Hacking 8.1J N3DS with Gateway MSET + Red Card: Update to 9.2J?

[CrispyYoshi]

Now I'm wondering, would it be possible for someone to generate a Legit CIA of a haxx game so one could install the game and the haxx save via Gateway, reboot, then use the exploit to update to 9.2? I have no idea how to make a legit CIA, nor do I know if this method will work, but I thought I'd put it on the table for discussion.

EDIT: HOLD ON A SECOND. How difficult would it be to get a legit cia of the 9.2 web browser? (I've tried the 9.2 from update packs, but that doesn't run properly on SysNand)

 

[daxtsu]

Now I'm wondering, would it be possible for someone to generate a Legit CIA of a haxx game so one could install the game and the haxx save via Gateway, reboot, then use the exploit to update to 9.2? I have no idea how to make a legit CIA, nor do I know if this method will work, but I thought I'd put it on the table for discussion.

You'd have to have bought whatever game on the eShop, since none of these new ticket generators create completely correct tickets (meaning you wouldn't be able to boot them outside of CFW).

As for the browser, well, if update/downgrade packs won't do it, there's not much you can do since the 9.2 files are long since gone from NUS/CDN.

Since 11.0 is out, you might want to throw in the towel and pick up a cheap Japanese game to update to 9.3+ (but below 11.0 of course) and then use CN, OoT, or some other game to downgrade with.

 

[CrispyYoshi]

You'd have to have bought whatever game on the eShop, since none of these new ticket generators create completely correct tickets (meaning you wouldn't be able to boot them outside of CFW).

As for the browser, well, if update/downgrade packs won't do it, there's not much you can do since the 9.2 files are long since gone from NUS/CDN.

Thanks for the reply. You don't think it would be possible to generate a perfect ticket if there were some way to launch Decrypt9 to get NAND info? Or is that about as useless as scanning a QR in FBI?

As far as the browser goes, I've really only tried the N3DS 9.0J and 9.2J packs from the [MEGA] [CIA/BIN] thread on the iso site as well as the 9.2J pack the Plailect Wiki: I'm not sure if I can find any other dumps of those files, but none of those had a legit N3DS 9.2J browser cia.

 

[daxtsu]

"Get NAND info"? You mean your ticket database stuff? I guess it might be useful, if you had purchased an exploitable game at some point..

 

[cearp]

Thanks for the reply. You don't think it would be possible to generate a perfect ticket if there were some way to launch Decrypt9 to get NAND info? Or is that about as useless as scanning a QR in FBI?

perfect ticket? you mean working without hacks?
you're not new right naturally we need hacks for stuff we didn't buy...
if we could make pirated games work without hacks, why have cfw?

 

[CrispyYoshi]

perfect ticket? you mean working without hacks?
you're not new right naturally we need hacks for stuff we didn't buy...
if we could make pirated games work without hacks, why have cfw?

I'm not new, although I'm not too familiar with how legit cias work: I understand that system titles and factory pre-installed game titles are considered legit cias, but was unsure if the new CDN downloading concept could create legit cias too, at least on a per-console basis. At first I wasn't sure, but now it sounds like it isn't possible with currently known methods.

 

[cearp]

I'm not new, although I'm not too familiar with how legit cias work: I understand that system titles and factory pre-installed game titles are considered legit cias, but was unsure if the new CDN downloading concept could create legit cias too, at least on a per-console basis. At first I wasn't sure, but now it sounds like it isn't possible with currently known methods.

it's not really about methods, it's simply that we don't have the keys nintendo uses to generate the signatures
if we had the key it would be very simple to make legit stuff, but we don't, only nintendo has that key
preinstalled games and system titles are legit because the same data is signed and meant for every console, games from eshop are signed unique per console when you buy

 

[CrispyYoshi]

it's not really about methods, it's simply that we don't have the keys nintendo uses to generate the signatures
if we had the key it would be very simple to make legit stuff, but we don't, only nintendo has that key

I figured that was the case! I had assumed Decrypt9 had methods to ask the 3DS to do it for us, but I suppose not! (I can't find a method to run Decrypt9 on this 8.1J+Gateway N3DS anyway!)

 

[Drona]

Since 11.0 is out, you might want to throw in the towel and pick up a cheap Japanese game to update to 9.3+ (but below 11.0 of course) and then use CN, OoT, or some other game to downgrade with.

We need another hacked 3DS which has the HomeBrew Launcher if we use Oothax, correct ?

 

[daxtsu]

We need another hacked 3DS which has the HomeBrew Launcher if we use Oothax, correct ?

Or Powersaves, but an extra hacked 3DS is more useful if you have it laying around.

 

[CrispyYoshi]

Sorry for the necrobump, but since it's relevant:

I give up. The new exploit came out.

I will back up my EmuNand, format a new EmuNand to re-link my Nands, update the new emunand, buy Freakyforms: Your Creations, Alive!, known in Japan as Ikimono Zukuri: Crea-toy (いきものづくり クリエイトーイ Ikimono Zukuri: Kurieitōi?) from eShop, flash my 8.1J emunand back to sysnand, and use Freakyforms to exploit.

I'm hoping to download this before Nintendo pulls it from the eShop... I'll also have to wait for JP support on the game before I can do anything. (I suspect Gateway will eventually make a solution for 8.1J users though, but I think it'd be nice to perform a clean 9.2J system update through yifan_lu's method)

 

[CrispyYoshi]

Sorry for the necrobump, but since it's relevant:

I give up. The new exploit came out.

I will back up my EmuNand, format a new EmuNand to re-link my Nands, update the new emunand, buy Freakyforms: Your Creations, Alive!, known in Japan as Ikimono Zukuri: Crea-toy (いきものづくり クリエイトーイ Ikimono Zukuri: Kurieitōi?) from eShop, flash my 8.1J emunand back to sysnand, and use Freakyforms to exploit.

I'm hoping to download this before Nintendo pulls it from the eShop... I'll also have to wait for JP support on the game before I can do anything. (I suspect Gateway will eventually make a solution for 8.1J users though, but I think it'd be nice to perform a clean 9.2J system update through yifan_lu's method)

Scratch that; Not only does this not work without proper tickets, but I'm not even sure if freakyhax will work on 8.1J.

Instead, I will update my sysnand to 11.0, use my hardmod to downgrade NATIVE_FIRM, then use freakyhax from 11.0 to downgrade to 2.1, get my OTP, downgrade to 9.2 and finish up.

 

[Kuroi-Akira]

Would Using Sys-updater on a clean 8.1J EmuNand to Directly update to 9.2J & flashing it to SysNand not work?

 

[CrispyYoshi]

Would Using Sys-updater on a clean 8.1J EmuNand to Directly update to 9.2J & flashing it to SysNand not work?

The problem is the fact there is no browserless 8.1J entrypoint without importing a game card/buying a game off eShop. The new exploit game is still hosted on eShop, which drove me to get it (and while I wait, I'm playing it: It's surprisingly very adorable/fun!)

Gateway has a working MSET entrypoint, but attempting to update with sysupdater in Gateway SysNand will result in a brick. Any access to Decrypt9 might help make a proper 9.2J update possible, but not only would someone have to provide a decrypted 9.2J NAND, but I haven't found a way to access Decrypt9 yet: I've tried several different entrypoints and none of them (without importing/buying anything else) let me in D9.

So I just updated SysNand, bought the new exploit game off eShop, and am waiting for JP support on the hax. (I'll still have to hardmod to downgrade my NATIVE_FIRM, but that won't be a problem for this particular 3DS)

 

[Kuroi-Akira]

I didn't mean Update SysNand, Update emuNand & then Flash it to SysNand

Reinand has a MSET ROP so Maybe you can use that aswell
I think one of the Older 2.6/2.5 RXTools also Had MSET & DevMode for Sysnand Updates which might work for you.

EDIT: Nvm I just Saw that you got the New Expliot game thus you already updated...

 

[CrispyYoshi]

I didn't mean Update SysNand, Update emuNand & then Flash it to SysNand

Reinand has a MSET ROP so Maybe you can use that aswell
I think one of the Older 2.6/2.5 RXTools also Had MSET & DevMode for Sysnand Updates which might work for you.

I actually just tried formatting a new emunand (thereby linking NANDs), updated emunand, bought the game off emunand, and it still wouldn't run off sysnand

Would flashing emunand to sysnand have worked? if that's the case, i should have backed up the 8.1j emunand before updating it... but in any case, this system is already hardmodded and I have to wait for JP freakyhax support anyway, so I don't think anything was really lost here.

EDIT: Wait a second though, what's this about ReiNand MSET ROP? It works on 8.1J?

 

[Kuroi-Akira]

https://gbatemp.net/threads/source-release-reinand-cfw.394309/

Yep MSET support, no Idea if it works on 8.1J as I never really used Mset or 8.1j...

Its worth a Try though since you have Nothing to lose for doing so, right?

 

[CrispyYoshi]

https://gbatemp.net/threads/source-release-reinand-cfw.394309/

Yep MSET support, no Idea if it works on 8.1J as I never really used Mset or 8.1j...

Its worth a Try though since you have Nothing to lose for doing so, right?

It looks like it relies on Cakes' ROP exploit, which also does not work on 8.1J. In any case, thanks for sharing!

 

[Kuroi-Akira]

It looks like it relies on Cakes' ROP exploit, which also does not work on 8.1J. In any case, thanks for sharing!

Crap, Sorry it didn't work
I guess your Options left are the New Game for *Hax or 9.2 EmuNand > Sysnand Flashing.

I do hope you Find a solution to your predicament soon

 

[CrispyYoshi]

Crap, Sorry it didn't work
I guess your Options left are the New Game for *Hax or 9.2 EmuNand > Sysnand Flashing.

I do hope you Find a solution to your predicament soon

Oh no worries: As soon as freakyhax supports JP 11.0, I'll be able to hack this system. (In the meantime, I've flashed my 8.1J NAND.img back via hardmod so I can keep using my Gateway in the meantime)