I wouldn't say this thread is unneeded. We have a 11.0/11.1 exploit that will allow us to downgrade, but with the requirements of needing games that aren't available anymore, and we don't have a 11.2 exploit. I'd say a lot of people are still in the same situation they were before.
I wouldn't say this thread is unneeded. We have a 11.0/11.1 arm9 exploit, but with the requirements of needing games that aren't available anymore, and we don't have a 11.2 exploit. I'd say a lot of people are still in the same situation they were before.
Tfw there is a thread about gateway questions and emunand stickied and kids are demanding a realistic thread be unstickied because of the slowhax wave...
That give you a way to downgrade and AL9H your 3ds isn't that what we all wanted in the first place? slowhax/waithax is the best thing it could happen before Christmas Thx @Mrrraou
safefirmhax... doesn't that open up 11.2 to whenever(or if ever hopefully) they patch it for downgrade straight to 2.1 with out having to go to 9.2? if what ive heard is correct 11.2 is the new 9.2 essentially.
Or the OP can just update it instead of closing a thread which provides knowledge '_>'. Once again, we have pinned threads for gateway and emunand questions.
Or the OP can just update it instead of closing a thread which provides knowledge '_>'. Once again, we have pinned threads for gateway and emunand questions.
...emm... look up to the last coupla comments, the info is certainly something to keep, i say it just needs to be renamed/reworded to better pass on its info as past information that no longer stops us. This works as an explanation to as to why we went the direction we did in the first place in a way o.0
So 11.2 doesn't need a 2nd 3ds to do the mod anymore???
After doing a quadrupedal take (like a warner brothers cartoon character)...I ran out and bought a 3ds...followed the tutorial......
And yes it is true.
I guess I could have just read forums and found out, but it was a quadrupedal take! That alone required me to spin my legs like roadrunner and run to a local shop.
Note: With safefirmlaunchhax, an arm9 exploit is now avaliable on 11.2! Downgrading is now possible! (Although not even necessary, see "The Future")
Hi, GBATemp. So a lot of you newcomers have been wondering why a 3DS on 11.0 can't be downgraded. Perhaps some of you old members are wondering this too. Well, not after today. This thread attempts to document in a very easy to understand yet very comprehensive way why this feature is not possible.
I am not responsible for anything bad that comes out of you reading this thread. If, by gaining this knowledge, your 3DS breaks, you go insane, your hair randomly bursts into flames, or you cause thermonuclear war, and you point at me, I will laugh at you. That being said, if you appreciate this thread, or something good came out of it, leave me a like.
If you do not understand any particular part of this thread, I am doing something wrong. The intent here is for anybody to be able to understand the following material. If there is something you do not understand, please let me know and I will correct it.
All right, enough of this stupid disclaimer crap. Let's get to the good stuff. Note: I highly recommend you check out my glossary of 3DS hacking terms before reading this. The Basics
The 3DS has two main processors: an arm11 and an arm9. If you don't know what those are, it doesn't really matter. The arm11 handles everything you see: the games that run, the HOME menu, and so on. The arm9's main use is to serve as a backwards compatibility processor: it's what runs DS games. [The arm11 doesn't run games here: this is the one exception to the above rule] However, in 3DS mode, it's reused as a security processor. It handles integrity [making sure the games that run aren't pirated] filesystem calls [reading and writing to the NAND, basically the hard drive of the 3DS] and a lot of other fun things. With this in mind, let's talk about the security of the 3DS.
arm11 userland: this is what the games run in. Since games won't *ever* need to read/write to the NAND, install stuff [more on that in a minute] or change security checks, it doesn't have access to them. Things like menuhax, browserhax, and game exploits [like ninjhax, oot3dhax, and so on] are what run here, and so does the Homebrew Launcher.
arm11 kernel: this is what handles more sensitive stuff, but is still on the arm11. It has access to anything the arm11 can do, including game installation [with the arm9 making sure the game is valid first], but beyond that it's not really that useful for much (except abusing other functions in specific cases, see "Single System DSiWareHax"). Game exploits [userland] need another exploit in the kernel to break into this and use everything it has access to [things like game installation, so long as the arm9 says the games are OK, which they rarely are, more on that in a bit], since the kernel won't just listen to whatever userland tells it to do*. The one thing it is really useful for is breaking into the
arm9: this is what's really interesting in terms of security, as mentioned earlier. We need yet another exploit to break into this, since it won't just listen to what arm11 tells it to do*. Getting an exploit for this is the real meat of 3DS hacking, since it allows for things like CFW, playing backups of your games [oh who am I kidding it means piracy], direct reading/writing to the NAND [useful for very specific things] and decryption of content.
Hopefully, now you have a [very] basic idea of the 3DS security. With that in mind, let's talk downgrading. The past [<11.0]
Downgrading before 11.0 was pretty simple: it meant an arm11 kernel exploit. Let's talk about what that "arm9 says it's OK" meant from earlier. Legit stuff
With an arm11 kernel exploit, game installation is possible. This comes with one major catch- the game must be signed by Nintendo. What does "signed" mean? Well, signatures are little things in a file that say that someone made this, and it has their approval. On the 3DS, signatures are given by Nintendo. With an arm11 kernel exploit, we can install things that are signed by Nintendo. The not fun part here is that for games, the signatures for digital versions [games you install to the SD card, not a cartridge] are console specific. With very few exceptions [they're called "legit CIAs", we'll talk about it in a moment] this means that game installation is not possible with a mere arm11 kernel exploit. Legit CIAs
Legit CIA files [the file format for 3DS games] are files that have good signatures for every console. This means that when attempting to install them with an arm11 kernel exploit, the arm9 will approve of it. Now here's the fun part that relates to downgrading- system updates are legit CIAs. Furthermore, the arm9 doesn't check to see if it's an earlier version. [Technically not true, but it's so easy to get around that it's not worth mentioning**] Therefore, to downgrade we perform an arm11 kernel exploit and install the earlier versions of the legit system updates. This reintroduces the last known arm9 exploit to the system, on version 9.2, which we can then use. The present [11.0] arm9 gets in the way
On 11.0, this is no longer true. When using an arm11 kernel exploit [which for all intents and purposes was patched out on 11.0***] to install particular titles [system updates] arm9 checks against a list introduced in 11.0 that says what versions of system updates are valid. If the title version is older than 11.0, arm9 tells arm11 to stop installing the title. Due to the way the security system works* the arm11 will obey and stop installing. Sidestepping arm9
But there is a way- hardmod and DSiwarehax. These are both methods of dumping/restoring the NAND without an arm9 exploit. Usually, this isn't helpful at all- the NAND is encrypted, and decrypting it would require an arm9 exploit. However, due to the way encryption works, in a nutshell we can derive the main part of the OS [and only the main part of the OS] from an encrypted NAND dump. This is abused by decrypting the main part of the OS [dubbed NATIVE_FIRM], inserting an older version into it, then re-encrypting it and writing it back. By doing this, the version will be on 10.7, and arm9 will no longer use the list.
On versions 11.0/11.1, a single system downgrade was finally made possible, with the use of DSiWareHax and Mrrraou's "waithax" implementation of NedWill's "slowhax". How does it work?
Usually, installing DSiWareHax would require an arm9 exploit. This is because it needs to write something (a hacked save file) to the NAND. Furthermore, the NAND would need to be decrypted. However, there is a special function, called AM_ImportTwlBackup that can read DSiWare save data, and AM_ExportTwlBackup that can write to it. This is most likely used legitimately for Pokémon Dream Radar and Poké Transporter. (It's actually not???) Because arm11 kernel can access anything the arm11 can do, we use it to write the hacked save.
The future [what could be done for 11.0]
Well, put simply, to downgrade on 11.0 without hardmod or DSiwarehax, we need an arm9 exploit. (Which is now avaliable! See the top of the page) Without being able to tell arm9 to not use the list, there's no way to downgrade via normal software. And if we have an arm9 exploit, there would be no reason to downgrade to 9.2 from 11.0. Conclusion
I hope this explanation helped you in your understanding of the 3DS, and the particular topic at hand, 11.0 downgrading. Again, if there's anything I missed, or you don't understand, let me know and I'll fix it. Have a nice day
*It's a system of permissions. Think of it like this: there's a child, a parent, and a grandparent. The grandparent tells both the parent and the child what to do. The parent tells the child what to do, but not the grandparent, and the child tells neither of them what to do. arm9 is the grandparent, arm11 kernel is the parent, and arm11 userland is the child. The child must trick the parent into doing what he wants, who needs to then trick the grandparent into doing what he wants.
**arm9 checks if the title to install is older than a title currently installed, and blocks installation if it is. However, we just uninstall the title before installing the new one. Pretty stupid on Nintendo's part.
***The actual vulnerability wasn't fixed, but it was made so hard to exploit that it'd be easier to find and make a new one.
THEN REMOVE THE DAMN STICKY!!!! this sticky is useless... even if when it was actually made at the time it was useless... we shouldn't make stickies telling people when they can't downgrade because they become irrelevant within months time... this sticky should be removed
THEN REMOVE THE DAMN STICKY!!!! this sticky is useless... even if when it was actually made at the time it was useless... we shouldn't make stickies telling people when they can't downgrade because they become irrelevant within months time... this sticky should be removed
THEN REMOVE THE DAMN STICKY!!!! this sticky is useless... even if when it was actually made at the time it was useless... we shouldn't make stickies telling people when they can't downgrade because they become irrelevant within months time... this sticky should be removed
https://gbatemp.net/threads/how-to-transfer-emunand-to-another-sd-card-working-on-new3ds.383684/ https://gbatemp.net/threads/list-of-all-gateway-questions-9-2-0-20.375142/
Are these not useless? Do we want people to not be informed? Does this community love to keep new people from understanding why in one fw update, we can lose it all again? Fun fact: this is relevant information which is useful to anyone who wants to know why the fuck it took so long to have the ability to hack the console without a system transfer, buying a random ass game ages ago, or hardmodding. INFORM THE POPULATION, DON'T KEEP VALUABLE INFORMATION AWAY FROM THEM JUST BECAUSE SOME GUY LEAKED AN EXPLOIT! It's their fault for taking this thread the wrong way because it is clearly explained in the first line that it is possible to do shit on 11.2.
tl;dr stop demanding that this thread be unstickied just because we have the ability to downgrade or do whatever the fuck on 11.2.
https://gbatemp.net/threads/how-to-transfer-emunand-to-another-sd-card-working-on-new3ds.383684/ https://gbatemp.net/threads/list-of-all-gateway-questions-9-2-0-20.375142/
Are these not useless? Do we want people to not be informed? Does this community love to keep new people from understanding why in one fw update, we can lose it all again? Fun fact: this is relevant information which is useful to anyone who wants to know why the fuck it took so long to have the ability to hack the console without a system transfer, buying a random ass game ages ago, or hardmodding. INFORM THE POPULATION, DON'T KEEP VALUABLE INFORMATION AWAY FROM THEM JUST BECAUSE SOME GUY LEAKED AN EXPLOIT! It's their fault for taking this thread the wrong way because it is clearly explained in the first line that it is possible to do shit on 11.2.
tl;dr stop demanding that this thread be unstickied just because we have the ability to downgrade or do whatever the fuck on 11.2.
This thread is no longer relevant since the issues it was tackling no longer applies. We now can downgrade past 11.0+. At best this information belongs in a wiki for a better understand of what used to be. But it really doesn't need to be stickied anymore.
Nintendo is going after the development team of an emulator. A legal case was filed by Nintendo yesterday, alleging that the Nintendo Switch emulator, Yuzu, has...
Just last week, on Tuesday, February 26th, 2024, news broke out about the Yuzu emulator team being sued by none other than Nintendo themselves, with Nintendo claiming...
Quietly following on the heels of the injunction ruling against Yuzu emulator that resulted in its removal and ceased development, popular Nintendo 3DS emulator Citra...
After a rough week, the emulation and homebrew scene continues to suffer major losses. As of today, homebrew developer Steveice10's GitHub repository has been...
Nintendo is back at it again with their latest and most well known franchise, the DMCA, and this time they went after quite a handful of GitHub repositories with...
It's the first Nintendo Switch firmware update of 2024. Made available as of today is system software version 18.0.0, marking a new milestone. According to the patch...
Exophase, the developer of the DraStic Nintendo DS emulator, has made a statement regarding the future of the emulator. DraStic has been a popular closed-source DS...
Emulator frontend Emulation-Station has been removed from the Amazon Appstore, less than a week after its launch. The reasoning for the app's removal, is, according...
Emulator takedowns continue. Not long after its first release, Suyu emulator has been removed from GitLab via a DMCA takedown. Suyu was a Nintendo Switch emulator...
Yet another emulator bites the dust, in the aftermath of the Tropic Haze/Yuzu vs. Nintendo case. Pizza Boy, a $5.49 paid app on the Google Play Store, has been taken...
Nintendo is going after the development team of an emulator. A legal case was filed by Nintendo yesterday, alleging that the Nintendo Switch emulator, Yuzu, has...
Just last week, on Tuesday, February 26th, 2024, news broke out about the Yuzu emulator team being sued by none other than Nintendo themselves, with Nintendo claiming...
Quietly following on the heels of the injunction ruling against Yuzu emulator that resulted in its removal and ceased development, popular Nintendo 3DS emulator Citra...
Nintendo is back at it again with their latest and most well known franchise, the DMCA, and this time they went after quite a handful of GitHub repositories with...
It's the first Nintendo Switch firmware update of 2024. Made available as of today is system software version 18.0.0, marking a new milestone. According to the patch...
After a rough week, the emulation and homebrew scene continues to suffer major losses. As of today, homebrew developer Steveice10's GitHub repository has been...
Famous and beloved manga creator Akira Toriyama has passed away at the age of 68. According to an official blog post made by Bird Studio--Toriyama's manga company--he...
Emulator takedowns continue. Not long after its first release, Suyu emulator has been removed from GitLab via a DMCA takedown. Suyu was a Nintendo Switch emulator...
Yet another emulator bites the dust, in the aftermath of the Tropic Haze/Yuzu vs. Nintendo case. Pizza Boy, a $5.49 paid app on the Google Play Store, has been taken...
Emulator frontend Emulation-Station has been removed from the Amazon Appstore, less than a week after its launch. The reasoning for the app's removal, is, according...