Tutorial  Updated

Hardmod - downgrade New 3DS to 2.1 for OTP dumping

Hi all

After trying the emunand 2.1 downgrade method last night unsuccessfully, I have just succeeded in downgrading my hard modded New 3DS from 9.2 to 2.1 in order to dump the OTP. It was fairly straightforward, but I thought I would post the method I used so others can follow it. Just to be clear, if you have a hard mod you don't have to use the emunand method for downgrading to 2.1 which makes things much more straightforward.

This tutorial assumes the following:
  • You have a hard mod installed on your 3DS and know how to use it to read and write the NAND
  • You know how to verify a SysNAND backup using md5
  • You know how to back up your sysnand, emunand and SD card
  • You know how to access hax to get to the Homebrew Launcher
  • You know how to install homebrew apps on your 3DS
  • You know how to install CIAs using FBI
  • You know how to use the command prompt or terminal on the OS you are running on your computer
  • You know how to use a hex editor
I won’t explain how to do all of these as this guide is intended to be an overview of the downgrade process I used. If you do not meet all of the assumptions above then do not follow this guide. To be perfectly clear:

If you follow this guide and do not have both a hardmod and a valid sysnand backup, you will hardbrick your console and this will not be recoverable.

I tested this using the following configuration:
  • EUR New 3DS (non-XL)
  • Hard mod
  • 9.2 SysNAND
  • Cubic Ninja as Homebrew entrypoint
I make no guarantees that this will work for anybody else, either the same or different hardware. If you want to give this a try please take precautions and feel free to post in this thread if you need any help!

Ok, technicalities out of the way. Lets get started.

Part 1: Prepare your SD card

You need the following homebrew apps on your SD card:
In addition, you will need the following on your SD card:

Once all of this is copied over, your SD card should look like this:
SD contents.png


You will also need the following on your computer:

Part 2: Dump your console’s xorpads
  1. Launch hax and run Decrypt9
  2. Select “XORpad Generator Options”
  3. Select “CTRNAND Padgen” and follow the instructions to dump to nand.fat16.xorpad
  4. Press B to go back to the main menu, and the press SELECT to unmount your SD card
  5. Put your SD card in your computer and copy nand.fat16.xorpad from the SD card to your computer
  6. Rename nand.fat16.xorpad to nand.fat16_0x5_.xorpad on your computer
  7. Delete nand.fat16.xorpad from the SD card
  8. Put the SD card back in your console, press B and then choose “CTRNAND Padgen 0x4” to dump nand.fat16.xorpad
  9. Press B to go back to the main menu, and the press SELECT to unmount your SD card
  10. Put your SD card in your computer and copy nand.fat16.xorpad from the SD card to your computer
  11. Rename nand.fat16.xorpad to nand.fat16_0x4_.xorpad on your computer
  12. Delete nand.fat16.xorpad from the SD card
  13. Put the SD card back in your console, press B and then quit Decrypt9 back to HBL


Part 3: Downgrade to 2.1
  1. From HBL, run TinyFormat, and format SysNAND
  2. Reboot the console and complete the initial setup without linking NNID
  3. Launch hax and run MiniPasta
  4. Launch hax and run FBI
  5. Install FBI.cia and sysupdater.cia to SysNAND (SD as the destination)
  6. Press START to exit FBI
  7. Launch MiniPasta
  8. If your 3DS hangs while launching MiniPasta at this point, just power cycle, launch hax, and run MiniPasta again
  9. Unwrap SysUpdater and open it
  10. Press Y to downgrade
  11. Wait for the CIAs to be install and for the console to boot
  12. SysNAND is now downgraded to 2.1, but is bricked (you will be stuck on a black screen)
  13. Power off your console
  14. Remove the SD card from your console, connect it to your computer, delete the “Nintendo 3DS” folder, and place it back in your console


Part 4: Unbrick SysNAND
  1. Connect your hard mod adapter cable to the 3DS and computer
  2. Take two backups of SysNAND, one called 2.1.bin and another called 2.1a.bin
  3. Compare the md5sums of the two images. They should be identical. If they are not, then something is wrong with your hard mod
  4. If the two md5sums match, you have a good 2.1 SysNAND backup and can delete 2.1a.bin as you will now be working on 2.1.bin
  5. Move 2.1.bin, nand.fat16_0x4_.xorpad, nand.fat16_0x5_.xorpad and 3DSFAT16tool into the same directory
  6. Open up a command prompt, cd to the directory containing the files you moved in step 5
  7. Enter the following commands:

    Mac/Linux users:

    Code: 
    ./3DSFAT16tool -d -n 2.1.bin ctr.bin nand.fat16_0x5_.xorpad
./3DSFAT16tool -i -o 2.1.bin ctr.bin nand.fat16_0x4_.xorpad

    Windows users:

    Code: 
    3DSFAT16tool.exe -d -n 2.1.bin ctr.bin nand.fat16_0x5_.xorpad
3DSFAT16tool.exe -i -o 2.1.bin ctr.bin nand.fat16_0x4_.xorpad

  8. Open 2.1.bin and NCSD_header_o3ds.bin into your hex editor
  9. Copy all of NCSD_header_o3ds.bin
  10. In 2.1.bin, select everything from offset 0x200 to the beginning of the file. If your hex editor displays the offsets in decimal, this is the first 512 bytes
  11. Paste to replace this selection with the contents of NCSD_header_o3ds.bin
  12. Save the file and exit
  13. Using your hard mod, flash 2.1.bin to your console’s sysnand


If everything went according to plan, when you power on your console you will be running 2.1. You can now dump the OTP, and when you have it you can re-flash your 9.2 sysnand and go back to normal.
 
Last edited by mashers,
  • Like
Reactions: thewarhammer, Myria, LinkKenedy and 5 others
Click to expand...
Plailect

Plailect

Well-Known Member
Member
Level 8
Joined
Jan 30, 2016
Messages
546
Trophies
1
XP
1,502
Country
United States
You should make this line way bigger
mashers said:
I won’t explain how to do all of these as this guide is intended to be an overview of the downgrade process I used. If you do not meet all of the assumptions above then do not follow this guide. To be perfectly clear, if you follow this guide and do not have both a hardmod and a valid sysnand backup, you will hardbrick your console and this will not be recoverable.
Click to expand...
 
H

Halo249

Banned!
Banned
Level 1
Joined
Feb 17, 2016
Messages
35
Trophies
0
Age
30
XP
14
Country
United States
JacksonS said:
I think if you try to update with any firmware below 9.0.0-20, it will brick, because those firmwares do not normally run on a New 3DS.
Click to expand...

Well I am just here to know how to downgrade to 2.1. I have a o3ds sorry for not making that clear.
 
artur3004

artur3004

Well-Known Member
Member
Level 3
Joined
Mar 31, 2015
Messages
486
Trophies
0
Age
28
XP
339
Country
Gambia, The
why isn't it posible to dump otp through 2.1 emunand? would be much safer and people without hardmod could do this
 
mashers

mashers

Stubborn ape
OP
Member
Level 15
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
artur3004 said:
why isn't it posible to dump otp through 2.1 emunand? would be much safer and people without hardmod could do this
Click to expand...
No. OTP is locked by sysnand very soon after booting and way before CFW launches to get to emunand. It is not possible at all to extract OTP from Emunand. Downgrading to 2.1 is the only way.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking  New 2ds Refuses to boot

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

3DS won't boot into DS Mode, Extended Memory Mode and more

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: Sup