|
| ||
| Views: 1,610,082 | Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search | 11-23-24 08:08 AM |
| Guest: | ||
| Main - Posts by Normmatt |
| Normmatt |
| ||
|
Newcomer Normal user Level: 6 Posts: 1/6 EXP: 820 Next: 87 Since: 05-09-16 Last post: 2999 days ago Last view: 2991 days ago |
You put "http://4dsbrew.org" instead of "http://4dsdev.org/" in the change log.
I'm also still getting some debug prompts like "aes key ZERO" and trying to load anything from the menu results in an error has occured power off the system prompt ![[image]](https://i.imgur.com/u98Mr91.png) |
| Normmatt |
| ||
|
Newcomer Normal user Level: 6 Posts: 2/6 EXP: 820 Next: 87 Since: 05-09-16 Last post: 2999 days ago Last view: 2991 days ago |
It shows up during the health/safety screen.
I will verify that my BIOS dumps include all the keys... I must have missed one... |
| Normmatt |
| ||
|
Newcomer Normal user Level: 6 Posts: 3/6 EXP: 820 Next: 87 Since: 05-09-16 Last post: 2999 days ago Last view: 2991 days ago |
I missed the
ROM:00008308h / 3DS:01FFD200h 80h some AES keys however it still shows that error same as before on any software i try to load from the menu. Posted by Opposing Force Make sure you do both both lists First list search for the bytes in 3ds itcm and copy them across. ROM:FFFF87F4h / TCM:1FFC400h (400h) (C3 02 93 DE ..) Whatever, 8x80h RSA? ROM:FFFF9920h / TCM:1FFC800h (80h) (30 33 26 D5 ..) Whatever ROM:FFFF99A0h / TCM:1FFC894h (1048h) (99 D5 20 5F ..) Blowfish/NDS-mode ROM:FFFFA9E8h / TCM:1FFD8DCh (1048h) (D8 18 FA BF ..) Blowfish/unused? ROM:00008188h / RAM:3FFC400h (200h) (CA 13 31 79 ..) Whatever, 32x10h AES? ROM:0000B5D8h / RAM:3FFC600h (40h) (AF 1B F5 16 ..) Whatever, "common key"? ROM:0000C6D0h / RAM:3FFC654h (1048h) (59 AA 56 8E ..) Blowfish/DSi-mode ROM:0000D718h / RAM:3FFD69Ch (1048h) (54 86 13 3B ..) Blowfish/unused? On a 3DS, the following "DSi ROM data" can be dumped from the 2470h-byte DSi key area in 3DS memory at ARM9 ITCM 01FFD000h..01FFF46F (via 3DS exploits that are capable of executing code on ARM9 side): ROM:FFFF87F4h / 3DS:01FFD000h 200h RSA key 0..3 ROM:00008308h / 3DS:01FFD200h 80h some AES keys ROM:FFFF9920h / 3DS:01FFD280h 80h whatever ROM:0000B5D8h / 3DS:01FFD300h 40h AES keys and values (common etc) ROM:? / 3DS:01FFD340h A0h misc "Nintendo" string etc. ROM:0000C6D0h / 3DS:01FFD3E0h 1048h Blowfish for DSi-mode ROM:FFFF99A0h / 3DS:01FFE428h 1048h Blowfish for DS-mode my bios md5's are BIOSDSI7.ROM - 559DAE4EA78EB9D67702C56C1D791E81 BIOSDSI9.ROM - 87B665FCE118F76251271C3732532777 EDIT: Look like if I don't use my WIFI-DSI.BIN it works properly 
EDIT2: no$gba doesn't appear to like the sdmmc code used in sudokuhax I get "notyet supported sd/mmc command 00000000" "notyet supported sd/mmc command 00000008" "notyet supported sd/mmc command 00000037" <-| "notyet supported sd/mmc command 00000029" --| loops these last two over and over |
| Normmatt |
| ||
|
Newcomer Normal user Level: 6 Posts: 4/6 EXP: 820 Next: 87 Since: 05-09-16 Last post: 2999 days ago Last view: 2991 days ago |
You can also probably dump them using an IS-TWL-DEBUGGER as that seems like a full jtag debugger. |
| Normmatt |
| ||
|
Newcomer Normal user Level: 6 Posts: 5/6 EXP: 820 Next: 87 Since: 05-09-16 Last post: 2999 days ago Last view: 2991 days ago |
Posted by gudenau DeSmuME already does that... so he could look at how that works and re-implement it. |
| Normmatt |
| ||
|
Newcomer Normal user Level: 6 Posts: 6/6 EXP: 820 Next: 87 Since: 05-09-16 Last post: 2999 days ago Last view: 2991 days ago |
or your executing the exploit too late and that area is already locked down...
could check if the keys have been copied into ram... oh wait no you can't because it can't write to ram... maybe you need to just block writes to the vector addresses and not all of ram. |
| Main - Posts by Normmatt |
|
Page rendered in 0.013 seconds. (2048KB of memory used) MySQL - queries: 22, rows: 71/71, time: 0.005 seconds. ![[powered by Acmlm]](img/poweredbyacmlm.png "powering nostalgia")
Acmlmboard 2.064 (2018-07-20)© 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |
![[image]](https://i.imgur.com/f8rBq8w.png)