Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Parzi86635y@Gregozor2121 yes but they're also the key to hacking any 3DS, no matter the system version.
-
Parzi86635y@Gregozor2121 If I remember correctly, it's a title ID buffer overflow exploiting a factory-use boot-directly-to-cart-yes-i'm-sure-do-it-now function. Basically, normally the 3DS would see the fucked title and go "welp, this cart's fucked" and refuse to show it's even there, but in this bootloader-only factory-override mode it would copy the name to RAM then immediately jump to an area of memory with the code to wipe RAM and launch a cart while disregarding everything else about system state... oh wait the cart title's there too and we're running from the name of the cart. From there, keys are pulled from memory, saved to SD, and a firmware is launched to install a new bootloader, which is signed with those keys that were just pulled.
This works even with 0-size NAND and you have 100% control over the hardware in that state, so even the most devastating bricks can be fixed (aside from ones caused physically, that is...)
tl;dr: Pandora Battery but with extra steps and it's a gamecart. -
Parzi86635y@Gregozor2121 some people still swear it's actual witchcraft as technically key extraction should be impossible at that point
but it's possible somehow?
In order: Gold Key and Iron Key, my pair of NTRBoot carts made from dying flashcarts.
rant