xprism1/gist-fe92c3e6b7973825b49766be3fb3624e
1
Fork 0
mirror of https://gist.github.com/fe92c3e6b7973825b49766be3fb3624e.git synced 2025-10-31 13:31:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
xprism1 2023-04-22 12:10:54 +08:00 committed by GitHub
commit b4e64bdb59
1 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
dump_3ds_panda.md Normal file
View File

@ -0,0 +1,85 @@
# Dumping 3DS PANDA NAND
## What you need
- A ntrboot compatible flashcart
- A magnet that triggers the sleep mode of your PANDA (if using a folding style 3DS)
- An already hacked retail 3DS (with Luma3DS)
- A 3DS PANDA **(insert an SD card into it if it does not come with one)**
- The latest release of [ntrboot_flasher](https://github.com/ntrteam/ntrboot_flasher/releases/latest)
- Dev-signed GodMode9 (this build has a more complete aeskeydb which should allow for `essential.exefs` dumping)
- https://cdn.discordapp.com/attachments/457908268287918090/1036420146073436220/boot9strap_ntr_dev.firm
- https://cdn.discordapp.com/attachments/457908268287918090/1036420146476093440/boot9strap_ntr_dev.firm.sha
## Section I - Prep Work
1. Power off the retail 3DS
2. Insert the retail 3DS's SD card into your computer
3. Create a folder named `ntrboot` on the root of the SD card
4. Copy `boot9strap_ntr_dev.firm` and `boot9strap_ntr_dev.firm.sha` to the `/ntrboot/` folder on the SD card
5. Copy `ntrboot_flasher.firm` to the `/luma/payloads/` folder on the SD card
6. Reinsert the SD card back into the retail 3DS
7. Insert your ntrboot compatible DS / DSi flashcart into the retail 3DS
## Section II - Flashing dev-signed godmode9 ntrboot to the flashcart
1. Launch the Luma3DS chainloader by holding (Start) during boot on the retail 3DS
2. Select "ntrboot_flasher"
3. Read the red screen warning
4. Press (A) to continue
5. Select your flashcart
- If you do not see your flashcart in the list at the top, read the bottom screen for more info on each option
6. Select "Dump Flash"
7. Wait until the process is completed
8. Press (A) to continue
9. Press (A) to return to the main menu
10. Select "Inject Ntrboot"
11. Choose developer unit ntrboot
12. Wait until the process is completed
13. Press (A) to return to the main menu
14. Press (B) to power off the retail 3DS
## Section III - ntrboot
1. Use the magnet to find the spot on the PANDA where the sleep sensor is triggered
- This step is not needed on the old 2DS (which has a sleep mode switch)
2. Power off the PANDA
3. Insert your flashcart into the PANDA
4. Place the magnet on the PANDA to trigger the sleep sensor
- On old 2DS, you should instead enable the sleep mode switch
5. Hold (Start) + (Select) + (X) + (Power) for several seconds, then release the buttons
- It may take a few attempts to get this to work because the positioning is awkward
6. If the exploit was successful, you will have booted into GodMode9
## Section IV - Dumping NAND
1. Select “Backup Options”
2. Select “SysNAND Backup”
3. Press (A) to confirm
- This process will take some time
4. Press (A) to continue
5. Press (B) to return to the main menu
6. Select “Exit”
7. Press (A) to relock write permissions if prompted
8. Navigate to `[S:] SYSNAND VIRTUAL`
9. Press (A) on `essential.exefs` to select it
10. Select “Copy to 0:/gm9/out”
- If you see “Destination already exists”, press (A) on “Overwrite file(s)”
11. Press (A) to continue
12. Navigate to `[M:] MEMORY VIRTUAL`
13. Repeat steps 9 to 11 for `otp.mem`, `otp_dec.mem` (if it shows up) and `nvram.mem`
14. Press (Home) to bring up the action menu
15. Select “Poweroff system” to power off the PANDA
16. Insert the SD card into your computer
17. Copy `<date>_<serialnumber>_sysnand_##.bin`, `<date>_<serialnumber>_sysnand_##.bin.sha`, `essential.exefs`, `otp.mem`, `otp_dec.mem` and `nvram.mem` from the /gm9/out/ folder on the SD card to a safe location on your computer
## Section V - Removing ntrboot from the flashcart
2. Insert the SD card from the retail 3DS into your computer
3. Copy the .bin file from your flashrom backup to the `/ntrboot/` folder on the root of the SD card
4. Insert your ntrboot compatible DS / DSi flashcart into the retail 3DS
5. Launch ntrboot_flasher by holding (Start) during boot
6. Read the red screen warning
7. Press (A) to continue
8. Select your flashcart
- If you do not see your flashcart in the list at the top, read the bottom screen for more info on each option
9. Select “Restore Flash”
10. Press (A) to proceed
11. Wait until the process is completed
12. Press (A) to return to the main menu
13. Press (B) to power off the retail 3DS