Who told you that it will disappear after updating the system to A9? Please kill him and he will fool Xiaobai
1. The basics of starting 3ds—bootroom
3ds uses bootrom from pressing the power to loading the system. The functions of this thing It means to verify the encrypted signature of the firmware file in the firm, and then load it into the memory. Simply put, it is similar to unlocking the iPhone. You press your fingerprint to enter the main interface. The firmware of 3ds is divided into two parts, firm0 and firm1. Because the electronic number arrangement starts from 0, firm0 is the first firmware and firm1 is the second firmware. When the bootrom starts to load, it first checks the first firmware. Firmware, if there is a problem, load the contents of the second firmware. The bootrom has a vulnerability, that is, when the first firmware fails verification, it will not clear the data in the memory. In this way, the cracking-related attack commands can be left in the memory, and when the bootrom loads firm1 instead At this time, the attack command works the same as the firmware *** in firm1 to load the files we need. So we need to get control of the bootrom to load the files we need in the order we need.
2. The relationship between the functions and BOOTROM of the ARM9 processor
Two things. First, there are two CPUs on the 3ds motherboard, one is ARM9 and the other is ARM11. ARM9 is responsible for the low-level encryption and decryption actions (including unlocking the bootroom). Second, the bootroom function is very powerful, but it is protected by encryption and can be decrypted by the ARM9 processor to gain control of the bootroom. The ARM9 control entrance door lock can be unlocked by a set of 16-byte hash values ??that we call the OTP area. Once we get otp.bin, we can further control the ARM9 processor.
3. Why downgrade to 2.1
First of all, under the 2.1 system, Nintendo did not lock the otp area and did not change its startup priority. Secondly, under the 2.1 version There is a browser vulnerability "2xrsa". Using this vulnerability to start OTPHelper, you can export a unique OTP file for each 3ds. The ultimate purpose of the above is to solidify arm9loaderhax containing otp information into the Firm firmware. It can be run before most system files are run, and control the bootrom to load the luma3ds real system we need (that is, the legendary self-made firmware) .
To sum up, in order to successfully cure A9LH, we need to downgrade to 9.2 and use the arm9 kernel vulnerability to downgrade to 2.1, then export the otp file through otphelper, then restore the real system to 9.2 by restoring the backup, and finally install arm9loaderhax and Luma3DS to finally permanently crack the SysNAND real system.
To put it simply, A9 cracks 3ds directly from the hardware basis. It is much more advanced than software cracking. Moreover, Laoren updated 11.3 a few days ago and blocked most of the loopholes. A9 is intact as long as you put luma on it. Update to 6.6 and then update the host body to be able to connect to the Internet. Anyway, I have never seen it said that updating the system to A9 will disappear. Could it be that the 3ds you bought is a fake A9? To save trouble, the seller made a themed crack for you. I made my own A9 for my 3ds. Although I can use the real system casually, I used the virtual system to separate the system. If you are not sure, just do it again. There are many tutorials now and they are step-by-step. Follow this and you won’t get bricks