Hacking Why the 3DS can't be downgraded on 11.4 "For Dummies" (A simple explanation for the rest of us)

Quantumcat

Dead and alive
Member
Joined
Nov 23, 2014
Messages
15,144
Trophies
0
Location
Canberra, Australia
Website
boot9strap.com
XP
11,094
Country
Australia

Ewo

Active Member
Newcomer
Joined
Nov 27, 2014
Messages
29
Trophies
0
Age
29
XP
99
Country
United States
I wouldn't say this thread is unneeded. We have a 11.0/11.1 exploit that will allow us to downgrade, but with the requirements of needing games that aren't available anymore, and we don't have a 11.2 exploit. I'd say a lot of people are still in the same situation they were before.
 
Last edited by Ewo,

Nintendo4DSXL

Pokémon-Master
Member
Joined
Jan 4, 2016
Messages
332
Trophies
0
Age
26
Location
Germany
XP
751
Country
Germany
I wouldn't say this thread is unneeded. We have a 11.0/11.1 arm9 exploit, but with the requirements of needing games that aren't available anymore, and we don't have a 11.2 exploit. I'd say a lot of people are still in the same situation they were before.
Where is an arm9 exploit? waithax is an arm11 exploit
 

ih8ih8sn0w

Koreaboo
Member
Joined
Aug 22, 2015
Messages
1,677
Trophies
0
Age
25
Location
Hell
XP
898
Country
United States
Tfw there is a thread about gateway questions and emunand stickied and kids are demanding a realistic thread be unstickied because of the slowhax wave...
 

jt_1258

Ella
Member
Joined
Aug 21, 2016
Messages
3,051
Trophies
2
Age
24
XP
4,847
Country
United States
safefirmhax... doesn't that open up 11.2 to whenever(or if ever hopefully) they patch it for downgrade straight to 2.1 with out having to go to 9.2? if what ive heard is correct 11.2 is the new 9.2 essentially.
 
Last edited by jt_1258, , Reason: details

jt_1258

Ella
Member
Joined
Aug 21, 2016
Messages
3,051
Trophies
2
Age
24
XP
4,847
Country
United States
Or the OP can just update it instead of closing a thread which provides knowledge '_>'. Once again, we have pinned threads for gateway and emunand questions.
Ya, perhaps change can't to couldn't... a little short sighted but certainly the first step at least
 

jt_1258

Ella
Member
Joined
Aug 21, 2016
Messages
3,051
Trophies
2
Age
24
XP
4,847
Country
United States
...emm... look up to the last coupla comments, the info is certainly something to keep, i say it just needs to be renamed/reworded to better pass on its info as past information that no longer stops us. This works as an explanation to as to why we went the direction we did in the first place in a way o.0
 

Crackerboy

Well-Known Member
Newcomer
Joined
Nov 6, 2008
Messages
79
Trophies
0
XP
279
Country
United States
So 11.2 doesn't need a 2nd 3ds to do the mod anymore???


After doing a quadrupedal take (like a warner brothers cartoon character)...I ran out and bought a 3ds...followed the tutorial......

And yes it is true.

I guess I could have just read forums and found out, but it was a quadrupedal take! That alone required me to spin my legs like roadrunner and run to a local shop.
 
Last edited by Crackerboy,

DarkRioru

reach for the stars
Member
Joined
Aug 29, 2015
Messages
2,114
Trophies
0
Age
25
Location
looking up at the stars
Website
steamcommunity.com
XP
1,872
Country
United States
Note: With safefirmlaunchhax, an arm9 exploit is now avaliable on 11.2! Downgrading is now possible! (Although not even necessary, see "The Future")


Hi, GBATemp. So a lot of you newcomers have been wondering why a 3DS on 11.0 can't be downgraded. Perhaps some of you old members are wondering this too. Well, not after today. This thread attempts to document in a very easy to understand yet very comprehensive way why this feature is not possible.
I am not responsible for anything bad that comes out of you reading this thread. If, by gaining this knowledge, your 3DS breaks, you go insane, your hair randomly bursts into flames, or you cause thermonuclear war, and you point at me, I will laugh at you. That being said, if you appreciate this thread, or something good came out of it, leave me a like. :)
If you do not understand any particular part of this thread, I am doing something wrong. The intent here is for anybody to be able to understand the following material. If there is something you do not understand, please let me know and I will correct it.
All right, enough of this stupid disclaimer crap. Let's get to the good stuff.
Note: I highly recommend you check out my glossary of 3DS hacking terms before reading this.
The Basics
The 3DS has two main processors: an arm11 and an arm9. If you don't know what those are, it doesn't really matter. The arm11 handles everything you see: the games that run, the HOME menu, and so on. The arm9's main use is to serve as a backwards compatibility processor: it's what runs DS games. [The arm11 doesn't run games here: this is the one exception to the above rule] However, in 3DS mode, it's reused as a security processor. It handles integrity [making sure the games that run aren't pirated] filesystem calls [reading and writing to the NAND, basically the hard drive of the 3DS] and a lot of other fun things. With this in mind, let's talk about the security of the 3DS.
  1. arm11 userland: this is what the games run in. Since games won't *ever* need to read/write to the NAND, install stuff [more on that in a minute] or change security checks, it doesn't have access to them. Things like menuhax, browserhax, and game exploits [like ninjhax, oot3dhax, and so on] are what run here, and so does the Homebrew Launcher.
  2. arm11 kernel: this is what handles more sensitive stuff, but is still on the arm11. It has access to anything the arm11 can do, including game installation [with the arm9 making sure the game is valid first], but beyond that it's not really that useful for much (except abusing other functions in specific cases, see "Single System DSiWareHax"). Game exploits [userland] need another exploit in the kernel to break into this and use everything it has access to [things like game installation, so long as the arm9 says the games are OK, which they rarely are, more on that in a bit], since the kernel won't just listen to whatever userland tells it to do*. The one thing it is really useful for is breaking into the
  3. arm9: this is what's really interesting in terms of security, as mentioned earlier. We need yet another exploit to break into this, since it won't just listen to what arm11 tells it to do*. Getting an exploit for this is the real meat of 3DS hacking, since it allows for things like CFW, playing backups of your games [oh who am I kidding it means piracy], direct reading/writing to the NAND [useful for very specific things] and decryption of content.
Hopefully, now you have a [very] basic idea of the 3DS security. With that in mind, let's talk downgrading.
The past [<11.0]
Downgrading before 11.0 was pretty simple: it meant an arm11 kernel exploit. Let's talk about what that "arm9 says it's OK" meant from earlier.
Legit stuff
With an arm11 kernel exploit, game installation is possible. This comes with one major catch- the game must be signed by Nintendo. What does "signed" mean? Well, signatures are little things in a file that say that someone made this, and it has their approval. On the 3DS, signatures are given by Nintendo. With an arm11 kernel exploit, we can install things that are signed by Nintendo. The not fun part here is that for games, the signatures for digital versions [games you install to the SD card, not a cartridge] are console specific. With very few exceptions [they're called "legit CIAs", we'll talk about it in a moment] this means that game installation is not possible with a mere arm11 kernel exploit.
Legit CIAs
Legit CIA files [the file format for 3DS games] are files that have good signatures for every console. This means that when attempting to install them with an arm11 kernel exploit, the arm9 will approve of it. Now here's the fun part that relates to downgrading- system updates are legit CIAs. Furthermore, the arm9 doesn't check to see if it's an earlier version. [Technically not true, but it's so easy to get around that it's not worth mentioning**] Therefore, to downgrade we perform an arm11 kernel exploit and install the earlier versions of the legit system updates. This reintroduces the last known arm9 exploit to the system, on version 9.2, which we can then use.
The present [11.0]
arm9 gets in the way
On 11.0, this is no longer true. When using an arm11 kernel exploit [which for all intents and purposes was patched out on 11.0***] to install particular titles [system updates] arm9 checks against a list introduced in 11.0 that says what versions of system updates are valid. If the title version is older than 11.0, arm9 tells arm11 to stop installing the title. Due to the way the security system works* the arm11 will obey and stop installing.
Sidestepping arm9
But there is a way- hardmod and DSiwarehax. These are both methods of dumping/restoring the NAND without an arm9 exploit. Usually, this isn't helpful at all- the NAND is encrypted, and decrypting it would require an arm9 exploit. However, due to the way encryption works, in a nutshell we can derive the main part of the OS [and only the main part of the OS] from an encrypted NAND dump. This is abused by decrypting the main part of the OS [dubbed NATIVE_FIRM], inserting an older version into it, then re-encrypting it and writing it back. By doing this, the version will be on 10.7, and arm9 will no longer use the list.
On versions 11.0/11.1, a single system downgrade was finally made possible, with the use of DSiWareHax and Mrrraou's "waithax" implementation of NedWill's "slowhax". How does it work?
Usually, installing DSiWareHax would require an arm9 exploit. This is because it needs to write something (a hacked save file) to the NAND. Furthermore, the NAND would need to be decrypted. However, there is a special function, called AM_ImportTwlBackup that can read DSiWare save data, and AM_ExportTwlBackup that can write to it. This is most likely used legitimately for Pokémon Dream Radar and Poké Transporter. (It's actually not???) Because arm11 kernel can access anything the arm11 can do, we use it to write the hacked save.
The future [what could be done for 11.0]
Well, put simply, to downgrade on 11.0 without hardmod or DSiwarehax, we need an arm9 exploit. (Which is now avaliable! See the top of the page) Without being able to tell arm9 to not use the list, there's no way to downgrade via normal software. And if we have an arm9 exploit, there would be no reason to downgrade to 9.2 from 11.0.
Conclusion
I hope this explanation helped you in your understanding of the 3DS, and the particular topic at hand, 11.0 downgrading. Again, if there's anything I missed, or you don't understand, let me know and I'll fix it. Have a nice day :)

*It's a system of permissions. Think of it like this: there's a child, a parent, and a grandparent. The grandparent tells both the parent and the child what to do. The parent tells the child what to do, but not the grandparent, and the child tells neither of them what to do. arm9 is the grandparent, arm11 kernel is the parent, and arm11 userland is the child. The child must trick the parent into doing what he wants, who needs to then trick the grandparent into doing what he wants.
**arm9 checks if the title to install is older than a title currently installed, and blocks installation if it is. However, we just uninstall the title before installing the new one. Pretty stupid on Nintendo's part.
***The actual vulnerability wasn't fixed, but it was made so hard to exploit that it'd be easier to find and make a new one.

THEN REMOVE THE DAMN STICKY!!!! this sticky is useless... even if when it was actually made at the time it was useless... we shouldn't make stickies telling people when they can't downgrade because they become irrelevant within months time... this sticky should be removed
 
  • Like
Reactions: GilgameshArcher

Halvorsen

Well-Known Member
Member
Joined
Aug 12, 2015
Messages
2,060
Trophies
0
Website
halcove.com
XP
1,889
Country
United States
THEN REMOVE THE DAMN STICKY!!!! this sticky is useless... even if when it was actually made at the time it was useless... we shouldn't make stickies telling people when they can't downgrade because they become irrelevant within months time... this sticky should be removed
That would be cool if this thread was actually telling you that you can't downgrade rather than why you can't downgrade. There is a difference.
 
  • Like
Reactions: ih8ih8sn0w

ih8ih8sn0w

Koreaboo
Member
Joined
Aug 22, 2015
Messages
1,677
Trophies
0
Age
25
Location
Hell
XP
898
Country
United States
THEN REMOVE THE DAMN STICKY!!!! this sticky is useless... even if when it was actually made at the time it was useless... we shouldn't make stickies telling people when they can't downgrade because they become irrelevant within months time... this sticky should be removed
https://gbatemp.net/threads/how-to-transfer-emunand-to-another-sd-card-working-on-new3ds.383684/
https://gbatemp.net/threads/list-of-all-gateway-questions-9-2-0-20.375142/
Are these not useless? Do we want people to not be informed? Does this community love to keep new people from understanding why in one fw update, we can lose it all again? Fun fact: this is relevant information which is useful to anyone who wants to know why the fuck it took so long to have the ability to hack the console without a system transfer, buying a random ass game ages ago, or hardmodding. INFORM THE POPULATION, DON'T KEEP VALUABLE INFORMATION AWAY FROM THEM JUST BECAUSE SOME GUY LEAKED AN EXPLOIT! It's their fault for taking this thread the wrong way because it is clearly explained in the first line that it is possible to do shit on 11.2.

tl;dr stop demanding that this thread be unstickied just because we have the ability to downgrade or do whatever the fuck on 11.2.
 

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Joined
Sep 13, 2009
Messages
27,801
Trophies
4
Location
Making a non-binary fuss
XP
38,778
Country
Antarctica
https://gbatemp.net/threads/how-to-transfer-emunand-to-another-sd-card-working-on-new3ds.383684/
https://gbatemp.net/threads/list-of-all-gateway-questions-9-2-0-20.375142/
Are these not useless? Do we want people to not be informed? Does this community love to keep new people from understanding why in one fw update, we can lose it all again? Fun fact: this is relevant information which is useful to anyone who wants to know why the fuck it took so long to have the ability to hack the console without a system transfer, buying a random ass game ages ago, or hardmodding. INFORM THE POPULATION, DON'T KEEP VALUABLE INFORMATION AWAY FROM THEM JUST BECAUSE SOME GUY LEAKED AN EXPLOIT! It's their fault for taking this thread the wrong way because it is clearly explained in the first line that it is possible to do shit on 11.2.

tl;dr stop demanding that this thread be unstickied just because we have the ability to downgrade or do whatever the fuck on 11.2.
This thread is no longer relevant since the issues it was tackling no longer applies. We now can downgrade past 11.0+. At best this information belongs in a wiki for a better understand of what used to be. But it really doesn't need to be stickied anymore.
 
Last edited by The Catboy,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Psionic Roshambo @ Psionic Roshambo:
    Batman joined the Trans Justice League
    +2
  • Sicklyboy @ Sicklyboy:
    based af
    +2
  • Sonic Angel Knight @ Sonic Angel Knight:
    Forget the base, get on the roof.
  • K3Nv2 @ K3Nv2:
    Is that a bat in your buckle or are you just happy to have me
  • Psionic Roshambo @ Psionic Roshambo:
    Wonder "Woman" lol you wonder if they are a woman?
  • Psionic Roshambo @ Psionic Roshambo:
    The Riddler has questions...
  • K3Nv2 @ K3Nv2:
    Played a little of snow day glad I didn't spend $30
  • K3Nv2 @ K3Nv2:
    It's asthetic is okay maybe a good $10 grab
  • Psionic Roshambo @ Psionic Roshambo:
    Lol is it a game about doing cocaine?
  • K3Nv2 @ K3Nv2:
    Probably in pvp
  • Psionic Roshambo @ Psionic Roshambo:
    I tried Balders Gate II on the PS2 a few minutes ago, not bad lol
  • Psionic Roshambo @ Psionic Roshambo:
    My back catalog of games is like that scene at the end of Indiana Jones where the arc of the covenant is being stored in a giant ass warehouse
  • K3Nv2 @ K3Nv2:
    At least I can will my game catalog to family members
    +1
  • K3Nv2 @ K3Nv2:
    It's your problem now bitches
  • Psionic Roshambo @ Psionic Roshambo:
    Put it in your will that in order to receive any money they have to beat certain games, hard games and super shitty games...
  • Psionic Roshambo @ Psionic Roshambo:
    Say 20 bucks per Ninja Gaiden on the NES lol 60 bucks for all 3
  • Psionic Roshambo @ Psionic Roshambo:
    People you like "Beat level 1 of Ms Pacman" lol
  • K3Nv2 @ K3Nv2:
    Hello kitty ds is required
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Beat Celebrity Death Match on the PS1 omg tried it earlier today .... Absolutely trash
  • Psionic Roshambo @ Psionic Roshambo:
    Like -37 out of 10
  • Psionic Roshambo @ Psionic Roshambo:
    One of the worst games I have ever played
  • K3Nv2 @ K3Nv2:
    Make them rank up every cod game out
  • K3Nv2 @ K3Nv2:
    "Now I know why he took his own life"
    K3Nv2 @ K3Nv2: "Now I know why he took his own life"