- Joined
- Jan 22, 2014
- Messages
- 245
- Trophies
- 0
- Age
- 26
- Location
- Japan
- Website
- 173210.github.io
- XP
- 683
- Country
1. Exploit ARM9
2. Prepare for the hack
4. The FIRM1 decrypted with the corrupted key causes an exception
5. Testing code will be executed
Hmm, it should work. But isn't it too difficult?
2. Prepare for the hack
- Write the testing code to the exception vector
- Fill FIRM0 with invalid code
- Write arm9loader v2 to FIRM1
- Destroy the special NAND sector
4. The FIRM1 decrypted with the corrupted key causes an exception
5. Testing code will be executed
- If the LR indicates FIRM0, proceed to the next step.
- If the LR doesn't indicate FIRM0, modify the special NAND sector and reboot again.
- Relocate the primary payload
- Write the primary payload to FIRM0 for the next boot
- Execute the primary payload
- Load the secondary payload from the rest of FIRM0
- Execute the secondary payload
- Initialize SDMMC
- Initialize FAT
- Load the binary
- Execute it
Hmm, it should work. But isn't it too difficult?
Last edited by 173210,