Hacking Update firmware from 1.1.0

Ronhero

Ronhero

Too Weird to Live, Too Rare to Die
Member
Level 10
Joined
Jun 28, 2014
Messages
3,470
Trophies
1
Location
Arizona Bay
Website
127.0.0.1
XP
2,062
Country
United States
Syphurith said:
1.You can use payload with CubicNinja to get your OTP dump and NAND backup (Decrypted). OTP dumping is only available for 1.0-2.2.
2.If yours is a JPN console, please dump the NAND first. You could contact AHP_Person to have it packed back as downgrade pack.
3.If you could borrow a SKY from your friend. Get it with CubicNinja, and any game of 4.x.
4.Dump the OTP and NAND first. Then use 4.x game to update to 4.x, exploit MSET, use CFW to update to 9.0-9.2, with packs from that iso site.
There could be videos and other things useful for others. So if you just update before dumping it, you are spoiling your own console.
Click to expand...

I think we have JPN 1.x now it's just EUR that's needed
 
  • Like
Reactions: Syphurith and MelonGx
drfsupercenter

drfsupercenter

Flash Cart Aficionado
Member
Level 7
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,163
Country
United States
What do you actually need from a European console though?

I gave you the promo videos, that's all that was different between 1.0 and 1.1, 2.0 is when all the eShop/browser stuff was added anyway.

And without your console's OTP key it's not like you can just take someone else's decrypted backup and apply it to your own 3DS...
 
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
I tried installing EU & US video into my JP emuNAND 10.5.
They were not executable until I launched them in FBI.
Now they work properly.
For next I will delete emuNAND's 0004001000023000 and install the JP video.
 
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
Succeeded importing JP video to JP 3DS emuNAND.
1) Delete 0004001000023000 (on JP 3DS emuNAND) with FBI (Devmenu cannot do that).
2) Install JP video CIA.
3) Reboot emuNAND.
Done.

The next is spoofing & injecting Promo Video to SysNAND?
 
Last edited by MelonGx,
V

vivien12

New Member
OP
Newbie
Level 2
Joined
Feb 4, 2011
Messages
3
Trophies
0
XP
112
Country
Netherlands
I wouldn't mind dumping it, but I really don't want to hardmod my 3ds, not myself at least. I'm an absolute disaster when it comes to anything hardware related. I don't suppose there is a way to dump it without hardmodding?
 
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
vivien12 said:
I wouldn't mind dumping it, but I really don't want to hardmod my 3ds, not myself at least. I'm an absolute disaster when it comes to anything hardware related. I don't suppose there is a way to dump it without hardmodding?
Click to expand...
It requires Cubic Ninja + 1.1.0 QR.
 
S

Syphurith

Beginner
Member
Level 3
Joined
Mar 8, 2013
Messages
641
Trophies
0
Location
Xi'an, Shaanxi Province
XP
364
Country
Switzerland
MelonGx said:
Succeeded importing JP video to JP 3DS emuNAND.
The next is spoofing & injecting Promo Video to SysNAND?
Click to expand...
Congrats.. Or else, mess up with the decrypted form of the video CIA.
So we could know how it is played, and how to craft one if we can..
Ronhero said:
I think we have JPN 1.x now it's just EUR that's needed
Click to expand...
Last time i checked that iso site, it has 2.2.0E pack. I know AHP has the 1.0U pack (crafted one). Why no 2.2 pack for J/U? Ha.
Also i doubt if you can downgrade one console from other region to 1.0U.. So they can also dump the OTP from KOR/CHN/TWN consoles..
 
RednaxelaNnamtra

RednaxelaNnamtra

Well-Known Member
Member
Level 12
Joined
Dec 8, 2011
Messages
1,208
Trophies
1
XP
3,340
Country
Germany
Syphurith said:
1.You can use payload with CubicNinja to get your OTP dump and NAND backup (Decrypted). OTP dumping is only available for 1.0-2.2.
2.If yours is a JPN console, please dump the NAND first. You could contact AHP_Person to have it packed back as downgrade pack.
3.If you could borrow a SKY from your friend. Get it with CubicNinja, and any game of 4.x.
4.Dump the OTP and NAND first. Then use 4.x game to update to 4.x, exploit MSET, use CFW to update to 9.0-9.2, with packs from that iso site.
There could be videos and other things useful for others. So if you just update before dumping it, you are spoiling your own console.
Click to expand...
Does the nand dump payload also read the otp area? If not where can people get the payload for otp dumping? I searched the last 30-60 min for it and haven't found it(Or maybe i'm to bad at searching for it xD).
I personaly searching for it, to be able to use arm9loaderHax on my o3DS, and later on my new3DS, but if the op want's to do it he needs it too :)
 
Aurora Wright

Aurora Wright

Well-Known Member
Member
Level 14
Joined
Aug 13, 2006
Messages
1,550
Trophies
3
XP
4,492
Country
Italy
drfsupercenter said:
Sure thing, I don't know if these are technically allowed though because they're firmware files.

All I did, though, was use make_cdn_cia with the right title IDs (which have since been stubbed, I did this like two years ago)

Here's a link.

The CIAs are just the output of make_cdn_cia, and as-is you can install the two that aren't of your region. If you're able to make region-free ones, be my guest! I'd also appreciate a .3ds format since I'd rather just watch the videos from a Gateway than have to install the stupid things...
Click to expand...
Check the ISO site soon (awaiting approval :P)
 
  • Like
Reactions: CreativeMan, drfsupercenter and Cortador
S

Syphurith

Beginner
Member
Level 3
Joined
Mar 8, 2013
Messages
641
Trophies
0
Location
Xi'an, Shaanxi Province
XP
364
Country
Switzerland
RednaxelaNnamtra said:
Does the nand dump payload also read the otp area? If not where can people get the payload for otp dumping? I searched the last 30-60 min for it and haven't found it(Or maybe i'm to bad at searching for it xD).
I personaly searching for it, to be able to use arm9loaderHax on my o3DS, and later on my new3DS, but if the op want's to do it he needs it too :)
Click to expand...
Oh no, OTP area isn't read in the provided payload. However you can contact AHP_Person for his OTP dumper payload.
Actually you can build any payload companied with that CubicNinja QR, using Ninjhax1.1b repo fully set up. Maybe kind of boring, i admit, and it should worth that.
 
  • Like
Reactions: RednaxelaNnamtra
Ronhero

Ronhero

Too Weird to Live, Too Rare to Die
Member
Level 10
Joined
Jun 28, 2014
Messages
3,470
Trophies
1
Location
Arizona Bay
Website
127.0.0.1
XP
2,062
Country
United States
Syphurith said:
Last time i checked that iso site, it has 2.2.0E pack. I know AHP has the 1.0U pack (crafted one). Why no 2.2 pack for J/U? Ha.
Also i doubt if you can downgrade one console from other region to 1.0U.. So they can also dump the OTP from KOR/CHN/TWN consoles..
Click to expand...

I confirmed the dev group does have 1.x jpn and yes its not on iso.

Yes I have downgraded a JPN to USA 1.x to get otp working
 
  • Like
Reactions: Syphurith
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
MelonGx said:
Succeeded importing JP video to JP 3DS emuNAND.
1) Delete 0004001000023000 (on JP 3DS emuNAND) with FBI (Devmenu cannot do that).
2) Install JP video CIA.
3) Reboot emuNAND.
Done.

The next is spoofing & injecting Promo Video to SysNAND?
Click to expand...
The video CIA needs a version spoof (at least spoofing to v2048) before installing.
Otherwise the emuNAND will ask for a system update after installed.
 
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
Spoofed Video CIA installation succeeded.
Update Nag never comes forever.

Spoofing method:
- Open the Video CIA with Hex editor
- Change offset 0x2F90 0C-0D from 00 00 (v0, USA/EUR) or 00 02 (v2, JPN) to 08 00 (v2048)
- Normally install modified CIA with BBM/FBI in emuNAND
 
  • Like
Reactions: Bartesco and anonymoose
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
MelonGx said:
Spoofed Video CIA installation succeeded.
Update Nag never comes forever.

Spoofing method:
- Open the Video CIA with Hex editor
- Change offset 0x2F90 0C-0D from 00 00 (v0, USA/EUR) or 00 02 (v2, JPN) to 08 00 (v2048)
- Normally install modified CIA with BBM/FBI in emuNAND
Click to expand...
Spoofed 1.1.0-1 video CIAs are tested successfully installed into O3DS SysNAND.
The same-region video can be watched without launching CFW.
But it requires PASTA MODE / MINI-PASTA for the installation.

For N3DS, since N3DS SysNAND doesn't have the video title, you have to launch CFW to watch all of them, even installed into SysNAND.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

Hardware  Why does my 3DS take so long to turn off?

General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: The cybertruck is a death trap.