Hi guys, I forgot to do a nand backup and downgrade my n3ds sysnand to 2.1. After getting otp I update my sysnand through system settings resulting in a hardbrick. I know this is user error. I have done many a9lh but this is the first time I forgot. Damned.

Anyway I have thought of a possible way to unbrick which I do not know if it will work.

1) Extract out unbricked 2.1 emunand in pc.
2) Hardmod and flash the unbricked 2.1 emunand to sysnand.
3) ???

Lets say the above method works is there anyway to update my sysnand back to 9.2 or 10.7? I am guessing recovery wont work. What about games with update in it?

Many thanks in advance!

UPDATE!!! (N3DS is unbricked!!!) *Stuck on 2.1 without any NAND Backups*

My situation:
I downgraded to 2.1 on a N3DS without any sysNAND or emuNAND backups totally. So I tried updating though system settings to 10.7 which causes a brick. (I did not know at that point of time).

So I extracted out the 2.1 from my microSD using 3DS Multi EmuNAND Creator and flashed it back to sysNAND with a hardmod.

After getting help from @d0k3 & @al3x_10m and many hours of trial and error I managed to update my N3DS from 2.1 without any nand backup.

So the steps are below, I have splitted it up into 4 sections.

Links to files needed
N3DS 10.7 firm0 and firm1 files
N3DS NCSD Header
Modded Decrypt9
OTPHelper-20160502-081624

1) Setting Up emuNAND
1) Use OTPHelper to dump your otp.bin and otp0x108.bin
2) Use OTPHelper to make a backup for 2.1 sysNAND and rename it to sysNAND 2.1 or something. (Incase the gamecart update fails, you still can use a hardmod to unbrick)
!!!IMPORTANT!!! - I bricked my N3DS a few times during updating to 4.5 using game cart. Steps 3 and 4 is like an insurance, no harm taking extra precaution
3) Turn off internet settings, format your N3DS, if it is in the format loop just wait around 2 mins or so and off it.
4) Boot into recovery by holding L + R + Up + A on boot, after that exit
5) Repeat steps 3 and 4 again
6) Update the N3DS to 4.5 using a gamecart
7) Create emuNAND FW 4.5 using gateway by use gateway entrypoint (go.gateway-3ds.com)
8) Use the modded Decrypt9, it is named as Launcher.dat *Start it using gateway entrypoint (go.gateway-3ds.com) (Slot0x05KeyY.bin needs to be in the root to use the modded Decrypt9)
9) Dump hs.app for emuNAND 4.5
10) Use Universal Inject Generator to create sysupdater.app(profi200's one,safesys and plaisys doesn't work)
11) Unmount SD and put 10.7 N3DS update pack in 'updates' folder, 10.7 firm0.bin and firm 1.bin and NCSD_header_n3ds.bin on root of SD Card
12) If you have a gateway card, replace the modded Decrypt9 launcher with gateway launcher
13) Put back your SD and inject sysupdater into h&s then reboot

2) Updating emuNAND to 10.7
*Make sure these 3 files are at the root of your SD Card*
10.7 firm0.bin
10.7 firm 1.bin
NCSD_header_n3ds.bin

1) I used gateway to enter emuNAND for 4.5 since I got a gateway card. If you have no gateway you can try other CFW? If anyone tested it can let me know, I will add it to this guide and put your name in credits
2) Open sysupdater in emuNAND 4.5 and press (A) to update emuNAND to 10.7
3) After updating it will auto reboot, take out the SD card and replace the Launcher.dat with the one from OTPHelper-20160502-081624
4) Launch OTPHelper in sysNAND 4.5 *Start it using gateway entrypoint (go.gateway-3ds.com)
5) Inject the 10.7 firm0.bin and firm1.bin into emuNAND 10.7
6) Use the Unbrick FW 9.x EmuNAND function (This will take quite some time)
7) After it is done go to NAND Backup & Restore and select Clone EmuNAND to SysNAND
8) Make a NAND backup of your 10.7 sysNAND and rename it sysNAND 10.7 or something (This is needed for A9LH installation)
9) Reboot and your N3DS is now UNBRICKED!!!

3) Downgrade sysNAND to 9.2
*Remember to delete the 10.7 updates folder from root of your SD Card*

1st we need to downgrade to 9.2, you can use Plailect's downgrading guide to downgrade
I used cubic ninja as the entry point for 10.7 to boot into homebrew launcher

When you boot into 9.2 it will show "An error has occured." message, don't worry this is normal.
For some reason it will crash around 3-4 seconds when you boot your N3DS because of the homemenu being loaded I think?

4) Installing A9LH (LumA Version)
We need to install menuhax so just grab the files from here, you should know how to use it by now.

1) Do the Preparatory Work from Plailect's Guide
2) Now we got a 3-4 seconds window before the N3DS will crash when we boot it
3) After you on the N3DS quickly tap the top left corner of your touchscreen to go into HOME Menu Settings
4) Tap Change Theme (This is needed to install menuhax)
5) After exiting it will crash again don't worry
6) After you on your N3DS again, quickly tap on the internet browser icon
7) Go to http://yls8.mtheall.com/3dsbrowserhax_auto.php to launch homebrew launcher
8) Install menuhax, configure it to type 2 (Auto Boot)
9) Exit menuhax manager and launch miniPasta, it will auto reboot into homebrew launcher again
10) Launch Safe A9LH Installer and press Select *Redo steps 9-10 if it hangs*
11) Power on your N3DS, it will auto reboot into homebrew launcher again, now uninstall menuhax
12) A9LH is installed in your N3DS but the error will still show up when it is on 9.2 so now we gonna update it to 10.7 while keeping the A9LH
13) If you have followed the Preparatory Work from Plailect Guide, you will be able to launch Decrypt 9 by holding Start button on boot
14) Launch Decrypt9, go to SysNAND Options > SysNAND Backup/Restore... > NAND Restore (keep a9lh) > Select the sysNAND 10.7 backup you made earlier on
15) After restoring you will have a A9LH 10.7 sysNAND
16) Use Decrypt 9 to inject fbi to the h&s
17) Now make a NAND dump of the 10.7 A9LH sysNAND


Pros:
N3DS is unbricked!

Cons:
You can't use any app or stuffs related to DSIware
BigBlueMenu is not working, but there are other .cia installers to replace that.
I can't format my N3DS too but hey its unbricked, who cares

Credits:
@d0k3 For helping me throughout the whole journey and providing the OTPHelper-20160502-081624 test build
@al3x_10m For helping me throughout the whole journey and providing the N3DS NCSD Header & Modded Decrypt9 files
yellows8 for menuhax and browserhax
@Plailect for the A9LH guide
@smealum for ninjhax
@DarkMatterCore for 3DS Multi EmuNAND Creator

 

[d0k3]

Ok I just reached home gonna test it now. Need to downgrade my N3DS A9LH back to 9.2 1st! Btw what is decrypted firm0firm1? After I dump it I need to do something to it?

Read before asking. @al3x_10m already provided you with all the files you need, no need to even use that secondary N3DS. FIRM0FIRM1.bin is just a concatenated file of both firm partitions.

 

[slslasher]

Read before asking. @al3x_10m already provided you with all the files you need, no need to even use that secondary N3DS. FIRM0FIRM1.bin is just a concatenated file of both firm partitions.

Opps sry, I did not see the file he uploaded. I just went to see the tutorial straight. Now i get it.

 

[slslasher]

Stuck at the last step for like 1hr+, cant figure out how to use the 3DSFIRMtool.c

I got it from here https://github.com/d0k3/3DSFIRMtool there isn't any .exe file

 

[d0k3]

Stuck at the last step for like 1hr+, cant figure out how to use the 3DSFIRMtool.c

I got it from here https://github.com/d0k3/3DSFIRMtool there isn't any .exe file

Here, @slslasher :
https://up1.ca/#B9HlntE-18axmXDt9z-BHA

Need additional tools?

 

[slslasher]

Here, @slslasher :
https://up1.ca/#B9HlntE-18axmXDt9z-BHA

Need additional tools?

Thanks! Thats all I need. Currently flashing back the NAND. Praying hard!

 

[KSP]

U wont need a 9.2 backup to downgrade to 2.1. Coz I memorized the a9lh steps so I did nt read the guide now. So I missed out the backup part.

Works on old3ds but bricked on new 3ds

You obviously did not memorize it properly and needed to read the guide. No 9.2 backup, lol, you're too smart for your own good.
Good luck bro. You're gonna need it.

 

[slslasher]

You obviously did not memorize it properly and needed to read the guide. No 9.2 backup, lol, you're too smart for your own good.
Good luck bro. You're gonna need it.

Yeah I know. Because I installed rxTools on the 1st day but told myself I would back up on the 2nd day. 2nd day when I resume I went to downgrade straight without backing up, stupid me ._.

 

[4gionz]

if what you do ends up working it can end up saving a lot of people best of luck. I had completely stopped following this thread thinking it was over for you but seeing this progress is great

 

[d0k3]

Thanks! Thats all I need. Currently flashing back the NAND. Praying hard!

if what you do ends up working it can end up saving a lot of people best of luck. I had completely stopped following this thread thinking it was over for you but seeing this progress is great

Well, @slslasher had the determination to get this far, and I hope it will work. If it does, the process can be improved, even to the point where a hardmod is - in theory - not needed to do this. There won't be any way around the 4.5 gamecart, so this will never be a free fix, but you have to pay for your own mistakes...

One (small) downside to this - the resulting FW will be somewhat of a FrankenFW, which will still contain parts of the O3DS FW (f.e. there will be two Health & Safety apps). This can be fixed with some effort, and it might not even be any problem in daily use.

 

[slslasher]

not working for me. Tried comparing nand dump 3 times from hardmod. The firm0firm1 and the N3DS header doesn't depends on region right, because the one @al3x_10m posted was European. Mines USA.

Update: I tried tinyformatting my emuNAND, it will hang. When I tried formatting sysNAND 4.5 using the normal format method it just hangs at formatting and load forever. Is there something wrong with my current firmware?

And I realize my decrypt9 when on 2.1 n 4.5 it says missing 0x18 keyx and 0x1B keyx but it does work. I am able to dump those xorpads without any errors. I am going to try everything again with the missing keys in my sd root but I guess it won't make any difference.

 

[d0k3]

Does it still auto poweroff? Keep in mind this is all a giant exploit, and it not working for you when it does for someone else is not a contradictioow n. Okay, we need to try it differently then...

not working for me. Tried comparing nand dump 3 times from hardmod. The firm0firm1 and the N3DS header doesn't depends on region right, because the one @al3x_10m posted was European. Mines USA.

Header and FIRM0FIRM1 are not region dependent, correct. If you check, the header @al3x_10m provided is exactly the same as the one from your other N3DS.

Update: I tried tinyformatting my emuNAND, it will hang. When I tried formatting sysNAND 4.5 using the normal format method it just hangs at formatting and load forever. Is there something wrong with my current firmware?

This is strange... You can skip the step of using TinyFormat, keep in mind all those tools were made with 9.0+ in mind, not 4.5-.

And I realize my decrypt9 when on 2.1 n 4.5 it says missing 0x18 keyx and 0x1B keyx but it does work. I am able to dump those xorpads without any errors. I am going to try everything again with the missing keys in my sd root but I guess it won't make any difference.

Ignore this message. KeyX 0x18 and keyX 0x1B are only required for decrypting NCCHs (games, etc...). The only key you need is the slot0x05keyY.bin.


So, how will will you continue now?
@al3x_10m's method is good, you can keep using it, starting at step #16 (make a backup at that point) and try different update packs; 9.0 / 9.1 / 9.3 / 9.4 / 9.5 (anything above / below, and the provided firm0firm1.bin will no more work). Keep in mind one possible goal is being able to access recovery (L+R+A+up on dpad) and then updating from there.

I see how this is tedious work, with using the hardmod and manual fxing via the XORpads (maybe make a Windows batch file to automate this?), so the GodMode9 route is still a valid option. With A9LH you will have the problem that nothing will run anymore without CFW and you won't have access to the recovery.

If you ask me what to do - it depends on how frustrated you are by now. I'd suggest trying al3x_10m's method with 9.0 and 9.5, and if that doesn't work, the GodMode9 way (also replacing the NAND header with the N3DS one and starting with injecting the full CTRNAND from the other N3DS via 3DSFAT16tool and the slot 0x05 XORpad). The GodMode9 way has the big advantage that you will be independent from your hardmod and it will be much faster to try various things. I also think that the chances of success are quite good for that.

 

[slslasher]

Does it still auto poweroff? Keep in mind this is all a giant exploit, and it not working for you when it does for someone else is not a contradictioow n. Okay, we need to try it differently then...


Header and FIRM0FIRM1 are not region dependent, correct. If you check, the header @al3x_10m provided is exactly the same as the one from your other N3DS.


This is strange... You can skip the step of using TinyFormat, keep in mind all those tools were made with 9.0+ in mind, not 4.5-.


Ignore this message. KeyX 0x18 and keyX 0x1B are only required for decrypting NCCHs (games, etc...). The only key you need is the slot0x05keyY.bin.


So, how will will you continue now?
@al3x_10m's method is good, you can keep using it, starting at step #16 (make a backup at that point) and try different update packs; 9.0 / 9.1 / 9.3 / 9.4 / 9.5 (anything above / below, and the provided firm0firm1.bin will no more work). Keep in mind one possible goal is being able to access recovery (L+R+A+up on dpad) and then updating from there.

I see how this is tedious work, with using the hardmod and manual fxing via the XORpads (maybe make a Windows batch file to automate this?), so the GodMode9 route is still a valid option. With A9LH you will have the problem that nothing will run anymore without CFW and you won't have access to the recovery.

If you ask me what to do - it depends on how frustrated you are by now. I'd suggest trying al3x_10m's method with 9.0 and 9.5, and if that doesn't work, the GodMode9 way (also replacing the NAND header with the N3DS one and starting with injecting the full CTRNAND from the other N3DS via 3DSFAT16tool and the slot 0x05 XORpad). The GodMode9 way has the big advantage that you will be independent from your hardmod and it will be much faster to try various things. I also think that the chances of success are quite good for that.

For the header, @al3x_10m provided is actually different from my other N3DS. Is it a unique header per console that will work for all N3DS? Maybe the dump I made from hardmod might be invalid? I am trying the dump the 4.5 fw via hardmod and see whether I can inject it back using D9. I tried the 1st time, failed when injecting but it passed the verifying check. I wanna see how consistent is the dump too.

My next step would be to try 9.0 & 9.5 as what you have suggested. If all fails I will go GM9 route. Yes, hardmod method is really tedious. I thought you suggested to replace bit by bit of the CTRNAND from the working N3DS than injecting the full CTRNAND?

 

[d0k3]

For the header, @al3x_10m provided is actually different from my other N3DS. Is it a unique header per console that will work for all N3DS? Maybe the dump I made from hardmod might be invalid? I am trying the dump the 4.5 fw via hardmod and see whether I can inject it back using D9. I tried the 1st time, failed when injecting but it passed the verifying check. I wanna see how consistent is the dump too.

My next step would be to try 9.0 & 9.5 as what you have suggested. If all fails I will go GM9 route. Yes, hardmod method is really tedious. I thought you suggested to replace bit by bit of the CTRNAND from the working N3DS than injecting the full CTRNAND?

Can you show me your (other) N3DS header? They should be completely identical, if they are not, there is something wrong. If there are consistency issues with the hardmod, better rely on D9 as much as you can. There are no consistency issues known for that.

And, the GM9 route... there are in fact different ways of doing this... (1) starting with your broken N3DS CTRNAND, replacing files (with ones from good N3DS CTRNAND) until it works, (2) starting with the good N3DS CTRNAND (on the bad N3DS, of course), replacing files (with bad N3DS CTRNAND files) until it works or (3) (for research!) doing (2) on the good N3DS until it breaks. I do think now that (2) is the best option, and, if you get stuck, try (3) to gain some knowledge.

 

[slslasher]

Can you show me your (other) N3DS header? They should be completely identical, if they are not, there is something wrong. If there are consistency issues with the hardmod, better rely on D9 as much as you can. There are no consistency issues known for that.

And, the GM9 route... there are in fact different ways of doing this... (1) starting with your broken N3DS CTRNAND, replacing files (with ones from good N3DS CTRNAND) until it works, (2) starting with the good N3DS CTRNAND (on the bad N3DS, of course), replacing files (with bad N3DS CTRNAND files) until it works or (3) (for research!) doing (2) on the good N3DS until it breaks. I do think now that (2) is the best option, and, if you get stuck, try (3) to gain some knowledge.

I have sent u a pm with the header file. Actually I checked my solder and its abit flimsy, I have re-soldered everything now and trying it to test the consistency.

GM9 route the 3rd method I am abit scared even though I have the backup and its A9LH modded.

 

[d0k3]

I have sent u a pm with the header file. Actually I checked my solder and its abit flimsy, I have re-soldered everything now and trying it to test the consistency.

GM9 route the 3rd method I am abit scared even though I have the backup and its A9LH modded.

GM9 is rock solid by now, and you can't break your A9LH (at least not without noticing) easily with it, especially not if you are only touching CTRNAND. I agree with you that you should hold of from doing (3) for now, though.

Now, those headers, yup, I oversaw something. That header (in fact, any header but the original one) may break your TWL (DSiWare), but this should not lead to any further problems. We can work on fixing this later, and it may not even be fixable at all. Don't bother with this for now, though, we need to get 3DS mdoe working again.

 

[slslasher]

GM9 is rock solid by now, and you can't break your A9LH (at least not without noticing) easily with it, especially not if you are only touching CTRNAND. I agree with you that you should hold of from doing (3) for now, though.

Now, those headers, yup, I oversaw something. That header (in fact, any header but the original one) may break your TWL (DSiWare), but this should not lead to any further problems. We can work on fixing this later, and it may not even be fixable at all. Don't bother with this for now, though, we need to get 3DS mdoe working again.

Ok, so actually I can use any of the N3DS headers? Yup, dsi mod is a small matter compared to a non working 3ds.

Will update you guys on the progress again.

 

[d0k3]

Ok, so actually I can use any of the N3DS headers? Yup, dsi mod is a small matter compared to a non working 3ds.

Will update you guys on the progress again.

If you don't have the original one, any header is as good as another. And, good luck!

 

[Jayro]

Couldn't he gradually update up the line using cart updates? I know it's an expensive route to go, but maybe find carts for your region that have 4.5, then 9.2? I'm not sure how well a system can go from 2.1 to 4.5... I know skipping large numbers can be bad sometimes, like the PS3 needed baby step updates, it hated going from 2.40 to whatever the latest is, etc... Perhaps this is something similar? I don't know too much about the 3DS yet, but still soaking up info.

 

[slslasher]

If you don't have the original one, any header is as good as another. And, good luck!

Ok, I tried dumping a few times fw 4.5 using hardmod. When I tried to inject back using D9 there is always an error after 10-20%. Definitely inconsistent dump for sure, not sure why is this so since I can write it back using Win32DiskImager with no problems.

Before I go to the GM9 route I got a qn whether I could do this.

1) Dump the working 4.5 sysNAND using D9
2) Inject the 4.5 sysNAND dump into emuNAND partition
3) Boot emuNAND using gateway
4) Use sysNAND to update to 9.2 N3DS and continue with the guide @al3x_10m provide
5) Lastly flash back either 2.1 or 4.5 sysNAND and use D9 to inject back the unbricked dump.

 

[d0k3]

Couldn't he gradually update up the line using cart updates? I know it's an expensive route to go, but maybe find carts for your region that have 4.5, then 9.2? I'm not sure how well a system can go from 2.1 to 4.5... I know skipping large numbers can be bad sometimes, like the PS3 needed baby step updates, it hated going from 2.40 to whatever the latest is, etc... Perhaps this is something similar? I don't know too much about the 3DS yet, but still soaking up info.

No, that won't work. N3DS below 9.0 is a special case.

Ok, I tried dumping a few times fw 4.5 using hardmod. When I tried to inject back using D9 there is always an error after 10-20%. Definitely inconsistent dump for sure, not sure why is this so since I can write it back using Win32DiskImager with no problems.

Before I go to the GM9 route I got a qn whether I could do this.

1) Dump the working 4.5 sysNAND using D9
2) Inject the 4.5 sysNAND dump into emuNAND partition
3) Boot emuNAND using gateway
4) Use sysNAND to update to 9.2 N3DS and continue with the guide @al3x_10m provide
5) Lastly flash back either 2.1 or 4.5 sysNAND and use D9 to inject back the unbricked dump.

Yup, no reason why that should not work. Also, you are at a point where you have to experiment. You can even try all of Al3x_10m's steps on EmuNAND and see if that helps.