Hacking [How-to] Spoof firmware (to access eShop and more) on New 3DS and Old 3DS

[StarOfDoom]

Can someone explain this to an absolute n00b at this type of stuff? I have gateway setup and running on my N3DSXL on 9.0.0-20U, what is NTR CFW, how do you "enable debugger", what do you use to connect? Thanks

 

[cjm5]

Thank you! I was able to get my PAL n3DS to get to the eShop on 9.0.0. Works on a Mac through Wine, too if anyone was wondering.

 

[Zidapi]

Can someone explain this to an absolute n00b at this type of stuff? I have gateway setup and running on my N3DSXL on 9.0.0-20U, what is NTR CFW, how do you "enable debugger", what do you use to connect? Thanks

NTR 2 is a "custom firmware" environment launched from Cubic Ninja in sysNAND.

The debugger is used to modify and patch the system in realtime from a PC.

 

[liomajor]

To enable it, you can do it either from NTR CFW Menu by pressing X+Y or create empty file "debug.flag" on your internal microSD.

One example is the Spoof in 1st post or to mess around with memorys content in realtime like explained in my tutorial.

 

[ccfman2004]

I am having a weird issue with the debugger app. When trying to connect to my 3DS it spits this out.

unexpected token '‘'
  at Microsoft.Scripting.ErrorSink.Add(SourceUnit source, String message, SourceSpan span, Int32 errorCode, Severity severity)
  at IronPython.Compiler.Parser.ReportSyntaxError(Int32 start, Int32 end, String message, Int32 errorCode)
  at IronPython.Compiler.Parser.ReportSyntaxError(Token t, IndexSpan span, Int32 errorCode, Boolean allowIncomplete)
  at IronPython.Compiler.Parser.ParsePrimary()
  at IronPython.Compiler.Parser.ParsePower()
  at IronPython.Compiler.Parser.ParseFactor()
  at IronPython.Compiler.Parser.ParseExpr(Int32 precedence)
  at IronPython.Compiler.Parser.ParseComparison()
  at IronPython.Compiler.Parser.ParseNotTest()
  at IronPython.Compiler.Parser.ParseAndTest()
  at IronPython.Compiler.Parser.ParseOrTest()
  at IronPython.Compiler.Parser.ParseExpression()
  at IronPython.Compiler.Parser.FinishArgListOrGenExpr()
  at IronPython.Compiler.Parser.AddTrailers(Expression ret, Boolean allowGeneratorExpression)
  at IronPython.Compiler.Parser.ParsePower()
  at IronPython.Compiler.Parser.ParseFactor()
  at IronPython.Compiler.Parser.ParseExpr(Int32 precedence)
  at IronPython.Compiler.Parser.ParseComparison()
  at IronPython.Compiler.Parser.ParseNotTest()
  at IronPython.Compiler.Parser.ParseAndTest()
  at IronPython.Compiler.Parser.ParseOrTest()
  at IronPython.Compiler.Parser.ParseExpression()
  at IronPython.Compiler.Parser.ParseTestListAsExpr()
  at IronPython.Compiler.Parser.ParseExprStmt()
  at IronPython.Compiler.Parser.ParseSmallStmt()
  at IronPython.Compiler.Parser.ParseSimpleStmt()
  at IronPython.Compiler.Parser.ParseStmt()
  at IronPython.Compiler.Parser.ParseFileWorker(Boolean makeModule, Boolean returnValue)
  at IronPython.Compiler.Parser.ParseFile(Boolean makeModule, Boolean returnValue)
  at IronPython.Runtime.PythonContext.ParseAndBindAst(CompilerContext context)
  at IronPython.Runtime.PythonContext.CompilePythonCode(SourceUnit sourceUnit, CompilerOptions options, ErrorSink errorSink)
  at IronPython.Runtime.PythonContext.CompileSourceCode(SourceUnit sourceUnit, CompilerOptions options, ErrorSink errorSink)
  at Microsoft.Scripting.SourceUnit.Compile(CompilerOptions options, ErrorSink errorSink)
  at Microsoft.Scripting.SourceUnit.Execute(Scope scope, ErrorSink errorSink)
  at Microsoft.Scripting.Hosting.ScriptSource.Execute(ScriptScope scope)
  at ntrclient.CmdWindow.runCmd(String cmd)

Python 2.7.7 is already installed.

 

[Naked_Snake]

To enable it, you can do it either from NTR CFW Menu by pressing X+Y or create empty file "debug.flag" on your internal microSD.

One example is the Spoof in 1st post or to mess around with memorys content in realtime like explained in my tutorial.

So is the debug.flag to keep the settings for the IP address, and has anyone made a plugin yet so we don't need the debugger to connect to eshop

 

[Ten Pound Cow]

The latest MH4U gift packs are available to download this month, but they ask you to update your firmware in order to download the gift packs. Does anyone know if spoofing your firmware will work or do I have to update my EmuNAND to the latest version?

 

[Toni456]

The latest MH4U gift packs are available to download this month, but they ask you to update your firmware in order to download the gift packs. Does anyone know if spoofing your firmware will work or do I have to update my EmuNAND to the latest version?

Just make a backup of your emunand before updating, the dlc's are only stored as exdata so it doesnt matter if you revert your emunand back after downloading it.

 

[Kawaii]

Just managed to read 10 page back but haven't found the answer. Sorry.

Can someone clarify my question. Does this technique work with Gateway mode N3DS? From what I understand, I should do all the steps mentioned while im in sysnand (since NTR does not support CFW?). It thats the case, how can I access eshop from my emunand because all of my games are in emunand.

If it is possible to use in gateway mode. does it mean the workflow is like this:
boot sysnand --> NTR spoof ---> boot emunand ---> boot eShop --> profit?

Currently on:
sysnand 9.0.0-20E
emunand 9.5.0-23E

 

[felipejfc]

Is it OK ot go on eshop and download updates for a game that does not have a private header? (I will not play online after that)

 

[Toni456]

Is it OK ot go on eshop and download updates for a game that does not have a private header? (I will not play online after that)

i've done it before about once or twice and never got banned, but i think the header is more like the ID you use that gets saved onto the server of the game you plan to play online so it should be fine but i would manually go to the eshop without the game inserted or mounted and search for the update there and download it just to be safe, you dont have to own the game to download the patches for it.

 

[felipejfc]

i've done it before about once or twice and never got banned, but i think the header is more like the ID you use that gets saved onto the server of the game you plan to play online so it should be fine but i would manually go to the eshop without the game inserted or mounted and search for the update there and download it just to be safe, you dont have to own the game to download the patches for it.

Nice!

Thanks!!

 

[Ten Pound Cow]

Just make a backup of your emunand before updating, the dlc's are only stored as exdata so it doesnt matter if you revert your emunand back after downloading it.

I forgot to mention that I have an N3DS, so I'm not sure if updating my EmuNAND is an option right now.

 

[felipejfc]

I forgot to mention that I have an N3DS, so I'm not sure if updating my EmuNAND is an option right now.

I think you can update up to 9.5.0

 

[goemon_guy]

I dunno if I'm missing something or not, but I'm trying to activate System Transfer from System Settings in NTR, but the debugger disconnects upon entering System Settings, meaning that the Transfer app sees that an update is available and won't start.

I'm not exactly sure what I'm doing wrong... I followed the directions exactly as in the first post.
eShop access works, so I know that it at least works at some point...
Running a new 3DS, 9.0.0-20U.

 

[Deleted-19228]

Just managed to read 10 page back but haven't found the answer. Sorry.

Can someone clarify my question. Does this technique work with Gateway mode N3DS? From what I understand, I should do all the steps mentioned while im in sysnand (since NTR does not support CFW?). It thats the case, how can I access eshop from my emunand because all of my games are in emunand.

If it is possible to use in gateway mode. does it mean the workflow is like this:
boot sysnand --> NTR spoof ---> boot emunand ---> boot eShop --> profit?

Currently on:
sysnand 9.0.0-20E
emunand 9.5.0-23E

No. You can't run NTR and Gateway at the same time. If you boot into emunand you lose NTR.

 

[ccfman2004]

I forgot to mention that I have an N3DS, so I'm not sure if updating my EmuNAND is an option right now.

If using Gateway you can, for now, only manually update to 9.5.0. I've been fiddling with emuNand trying to see what it will take to get eShop access by manually updating certain titles hoping not to get a brick. At least I can restore the emuNand if I brick. So far I was able to update the NATIVE_FIRM from 9.6.0 and can still boot emuNand. The eShop from 9.6.0 or 9.7.0 won't boot yet.

 

[hippy dave]

I dunno if I'm missing something or not, but I'm trying to activate System Transfer from System Settings in NTR, but the debugger disconnects upon entering System Settings, meaning that the Transfer app sees that an update is available and won't start.

I'm not exactly sure what I'm doing wrong... I followed the directions exactly as in the first post.
eShop access works, so I know that it at least works at some point...
Running a new 3DS, 9.0.0-20U.

For me the debugger disconnected when entering system settings, but the hack stayed active and it happily received a system transfer. Try again?

 

[Deleted-19228]

Just testing eShop finally.

I can download a new application, Pokebank, but when I download an update I get a super generic error. Does this have anything to do with previously downloaded patch CIA's installed? I removed them using FBI and the error persists. Any ideas?

Error 007-2999

It's weird that I can download and install applications that haven't been installed before but installing an update just doesn't work. Tried with MH4, Pokemon, all do the same thing.

 

[gamesquest1]

Just testing eShop finally.

I can download a new application, Pokebank, but when I download an update I get a super generic error. Does this have anything to do with previously downloaded patch CIA's installed? I removed them using FBI and the error persists. Any ideas?

Error 007-2999

It's weird that I can download and install applications that haven't been installed before but installing an update just doesn't work. Tried with MH4, Pokemon, all do the same thing.

have a read here, https://gbatemp.net/threads/gateway-broke-pokemon-rumble-world.387704/#post-5470195