commit b4e64bdb59a45eb35cc92572d80169916f6c6633 Author: xprism1 <50407586+xprism1@users.noreply.github.com> Date: Sat Apr 22 12:10:54 2023 +0800 diff --git a/dump_3ds_panda.md b/dump_3ds_panda.md new file mode 100644 index 0000000..fdd72e6 --- /dev/null +++ b/dump_3ds_panda.md @@ -0,0 +1,85 @@ +# Dumping 3DS PANDA NAND + +## What you need +- A ntrboot compatible flashcart +- A magnet that triggers the sleep mode of your PANDA (if using a folding style 3DS) +- An already hacked retail 3DS (with Luma3DS) +- A 3DS PANDA **(insert an SD card into it if it does not come with one)** +- The latest release of [ntrboot_flasher](https://github.com/ntrteam/ntrboot_flasher/releases/latest) +- Dev-signed GodMode9 (this build has a more complete aeskeydb which should allow for `essential.exefs` dumping) + - https://cdn.discordapp.com/attachments/457908268287918090/1036420146073436220/boot9strap_ntr_dev.firm + - https://cdn.discordapp.com/attachments/457908268287918090/1036420146476093440/boot9strap_ntr_dev.firm.sha + +## Section I - Prep Work + +1. Power off the retail 3DS +2. Insert the retail 3DS's SD card into your computer +3. Create a folder named `ntrboot` on the root of the SD card +4. Copy `boot9strap_ntr_dev.firm` and `boot9strap_ntr_dev.firm.sha` to the `/ntrboot/` folder on the SD card +5. Copy `ntrboot_flasher.firm` to the `/luma/payloads/` folder on the SD card +6. Reinsert the SD card back into the retail 3DS +7. Insert your ntrboot compatible DS / DSi flashcart into the retail 3DS + +## Section II - Flashing dev-signed godmode9 ntrboot to the flashcart +1. Launch the Luma3DS chainloader by holding (Start) during boot on the retail 3DS +2. Select "ntrboot_flasher" +3. Read the red screen warning +4. Press (A) to continue +5. Select your flashcart + - If you do not see your flashcart in the list at the top, read the bottom screen for more info on each option +6. Select "Dump Flash" +7. Wait until the process is completed +8. Press (A) to continue +9. Press (A) to return to the main menu +10. Select "Inject Ntrboot" +11. Choose developer unit ntrboot +12. Wait until the process is completed +13. Press (A) to return to the main menu +14. Press (B) to power off the retail 3DS + +## Section III - ntrboot +1. Use the magnet to find the spot on the PANDA where the sleep sensor is triggered + - This step is not needed on the old 2DS (which has a sleep mode switch) +2. Power off the PANDA +3. Insert your flashcart into the PANDA +4. Place the magnet on the PANDA to trigger the sleep sensor + - On old 2DS, you should instead enable the sleep mode switch +5. Hold (Start) + (Select) + (X) + (Power) for several seconds, then release the buttons + - It may take a few attempts to get this to work because the positioning is awkward +6. If the exploit was successful, you will have booted into GodMode9 + +## Section IV - Dumping NAND +1. Select “Backup Options” +2. Select “SysNAND Backup” +3. Press (A) to confirm + - This process will take some time +4. Press (A) to continue +5. Press (B) to return to the main menu +6. Select “Exit” +7. Press (A) to relock write permissions if prompted +8. Navigate to `[S:] SYSNAND VIRTUAL` +9. Press (A) on `essential.exefs` to select it +10. Select “Copy to 0:/gm9/out” + - If you see “Destination already exists”, press (A) on “Overwrite file(s)” +11. Press (A) to continue +12. Navigate to `[M:] MEMORY VIRTUAL` +13. Repeat steps 9 to 11 for `otp.mem`, `otp_dec.mem` (if it shows up) and `nvram.mem` +14. Press (Home) to bring up the action menu +15. Select “Poweroff system” to power off the PANDA +16. Insert the SD card into your computer +17. Copy `__sysnand_##.bin`, `__sysnand_##.bin.sha`, `essential.exefs`, `otp.mem`, `otp_dec.mem` and `nvram.mem` from the /gm9/out/ folder on the SD card to a safe location on your computer + +## Section V - Removing ntrboot from the flashcart +2. Insert the SD card from the retail 3DS into your computer +3. Copy the .bin file from your flashrom backup to the `/ntrboot/` folder on the root of the SD card +4. Insert your ntrboot compatible DS / DSi flashcart into the retail 3DS +5. Launch ntrboot_flasher by holding (Start) during boot +6. Read the red screen warning +7. Press (A) to continue +8. Select your flashcart + - If you do not see your flashcart in the list at the top, read the bottom screen for more info on each option +9. Select “Restore Flash” +10. Press (A) to proceed +11. Wait until the process is completed +12. Press (A) to return to the main menu +13. Press (B) to power off the retail 3DS \ No newline at end of file