, but the devs have said even if done right it could still brick.
Good luck!
By the way everyone, it seems this low a firmware cannot support a 128GB card, regardless of it being FAT32. Will not read my sd card at all, even after it's been formatted. Will have to dig out the old 4GB nintendo card.
Skyfireblaze
Member
We're only doing this to get a N3DS down to 2.1. It never shipped with a FW as low as that so some jiggery pokery is needed. Once we get the OTP file on 2.1, you go back up to 9.2 (N3DS).
By the way, success!!! It black-screened on first boot and I crapped it. Removed sdcard and it booted fine
As you can imagine 3D is completely broke, running in O3DS mode on a N3DS.
Congratz, you did great work there!
I really hope once the ARM9 Loader is exploited there will be a better way to do all this, even though I doubt it so I'm mentally preparing myself to do the ride once OTP dumping really becomes useful.
Audioboxer
Member
Congratz, you did great work there!
ReiNand has some preliminary support. I'm just stuck on 2.1 now till the browser sysnand restore is ready. Dumped my a9f.bin file okay (OTP).
Can confirm a 128GB card will not work. So if you try this and think you've bricked like me, remove your sdcard on reboot
D
Deleted member 126221
Unconfirmed Member
Wow, you guys are troopers. I'm still too chicken to do a simple downgrade on my Majora n3DS! At this point I think I'll wait to see what happens with the account integration next month.
I'm glad to see quick developments like this. This is the Wii all over again.
I'm glad to see quick developments like this. This is the Wii all over again.
Audioboxer
Member
For once I was actually pretty confident in a brick (I convinced myself I'd just hard mod if I bricked and restore). Not because I doubted my handy work, but just the thought of putting a hex edited emunand backup into sysnand had me worried. Not many people have done it yet, and the devs who have been working on it, all work with hard mods (and have stated bricks have happened in the processes).
The N3DS method wasn't even the official/first way to do it, a dev brainstormed it as an idea and decided to try it! It works, but as always doing shit like this without a hard mod is asking for trouble.
Thank goodness this was a one time thing, and as soon as I'm back on 9.2 Nintendo can't do anything now that I have my OTP!
Skyfireblaze
Member
ReiNand has some preliminary support. I'm just stuck on 2.1 now till the browser sysnand restore is ready. Dumped my a9f.bin file okay (OTP).
Can confirm a 128GB card will not work. So if you try this and think you've bricked like me, remove your sdcard on reboot
Ah I presume this is the faster boot that was mentioned?
I hope you can upgrade quickly again. I won't do it just yet, my new 3DS is running 100% perfect now like I want it and I don't want to undo that for no tangible benefit for the moment
Audioboxer
Member
Ah I presume this is the faster boot that was mentioned?
Yeah boot time ~2 seconds more than normal. Back to sysnand 9.2 tonight or tomorrow most likely, devs have it working but not public as of yet
The scene is probably going to shift to the arm9loader, so we can just hope simpler ways come about to get the OTP (a9f.bin) file. Or at least less riskier downgrades, as it seems we'll always need to go to 2.x :/ Maybe they'll find a way to just use emunand on 2.1, which prevents anyone needing to tamper with sysnand.
Audioboxer
Member
So far everyone trying the downgrade is getting it. As long as you follow the steps involved it seems that the success rate is going to be the same as it was before.
Sysnand restore method via browser has just been released as well, going to try and get back to 9.2 now.
Sysnand restore method via browser has just been released as well, going to try and get back to 9.2 now.
Audioboxer
Member
Back to 9.2, phew, ordeal over, OTP obtained, success!
Got a link to the guide you used?
Audioboxer
Member
There only is one guide - https://github.com/Plailect/OTP/blob/master/README.md
Beware of the spelling mistake here
That command is pasted and ran as one whole command, but it should be 0x5_.xorpad and 0x4_.xorpad. The dot is missing.
Also N3DS cannot upgrade back from 2.1 via a cart. Will brick. You need to use the files here - https://gbatemp.net/threads/otp-guide.415140/page-19#post-6084203
Decrypt9.bin has to be renamed to arm9.bin. Will make more sense once you're at the end of the main guide, ignore for now, that is your escape route back to a 9.2 sysnand backup from 2.1.
Audioboxer
Member
Audioboxer
Member
Yeah so let me add, getting the OTP file is pretty useless unless you have some skilled programming knowledge. Of course it's good to have it for when things get easier, and from what I've read there is simply not going to be anyway to get it unless you are on 2.x or lower, ever.
Nothing is user friendly right now, you need to know how to compile from https://github.com/delebile/arm9loaderhax
No use at all for normal folk like me. There's no automated way to compile an arm9loader 3dsx file without knowing what to do in the readme above.
Nothing is user friendly right now, you need to know how to compile from https://github.com/delebile/arm9loaderhax
No use at all for normal folk like me. There's no automated way to compile an arm9loader 3dsx file without knowing what to do in the readme above.
I finally joined the CFW club (I am using Rei) and I have some simple questions:
1) First I created a NAND backup and then reformatted my SD card. From what I understand this stores an EmuNAND copy in a different partition of my SD Card.
If I want to use a different SD card in the future do I have to repeat the same process, so make another NAND backup and then reformat the new SD card so that I have another EmuNAND stored there?
2) How can I play GBA VC Titles? I read somewhere that you have to install them both on the SysNAND and on the EmuNAND but I was confused a little bit. What's the easiest/best way to do this? I have a N3DS btw if it makes any difference.
1) First I created a NAND backup and then reformatted my SD card. From what I understand this stores an EmuNAND copy in a different partition of my SD Card.
If I want to use a different SD card in the future do I have to repeat the same process, so make another NAND backup and then reformat the new SD card so that I have another EmuNAND stored there?
2) How can I play GBA VC Titles? I read somewhere that you have to install them both on the SysNAND and on the EmuNAND but I was confused a little bit. What's the easiest/best way to do this? I have a N3DS btw if it makes any difference.
dont bother, not worth the hassle. only advantage to it against emulation is better battery life. install this CIA build of gpsp, make sure you have gba_bios.bin in the retroarch system folder on your SD (find it on google if you dont have it already).
https://ianburgwin.net/2015-11-23_RetroArch_cia.7z
the gpsp cia is in there. Runs all GBA titles full speed with no slowdown. save state support, scaling options, button remapping, suspend/resume, etc.
protomouse
Member
Your best bet is to use EmuNAND9 to dump your EmuNAND, transfer everything on your SD card (including EmuNAND.bin) to your PC,
go through the process of setting up EmuNAND on your new card, transfer everything back from the PC to the new card, and use EmuNAND9 to inject your previously dumped EmuNAND.bin to your newly created EmuNAND partition.
Another option would be to make a byte-identical copy of your old card using a disk cloning tool, and write that to the new one. If the cards are of equal capacity it's fairly straight-forward. If it's larger, you might wish to use a partitioning tool. Can't say I've tried that, though.
Correct. GBA titles (i.e. CIAs) need to be installed to SD under both SysNAND and EmuNAND. As Rich suggested, easiest on N3DS is to emulate. I prefer running my games on actual hardware when possible, which is why VC is best for me.
Audioboxer
Member
That OTP stuff looks really tasty, but I think I'll wait until the process is more streamlined and, hopefully, safer. And till when there's actually something to do with it
A nice member on GBATemp built my arm9loaderhax.3dsx file for me. No idea how to compile it myself.
Just about to try it ~ Apparently this is the riskiest step. Quite a lot of dev bricks. Although they narrowed it down to it will not compile correctly in linux as things stand and will always result in a brick. Has to be compiled in Windows.
I've been following the discussing on Temp as best as I could, but I'm still not exactly sure about what the point of this is. I know that we will be able to have all the benefits of CFW on our sysNANDs... but I think I'm OK with my emuNAND for the time being. What other benefits will there be? Because it looks like an awfully risky process just for the convenience of CFW on boot.
Audioboxer
Member
That's me bricked I recommend everyone just avoids this for now. Dumping the OTP.bin seems to be the easy bit, compiling and the running the hack, apparently not so much
I'll need to do a hardmod now.
I recommend everyone just avoids this for now. Dumping the OTP.bin seems to be the easy bit, compiling and the running the hack, apparently not so much I'll need to do a hardmod now.
Would love to hear you update us later on your experience. Last time I tried to play Mother 3 it was almost impossible to do the rhythm based stuff in the combat. That was a few years ago on a PSP though.Cool, it looks like it's finally time to try Mother 3
Yeb,this just confirm to me to not do right nowThat's me bricked
I'll need to do a hardmod now.
I was going to do it , but after this...nope.
Also, the one thing is scaring me is to use tinyformat , it will delete the NNID from 3ds but you can't use it again because from Nintendo side that user is still there in the 3ds.
You have to do it on a device not linked or linked to NNID with nothing bought from the shop.
djmattiepoo
Member
For me, the rhythm-based combat worked fine when I tried it soon after getting CFW/gpsp retroarch emulator installed on the n3DS. I was able to max out the attacks pretty confidently. Just make sure you're using the cia installation of the emulator, but you probably already knew that.
Audioboxer
Member
Yeah arm9loaderhax.3dsx caused the brick. I did get someone else to compile it for me but they've been doing it for quite a few people. Either compiling error, or bad luck that I've just bricked.
Audioboxer
Member
Yes it can be that.
Small breakthrough. With the help of another member we seem to have established I am not bricked. I just haven't setup Rei correctly to use arm9 to boot into a sysnand partition.
He sent me another arm9loaderhax.bin which when used on the root of the sdcard allows my 3DS to turn on (still with black screen) but it can be turned off by pushing any button after a few seconds. The big issue with the current arm9loader is the LCD screen isn't "turned on" until it successfully boots into something. Meaning if not setup right you will have a black screen which looks like a brick.
BrawlPurist
Member
I'm pretty curious about this, myself. As it stands now, (and with it being extraordinarily dangerous on n3DS without a hardmod) I don't see much point for the average user.
Don't get me wrong, this stuff is ridiculously cool to watch develop, but I can't see myself switching from the emuNAND comfort zone.
That said, it's cool to see someone here seeing some success!
I agree. While I wasn't too nervous attempting to downgrade to 9.2, I don't have the skillset to hardmod a N3DS myself, and I don't want to go through the hassle of mailing it out to someone else and paying them to do it. I can tolerate the longer boot time, it's not such a big deal to me. Not to mention, the boot fail ratio has been pretty good. Maybe 1 fail in 10 boots.
Audioboxer
Member
With OTP and the arm9 hack it wouldn't even matter if we bricked sysnand. Because the code is executed first before any Nintendo security, we can direct the code to load anything we want. Such as an app to restore a sysnand backup if we did brick sysnand.
Audioboxer
Member
Got my 3DS back up and running. Booting into sysnand with Rei. I think one of the nicest surprises is 3D works straight away now. No more close the lid bug! lol.
so , with Rei there is no 3D bug ? or because you downgrade to 2.1 ?