Hacking Unable to install any CFW on 9.2 N3DS

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
All that would do is allow me to boot into the hbl. I can already do that.

If I were you, I would not take that for granted. The entrypoint is different. You don't lose anything for trying if you can. When dealing with franken-firms no rules really apply.

Of course if the native-firm is not where it should, you won't go anywhere.
 

TheHomesk1llet

Also known as "Kupo"
OP
Member
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
If I were you, I would not take that for granted. The entrypoint is different. You don't lose anything for trying if you can. When dealing with franken-firms no rules really apply.

Of course if the native-firm is not where it should, you won't go anywhere.
Maybe you're right, I've never tried this before. As far as I know, the homebrew launcher doesn't touch any of the memory that it's not currently using.
Well if you don't have an emuNAND ReiNAND wouldn't have worked anyway. Have you tried the Gateway launcher so you can set up an emuNAND?
I hate to be that guy, and I don't want to sound mean about it, but please read the original post...

"pasta, the gateway launcher, and rxtools get stuck on a black screen."
 
  • Like
Reactions: Quantumcat

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
Maybe you're right, I've never tried this before. As far as I know, the homebrew launcher doesn't touch any of the memory that it's not currently using.

Well one thing is sure: you don't have arm9 code execution right now, as everything mentioned as not working need it. This problem is originated by a) Running a fixed native-firm (>= 9.3) b) Have an odd disposition of system titles (go figure). Currently, and as you have said: you can reach hbl through browserhax and menuhax with the target version payload so at least the browser and the home menu are in the right version.

That makes me think you indeed are with an incorrect native-firm. If that's the case the entrypoint wouldn't matter. But one thing is for sure: memchunkhax2 is not patched in your franken firm, so another version of sysupdater for >= 9.3 should run. It's risky, but you can fix it that way (by downgrading to your firmware).

EDIT: Just make sure you are using Julian20 sysupdater (latest libkhax version) or safesysupdater. You can reach the first in that "Simple downgrade tutorial" thread on tutorials section, and you can grab safesysupdater on its own thread. Also recheck your update packages or even redownload them.
 
Last edited by Urbanshadow,

TheHomesk1llet

Also known as "Kupo"
OP
Member
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
Alrighty, I'm still trying to get it to work. So far, I know that libkhax isn't working, but memchunkhax2 is. However, when i try to downgrade to either 9.0 or 9.2, it always goes straight to "rebooting in 10 seconds," using either safesysupdater or the shinybanana sysupdater. profi200's sysupdater always returns "Couldn't get CIA info".

I think I'm gonna try going back to 10.3.0-28 and downgrading again. I wish a system format would help, but both firms are in native_firm r-right?
 

TheHomesk1llet

Also known as "Kupo"
OP
Member
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
Alright, I've found out this much. I double checked my downgrade pack, and it was incomplete. I've singled out the ones that I need, and I've used sysupdater to downgrade the titles that haven't been downgraded already. I've taken the following:

Code:
0004009b00010402       v4098    (?)
0004001b00010802       v0         (?)
0004013000001b02       v2048    GPIO system-module
0004013000001a02       v5120    DSP system-module

The GPIO and DPS system modules are taken from an o3DS downgrade pack, as they're identical to the ones used by the n3DS. Now all that's left are these extra titles:

Code:
[EXTRA TITLES]

TitleID                Vers.     Description

000400db20016102       00448     New3DS NVer
000400db00017102       10288     CVer
0004009b00013102       06144     EULA CFA
0004009b00012102       12289     N/A
000400302000d003       00000     N/A
0004003020009d02       04096     New3DS Internet Browser
000400300000d602       14337     mint (eShop applet)
000400300000d402       02048     SNOTE_AP
000400300000d302       04096     PNOTE_AP
000400300000d102       03077     appletEd
000400300000d002       04096     Software Keyboard
000400300000be02       04096     Miiverse applet
000400300000ba02       00006     N/A
000400300000b902       01031     amiibo Settings
000400300000a002       04097     Notifications applet
0004003000009f02       06144     Friend List applet
0004003000009c02       04096     Game Notes applet
0004003000009b02       05120     Instruction Manual applet
0004003000009902       02049     Camera applet
0004003000009802       22528     Home Menu
000400102002d600       00002     N/A
000400102002d400       00002     N/A
000400102002d200       00001     N/A
000400102002d000       00034     New3DS placeholder menu system-application
0004001020025100       00004     N/A
0004001020022d00       02049     N/A
0004001020022300       00001     N/A
000400100002c100       03072     Nintendo Network ID Settings application
0004001000022a00       06155     System Transfer application
0004001000022900       19465     eShop
0004001000022400       04097     Nintendo 3DS Camera application
0004001000022100       03073     Download Play application
0004001000022000       09220     System Settings
0004003000009e02       01031     amiibo Settings

Since everything else still acts exactly the same, I'm thinking that these extra titles are messing with everything. Actually, I found out something really great about this information...all of these titles are for a European n3DS.

So, I bet that's what's going on. Now the challenge is removing these titles and finding out how a european downgrade pack got on this 3DS so it doesn't happen again. Would a system format get rid of the extra titles, or am I stuck this way?
 

The Minish LAN

Bisexual Socialism
Member
Joined
Sep 9, 2015
Messages
551
Trophies
0
XP
698
Country
United Kingdom
Alright, I updated to 10.3, and then attempted a downgrade to 9.0.0-20. After both, the system settings still say it's at 9.2.0-20.

I used this version, and got the following results after downgrading to 9.0.0-20:

Code:
[MISMATCHED VERSIONS]

TitleID          Vers: Expected Installed     Description

0004009b00010402       04098    05122         N/A
0004001b00010802       00000    01024         N/A
0004013000001b02       02048    03073         GPIO system-module
0004013000001a02       05120    06145         DSP system-module


[EXTRA TITLES]

TitleID                Vers.     Description

000400db20016102       00448     New3DS NVer
000400db00017102       10288     CVer
0004009b00013102       06144     EULA CFA
0004009b00012102       12289     N/A
000400302000d003       00000     N/A
0004003020009d02       04096     New3DS Internet Browser
000400300000d602       14337     mint (eShop applet)
000400300000d402       02048     SNOTE_AP
000400300000d302       04096     PNOTE_AP
000400300000d102       03077     appletEd
000400300000d002       04096     Software Keyboard
000400300000be02       04096     Miiverse applet
000400300000ba02       00006     N/A
000400300000b902       01031     amiibo Settings
000400300000a002       04097     Notifications applet
0004003000009f02       06144     Friend List applet
0004003000009c02       04096     Game Notes applet
0004003000009b02       05120     Instruction Manual applet
0004003000009902       02049     Camera applet
0004003000009802       22528     Home Menu
000400102002d600       00002     N/A
000400102002d400       00002     N/A
000400102002d200       00001     N/A
000400102002d000       00034     New3DS placeholder menu system-application
0004001020025100       00004     N/A
0004001020022d00       02049     N/A
0004001020022300       00001     N/A
000400100002c100       03072     Nintendo Network ID Settings application
0004001000022a00       06155     System Transfer application
0004001000022900       19465     eShop
0004001000022400       04097     Nintendo 3DS Camera application
0004001000022100       03073     Download Play application
0004001000022000       09220     System Settings
0004003000009e02       01031     amiibo Settings


[MISSING TITLES]

TitleID                Vers.     Description

All of the mismatched titles are only found in the 10.3.0-28 update pack, yet the 3DS says it's currently on version 9.2.0-20U.
HOLY SHIT.

What the fuck happened during your downgrade?!

Post this on the thread I linked you to, @Aroth should be able to help...
 
Last edited by The Minish LAN,

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
The entire 10.3 update pack was european.

So that's what was happening! That explains many things. I don't know if they really affect you as they are titles from a different region, a proper downgrade to 9.2 in your region should give you access to arm9 code execution and FBI, which lets you delete system titles by hand. That way, and one by one you could clean that nand but is a long way to go. I also suggest you to talk with @Aroth about this.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
Dude, I think you are fucked.

IF you can get the mch2 version of FBI working you MIGHT be able to delete the EUR only title versions and that might get you where you need to be. Maybe. Except I suspect afterwords the system will start trying to load the 9.2 US titles with the 10.2 firm and you will get a black screen.

Honestly dude I have no idea what to tell you to do.

First thing's first, you need to understand that there is NO 100% sure fire way to recover from what you did that I am aware of. There are a few things you can try, but I am fairly certain they will result in a bricked console. That said you your console is complely unusable in its current state. You cannot run homebrew reliably or access CFW at all, and I suspect you will find that access to things like the eshop and NNID are fucked as well now because of all of the EUR titles. There is a VERY high chance that you will end up having to buy a new system to even play games regularly anymore.

With that in mind, I will tell you what I would try if it happened to me.

First though, I need to know where you stand atm.

I saw that you tried updating back to 10.3 and downgrading again, but the 10.3 update package was from the wrong region. Were you able to run sysupdater again after that to try and return to 9.2?

Basically I need to know if you attempted/where able to install a USA 9.2 package after installing the EUR 10.3 package.
 

dubbz82

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
1,572
Trophies
0
Age
41
XP
1,215
Country
United States
At this point, I'd advise hardmodding the system, and pulling a backup of what you have right now (so you don't completely hard brick), then trying to run memchunkhax2 based downgraded as well as memchunkhax2 based FBI.
 
  • Like
Reactions: Quantumcat

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
At this point, I'd advise hardmodding the system, and pulling a backup of what you have right now (so you don't completely hard brick), then trying to run memchunkhax2 based downgraded as well as memchunkhax2 based FBI.

A hard mod is definitely needed imo. Too risky otherwise. That said he may have reached a point where he is effectively bricked due to the title mismatch. Highly curious if he even has room in his CTRNAND anymore with the extra titles.

Either way lets wait for him to respond to my question with details before we start trying to give advice.
 

TheHomesk1llet

Also known as "Kupo"
OP
Member
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
Sorry about the wait, I was at work.

I've noticed that the system still runs perfectly fine, even with the extra titles installed. Everything can be accessed as normal except for titles that require you to have the latest firmware version. It's not even semi-bricked, it just has lots of unneeded titles on there. The system still thinks it's on 9.2.0-20U, and I'm 99% sure the native_firm is on 9.2.0-20U as well.

Anyways, I can still run the memchunkhax2 version of sysupdater. After installing the 10.3 eur package, I was still able to downgrade the mismatched titles left over from 10.3 that had the same titleids. I just can't use any homebrew that requires arm9 access.

As for hardmodding, I would, but this 3DS is my friend's, and I'm not sure how he'd feel about a hardmod, and if it'd be important enough for him in the first place.

While I understand that messing with system titles is dangerous, what could possibly happen if I only uninstall the european system titles? Since everything works, that means that it's only using the titles for the correct region, so it should be safe to delete the extra titles. Could I get a link to the memchunkhax2 version of FBI as well? Google isn't really doing anything for me.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
Sorry about the wait, I was at work.

I've noticed that the system still runs perfectly fine, even with the extra titles installed. Everything can be accessed as normal except for titles that require you to have the latest firmware version. It's not even semi-bricked, it just has lots of unneeded titles on there. The system still thinks it's on 9.2.0-20U, and I'm 99% sure the native_firm is on 9.2.0-20U as well.

Anyways, I can still run the memchunkhax2 version of sysupdater. After installing the 10.3 eur package, I was still able to downgrade the mismatched titles left over from 10.3 that had the same titleids. I just can't use any homebrew that requires arm9 access.

As for hardmodding, I would, but this 3DS is my friend's, and I'm not sure how he'd feel about a hardmod, and if it'd be important enough for him in the first place.

While I understand that messing with system titles is dangerous, what could possibly happen if I only uninstall the european system titles? Since everything works, that means that it's only using the titles for the correct region, so it should be safe to delete the extra titles. Could I get a link to the memchunkhax2 version of FBI as well? Google isn't really doing anything for me.

If you downgraded to 9.2 AFTER installing the 10.3 EUR package then best case scenario is that your native_firm is on 9.2 and uninstalling all of the EUR titles leaves you with a 9.2 USA system. Probably won't fix your arm9 problems, but at that point you could try installing a 10.3 USA package and go from there.

Unfortunately there only way to really check the native_firm version is to open something like FMP that displays the kernel version (rather than the system version), since the system version is easily "spoofed" by installing different versions of CVer and/or NVer.

Worst case scenario is that your native firm is somehow still on 2.50-9 (the 10.2 version) and uninstalling the EUR titles will leave you with a bunch of 9.2 system titles that are unable to launch.

Realistically though I doubt this is the problem.

--------------------- MERGED ---------------------------

Btw if you are on 9.2 you might be able to use the regular version of FBI to handle it. I would certainly try launching that first.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
Can you buy a Cubic Ninja cart and use it to launch Gateway?

That won't help him. Whether you use ninjhax to launch the payload directly or use it to launch HBL and use HBL launch it, the result is still the same. You used *hax to exploit the console.

His problem is that no matter WHAT he tries to run, if it requires arm9 access it fails.

if emunand9, miniPasta and Reinand all crash when loaded, then the gateway menu will as well regardless of how you load it.
 

The Minish LAN

Bisexual Socialism
Member
Joined
Sep 9, 2015
Messages
551
Trophies
0
XP
698
Country
United Kingdom
That won't help him. Whether you use ninjhax to launch the payload directly or use it to launch HBL and use HBL launch it, the result is still the same. You used *hax to exploit the console.

His problem is that no matter WHAT he tries to run, if it requires arm9 access it fails.

if emunand9, miniPasta and Reinand all crash when loaded, then the gateway menu will as well regardless of how you load it.
Crap.
I think his only hope at this point is to update to 10.5 and use a hardmod to franken-firm down to 10.2.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
Crap.
I think his only hope at this point is to update to 10.5 and use a hardmod to franken-firm down to 10.2.

Won't help him in the slightest since his immediate problem is the presence of a large number of EUR only system titles on his USA system. That needs to be what he addresses first.
 

TheHomesk1llet

Also known as "Kupo"
OP
Member
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
Here's what happens when I try to uninstall a EUR title. It doesn't have the correct permissions.

You said there was a memchunkhax2 version of FBI, though, right? Where can I find it?

ffd08176e0.png
 

kennnnny

Member
Newcomer
Joined
Sep 14, 2009
Messages
14
Trophies
0
XP
162
Country
If i was to guess its because you installed menuhax right before you used emunand9, i think that screws up making the emunand.

So once your ready to start make the emunand make sure to change your theme to ensure menuhax doesnt work.

Goto homebrew, run pasta, change theme, run homebrew again, install fbi, go back to homebrew, run emunand.

Thats what happened to me, hope it helps
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.