See https://github.com/Plailect/Guide/wiki/Hardmod-Downgrade

 

[Plailect]

Guys, I need some help with this, please...
I'm a little lost with the decrypted NATIVE_FIRM files?
Where do I find those? 10.4 / 10.5 and 10.2?
I have a couple of firmware.bin I got from @Reisyukaku's gitHub but I don't know if those are the ones and, if so, which are the correct version.

Meanwhile I'm gonna check the other iso site...

EDIT:
I've found @Aurora Wright's thread with two zip packages containing:
10.4 FIRM for both Old3DS and New3DS in a file called FIRMsv3
The other file FIRMsNTR only contains 10.2 FIRM for New3DS

Since I need 10.2 FIRM for Old3DS, I'm still searching...

They're on my github linked in the post.

 

[vb_encryption_vb]

Guys, I need some help with this, please...
I'm a little lost with the decrypted NATIVE_FIRM files?
Where do I find those? 10.4 / 10.5 and 10.2?
I have a couple of firmware.bin I got from @Reisyukaku's gitHub but I don't know if those are the ones and, if so, which are the correct version.

Meanwhile I'm gonna check the other iso site...

EDIT:
I've found @Aurora Wright's thread with two zip packages containing:
10.4 FIRM for both Old3DS and New3DS in a file called FIRMsv3
The other file FIRMsNTR only contains 10.2 FIRM for New3DS

Since I need 10.2 FIRM for Old3DS, I'm still searching...

The files on the github is all you need.

 

[mvmiranda]

Thx @vb_encryption_vb and @Plailect!
I had downloaded them but didn't notice they were all I need... Too sleepy and hungry to notice

I already created the new nand.bin and I'm passing the other files to the SD (SafeSysUpdater, update folder with 9.2.0-20U full, homebrew launcher, etc)

Will report back in a few!

EDIT: It worked!
@hundshamer, here mate!
We were discussing this for some minutes and it worked just fine!

Thx @Plailect I owe you some beers!

 

[DarkFlare69]

So can anyone help with my problem from yesterday? After getting the new ctrtool and msvcr120d.dll, everything seems to be working. But it doesn't edit my NAND. My original NAND and "new" NAND have the exact same MD5 + HxD says the files are identical.

 

[vb_encryption_vb]

So can anyone help with my problem from yesterday? After getting the new ctrtool and msvcr120d.dll, everything seems to be working. But it doesn't edit my NAND. My original NAND and "new" NAND have the exact same MD5 + HxD says the files are identical.

Very strange. Start over possibly with fresh files. I compared mine and there was a small change

 

[DarkFlare69]

Very strange. Start over possibly with fresh files. I compared mine and there was a small change

I'll try that. Did you run everything as admin? Because I did (in properties)

 

[mvmiranda]

So can anyone help with my problem from yesterday? After getting the new ctrtool and msvcr120d.dll, everything seems to be working. But it doesn't edit my NAND. My original NAND and "new" NAND have the exact same MD5 + HxD says the files are identical.

Very strange. Start over possibly with fresh files. I compared mine and there was a small change

Also, just for the sake of "Windows", try running your "start.bat" in a command window opened as administrator.
That will avoid any "access error" on any of your files...

Good luck!

 

[DarkFlare69]

Also, just for the sake of "Windows", try running your "start.bat" in a command window opened as administrator.
That will avoid any "access error" on any of your files...

Good luck!

I can do that, I'll report back if it works

 

[Aroth]

A Quick Question. Is it possible to Spoof Firmware version and makes the console thinks that the current firmware of 9.2 instead of 10.5. If possible can we use any game to upgrade any less Firmware like 10.3 or 9.2+, so there may be we getting a chance to downgrade without hardmod.

Dude tone down the bold and massive font. No need to yell.

This would not work for a number of reasons, but the big one is the fact that even if we COULD spoof the firmware version like you are talking about (btw we actually can't because there isnt a single "version" to spoof, its about 130 different file versions that are all checked), it would require 9.2 would would defeat the purpose of your question.

Plus even if we somehow convinced a 10.5 system that it was really on 8.1 so that it would accept a 9.2 update, the update itself would fail. The service that handles title installation checks the title version of each individual title it installs before installing it. If the existing version is equal to or higher than the version being installed, the service skips that title and moves to the next. In this case each and every title will fail to install because all of the installed title versions are already the same or higher than their 9.2 counterparts.

 

[guitarheroknight]

Can someone give me a technical reason why the downgrade function is more stable on the 10.2 firm compared to the lower ones?

 

[hundshamer]

It worked fine for me. System setting still even showed 10.5, but it downgraded to 9.2 just fine.

 

[mvmiranda]

It worked fine for me. System setting still even showed 10.5, but it downgraded to 9.2 just fine.

Same here!
System setting still showed 10.5 but I had compared both nands and their MD5 had changed, and since flashing the new one didn't blew up my console I decided to go ahead.
Installed the Ninjhax 10.5 on my Cubic Ninja and proceeded to downgrade using SafeSysUpdater...
As we all know, it worked!

So, if after you flash your new nand and it "apparently" didn't change from 10.5 to 10.2, don't freak out... keep going!

Cheers!

 

[Aroth]

Can someone give me a technical reason why the downgrade function is more stable on the 10.2 firm compared to the lower ones?

The mch2 exploit requires replacing the contents of a memory check header pointer after the pointer has been referenced (its a little more complicated but that is the gist). Each revision of FIRM slightly alters the way the memory is mapped and the current implementation of mch2 was written on and tested with 10.3 systems so it is using those offsets and mapping. Combine that with the fact that mch2 is basically a race attack to replace the contents the header points to before the contents are actually read and executed, and it just fails on firms with slightly different mappings. Each successive iteration of FIRM from 9.3 up to 10.2 would probably need a unique implementation of mch2 for it to work properly on that version of the firm.

 

[vb_encryption_vb]

Can someone give me a technical reason why the downgrade function is more stable on the 10.2 firm compared to the lower ones?

Its justcas stable on any of the other firmwares. People bricked and started making shit reasons as to why.

It worked fine for me. System setting still even showed 10.5, but it downgraded to 9.2 just fine.

Its supposed to still show 10.5. Its just a hybrid 10.5

 

[Aroth]

It worked fine for me. System setting still even showed 10.5, but it downgraded to 9.2 just fine.

Same here!
System setting still showed 10.5 but I had compared both nands and their MD5 had changed, and since flashing the new one didn't blew up my console I decided to go ahead.
Installed the Ninjhax 10.5 on my Cubic Ninja and proceeded to downgrade using SafeSysUpdater...
As we all know, it worked!

So, if after you flash your new nand and it "apparently" didn't change from 10.5 to 10.2, don't freak out... keep going!

Cheers!

Considering the "10.5.0-30" version string is the result of the system pulling strings from CVer and NVer, both of which are stored in CTRNAND which we are not messing with, this behavior is to be expected.

 

[VirusX2]

Dude tone down the bold and massive font. No need to yell.

This would not work for a number of reasons, but the big one is the fact that even if we COULD spoof the firmware version like you are talking about (btw we actually can't because there isnt a single "version" to spoof, its about 130 different file versions that are all checked), it would require 9.2 would would defeat the purpose of your question.

Plus even if we somehow convinced a 10.5 system that it was really on 8.1 so that it would accept a 9.2 update, the update itself would fail. The service that handles title installation checks the title version of each individual title it installs before installing it. If the existing version is equal to or higher than the version being installed, the service skips that title and moves to the next. In this case each and every title will fail to install because all of the installed title versions are already the same or higher than their 9.2 counterparts.

Thanks for the response man. Sorry i didn't yell. Just did bold and font size scale.

I thought i may work. Because it worked on Downgrading a PSP console. So i thought it may work in 3DS. Damn am Doomed now. I got my N3DS with 9.9 firmware and i updates just to play 3 free games , How stupid i am. Any how thanks for the clarification man.

 

[Aroth]

Its justcas stable on any of the other firmwares. People bricked and started making shit reasons as to why.

It actually is more stable. Specifically the exploit is more successful on 10.2 than on lower firms. If you manage to get the exploit to successfully execute on 10.0 or lower then you are golden and any brick is the result of bad files or user error.

THe problem was getting mch2 to actually execute at all on lower firms. People were trying 20-30 times on 9.9 or 10.1, then updating to 10.3 and it would successfully exploit on the 3rd or 4th try.

 

[VirusX2]

It actually is more stable. Specifically the exploit is more successful on 10.2 than on lower firms. If you manage to get the exploit to successfully execute on 10.0 or lower then you are golden and any brick is the result of bad files or user error.

THe problem was getting mch2 to actually execute at all on lower firms. People were trying 20-30 times on 9.9 or 10.1, then updating to 10.3 and it would successfully exploit on the 3rd or 4th try.

Will there be someone finding a workin exploit in 10.4/10.5? or is there a procedure to find a way for Exploit. IDK how exploit works.

 

[Aroth]

Thanks for the response man. Sorry i didn't yell. Just did bold and font size scale.

I thought i may work. Because it worked on Downgrading a PSP console. So i thought it may work in 3DS. Damn am Doomed now. I got my N3DS with 9.9 firmware and i updates just to play 3 free games , How stupid i am. Any how thanks for the clarification man.

Uh, I was pretty active on the PSP scene when it was still a current console and that was never a method of downgrading. Downgrading very much required a set of tools to enter service mode (something different from recovery mode, btw) and then flash a whole new firmware to the chip. It wasn't like installing lower versions update at all and it was only possible because the PSP did not use the security measures the 3DS uses like a console unique key that encrypts the nand chip partitions.

 

[hundshamer]

Its justcas stable on any of the other firmwares. People bricked and started making shit reasons as to why.



Its supposed to still show 10.5. Its just a hybrid 10.5

Considering the "10.5.0-30" version string is the result of the system pulling strings from CVer and NVer, both of which are stored in CTRNAND which we are not messing with, this behavior is to be expected.

I am aware that it was supposed to work this way. Though I did not know the technical reasons, I knew only a small part of the firmware was altered just enough to allow memchunk to work. My post was more to let people know that this is normal behavior.