Hacking [Research] Block the 3DS from updating - permanently

[loco365]

So a while back, einstein95 showed me a photo in which he had manually updated NVer and CVer in his system, prior to GW2.7's release, and showed a "9.3 emuNAND" to me. It was actually running 9.2, but had the NVer and CVer for 9.3, and the system didn't complain.

However, he attempted to update his system (When 9.4 was released), and to both of our surprise, it didn't update at all! It actually failed to update!

Today, I attempted the same thing on my emuNAND to see if I could prevent the 4.3 emuNAND from updating to 9.4 using Gateway's 2.7 launcher. However, it seems to have failed.

My question, and goal, is to find the following: What can be installed, as to prevent the system from being updated? And, once that is accomplished, can we install this to a 4.X+ (In the event of Gateway releasing support for other firmwares soon) sysNAND, and prevent the sysNAND from being accidentally updated?

 

[Searinox]

Today an NDS mode card whitelist has been released that downgrades sysnand's whitelist to the one that was in 1.0, but its internal version is set to the maximum 63.63.15 so when the system receives future update, it won't overwrite it because it's newer. I proposed that using the same logic, the entire 3DS firmware could be repacked and reinstalled on sysnand as the maximum, or at least a very high version number, so when you put a 3DS game in, or connect to wifi or Nintendo Zone, it should detect that the official update is lower than the current sysnand firmware, which is still 4.5 but would be masquerading as 63.63.15, and thus refuse the update.

More experienced members have not issued any technical objections, only warnings that this would effectively lock the console to that firmware unless you have a hardware mod, or make future cloned emuNAND impossible to update without prior backup of the original firmware, but it should be doable, if only someone releases it.

 

[Venseer]

You can hardmod the wi-fi receptor out.

 

[kamesenin888]

So a while back, einstein95 showed me a photo in which he had manually updated NVer and CVer in his system, prior to GW2.7's release, and showed a "9.3 emuNAND" to me. It was actually running 9.2, but had the NVer and CVer for 9.3, and the system didn't complain.

However, he attempted to update his system (When 9.4 was released), and to both of our surprise, it didn't update at all! It actually failed to update!

Today, I attempted the same thing on my emuNAND to see if I could prevent the 4.3 emuNAND from updating to 9.4 using Gateway's 2.7 launcher. However, it seems to have failed.

My question, and goal, is to find the following: What can be installed, as to prevent the system from being updated? And, once that is accomplished, can we install this to a 4.X+ (In the event of Gateway releasing support for other firmwares soon) sysNAND, and prevent the sysNAND from being accidentally updated?

Dude in gateway mode without emunand can you do this? or it is too risky?

 

[loco365]

You can hardmod the wi-fi receptor out.

That doesn't prevent gamecard updates though. Plus, you also won't be able to do Download Play or update your emuNAND or do anything wireless with your emuNAND.

Dude in gateway mode without emunand can you do this? or it is too risky?

I'm hoping that, once I get this working in an emuNAND, that someone with a NAND dump mod can test this on a sysNAND and post results.

 

[Jasin]

Almost makes me wonder if there is a way to make an older firmware look like a newer firmware thus allowing you to update (downgrade) to an older firmware.

 

[ground]

So a while back, einstein95 showed me a photo in which he had manually updated NVer and CVer in his system, prior to GW2.7's release, and showed a "9.3 emuNAND" to me. It was actually running 9.2, but had the NVer and CVer for 9.3, and the system didn't complain.

However, he attempted to update his system (When 9.4 was released), and to both of our surprise, it didn't update at all! It actually failed to update!

Today, I attempted the same thing on my emuNAND to see if I could prevent the 4.3 emuNAND from updating to 9.4 using Gateway's 2.7 launcher. However, it seems to have failed.

My question, and goal, is to find the following: What can be installed, as to prevent the system from being updated? And, once that is accomplished, can we install this to a 4.X+ (In the event of Gateway releasing support for other firmwares soon) sysNAND, and prevent the sysNAND from being accidentally updated?

funny, i ust was looking into this this morning. I think you only need to change NVER., did you decrypt this NVEr succesfully? (i think you need the titlekey for decryptopn, which can be found in the ticket (which needs to be decrypted with the commonkey).

 

[loco365]

funny, i ust was looking into this this morning. I think you only need to change NVER., did you decrypt this NVEr succesfully? (i think you need the titlekey for decryptopn, which can be found in the ticket (which needs to be decrypted with the commonkey).

I used the UpdateCDN downloader to package it into a CIA, and it didn't return any errors. I went into the System Settings and checked as well, it showed "GW3D 9.4.0-21" on my 4.3.0 emuNAND.

 

[lemanuel]

could this also be used to play games that need higher firmware version even tho you would be in a lower firmware disguised as the latest?

 

[ground]

I used the UpdateCDN downloader to package it into a CIA, and it didn't return any errors. I went into the System Settings and checked as well, it showed "GW3D 9.4.0-21" on my 4.3.0 emuNAND.

yes i see, if you want to perma block updates i think you should decrypt it and give it your own very high fw number.

 

[Arras]

could this also be used to play games that need higher firmware version even tho you would be in a lower firmware disguised as the latest?

Only if the only reason that game doesn't work is because they want you to update. If the game uses something that's only available in later versions (such as 7.0 encryption or probably things like Amiibo support) you won't get it to work on a version that doesn't have that, period. (except for emunand, of course)

 

[lemanuel]

Only if the only reason that game doesn't work is because they want you to update. If the game uses something that's only available in later versions (such as 7.0 encryption or probably things like Amiibo support) you won't get it to work on a version that doesn't have that, period. (except for emunand, of course)

yeah. lol.
it would make too easy to play games. we're not that lucky

 

[GolyBidoof]

Ehhh, been a while since I last logged in to GBATemp...
But I really want to help, at least the EmuNAND part. If my reasoning is correct, just by spoofing all apps versions to 9.4 update and installing all the 9.4 packages (though these won't execute at all) should be enough. But this will only work until the next update - when Nintendo adds another module, it will probably ask for update again.

I tried to spoof CVer alone and it installed nicely, but when I came to System Settings and tapped update hoping for a message like "there is no update", well, there was.

That's why instead of preventing updates, we should try to force the 3DS not to update the module we want, in this case DS Profile Mode. I'll try spoofing System Settings and update to 9.4, I'll see if it gets removed by the patched one or stays like the NVer hack.

Cheers!
Szymmy.

EDIT: I just tried to use the 9.4 CVer on 4.5 soft. It installed and worked. But when I came to update menu, guess what...?
Exactly.
As a proof I'm not lying: 4.5 SysSettings with 9.4 CVer.

Spoiler

EDIT2: This time installed 9.4 NVer. Same results, but a new number popped in.

Spoiler

I wonder how many files remain to make the damned updater no longer update anything.

 

[expee12]

Does the 3DS use a permissions system like other operating systems do? If so, it should be possible to mark the DS file system as read only, or flash a modified DS mode as a .cia that would mark it as read only

 

[GolyBidoof]

That's exactly what I suggested a post above. :/
I'm trying to, I probably won't be able to try the exploit, but I want to overwrite some packages in the patch first, like 4.5 CVer and NVer on 9.4.

 

[expee12]

Ah sorry I misread. I was seeing spoofing as a separate idea from marking permissions

 

[GolyBidoof]

EUREKA! Something is happening.

Spoiler

It doesn't want to update anymore, or rather it tries to update, looks for something and pukes "system is up to date" resetting to SysNAND again. Now let's check how much can I edit in this 9.4 patch to make it NOT update.
I installed 9.4 patch and spoofed 4.5 CVer to v10000.

 

[Nic333]

CVER means the System Version and NVER means the Online Stuff version, that is why NVER pops out a new number
And also, NDS mode is just the entry point, you NEED the 4.x NATIVE_FIRM for the exploit work.

 

[GolyBidoof]

Yeah, I knew it for a while now
The thing is now to test how much can I alter the OS to make it not update.

 

[GolyBidoof]

And there is my answer.
The end of my research, so please allow me to double post, dear mods...

1. There is a way to do it. Cearp is a genius as he figured it out (on a bit smaller scale, but it counts) before. Just set all the apps version to maximum one.
2. But the 3DS will still update. It just won't update the already-existing modules like Home Menu, NATIVE_FIRM, System Settings and such. If Nintendo pushes a brand new file on server, 3DS will download it.
3. You can probably set most of the modules to update, like CVer, Home Menu as it doesn't affect the Homebrew. You need to set NATIVE_FIRM to the maximum version for sure.
4. To do this, you need a hardware mod. You cannot install DevMenu with 4.5 exploit.

That concludes my research. I hope it comes in handy for someone.