UPDATE JANUARY 10, 2019!
This following link is an updated version of Seedminer that works on latest firm 11.9.0-42!
And it's FREE!
This following link is an updated version of Seedminer that works on latest firm 11.9.0-42!
And it's FREE!
What is this:
A stable implementation of the 3ds vuln described here. The old thread about it is here.
This is a new way to inject dsiwarehax -- which can install B9S -- that doesn't require a second 3ds on hand.
What you need:
Seedminer only needs a system's *LFCS and ID0 (the long hex # in your Nintendo 3DS folder) to work its magic.
Currently, you need either a userland entrypoint or someone online you can friend code exchange with and send you a file with the LFCS.
Other ways to get the LFCS are being worked on, more details in the release archive's readme.
A PC is required for a brute-forcing of the actual movable.sed. A CPU will suffice, but a dedicated GPU is
much, much better. Integrated graphics suck, don't count on that to be much better than a CPU. It can even be worse.
You will also need to buy a $2 dsiware game if you don't have a compatible one yet.
* Local Friend Code Seed - this is not the same as LocalFriendCodeSeed_B, see readme.txt for more details.
How to do this:
The easiest method is here.
Please see the readme in the release archive for additional methods that aren't recommended for most people.
How can I help:
There is actually one thing either users of seedminer, or people who already have cfw, can do - dump msed_data nodes!
Seedminer uses "error correction" to make better guesses on where to start brute forcing - this can greatly improve speed, especially needed with
cpu brute-forcing. This data is gathered from actual movable.seds. You can dump and share this data with seedstarter.cia (option X) in the release archive or find "seedminer" in FBI's TitleDB homebrew shop. It is also dumped at the conclusion of a successful brute-force (alongside your movable.sed). It looks like "msed_data_00001234.bin" for example.
The data consists of [LFCS - truncated 12 bits for data privacy] [msed3 error distance] [seedtype new/old 3ds] (12 bytes total)
REMEMBER - it is entirely optional to share this, but greatly appreciated! You can post it in the thread or PM, your choice. I will then add them to the seedminer database files at regular intervals.
If you would like to help people brute-force their seeds, or help them get their LFCS with a friend code exchange, there is a special thread for that here.
Q&A:
Q. I've got my movable.sed and now I'm at the TADpole part, what's this about the ctcert.bin, will you be providing one?
A. No. That file is extremely console-unique and not something I'm comfortable sharing. Someone else will have to share. It only takes one - they work globally. Don't upload it here, it will probably be considered warez (not really sure about that designation - not my call).
Q. Why not ntrboot?
A. Ntrboot is fantastic! It's certainly a better long term solution. However, seedminer only requires a $2 dsiware purchase and you don't have to wait weeks for China Post to deliver a flashcard. Seedminer is pretty involved though, so if you're not comfortable with a lot of steps, just go with
ntrboot.
Q. Could Nintendo patch this?
A. Yes, certainly at least the dsiware injection. Now that it's a primary, they might consider it more of a priority to fix than when it was just used for dsiware transfer hax (3ds.guide). That doesn't account for the possibility of additional dsiware savehax games, however. The movable.sed vuln itself will be a bit more difficult to patch since it's pretty deeply built into the security infrastructure of the 3ds. They could at least make it harder to fish out the LFCS from userland and below.
Q. If dsiware injection was fixed, could this be used for anything else?
A. Yes, I think so at least. Knowing the movable.sed should allow one to modify 3ds game saves (it does, see update below), and this should essentially turn eshop userland secondary exploits into primaries. Again, I haven't actually tested this, but it should work. @wwylele made a tool recently that could help with this.
UPDATE Jun-7-18
Steelhax savegame injection implemented.
http://steelminer.jisagi.net/
Thanks:
Code
@JimmyZ - for providing the sorely-needed ocl brute forcer
@Joel16 - tons of friend functions and other useful code
@ihaveamac - python3 porting for TADpole and seedminer_launcher
@Blackfall - the DIS cloud version of TADpole
Testers
@Quantumcat - tons of advice and testing
@FallenApex - first successful public trial!
@PowerBall253 - the second successful public trial!
Helpers
@Hunter
@Marenthyu
@punderino
@MrJason005
@eip618
@Ihiing
@zacchi4k
@everyone-else-who-has-mined-or-FC-shared-for-someone-else
Release:
Download
Source
