Hacking Gateway Downgrading

[Classicgamer]

well I tried rune factory 4 - it updated. it then restart. system booted up but when I go to settings to check fw version it gives and error - requests I save my data and restart. at that point it black screens forever.

I'm off to try a game cart now. hopefully im entertaining you all's morning with this cool info lol

 

[Bakuryu42]

Ok, need some help.

Been running fine for a while and thinking of downgrading, is it safe if we don't have a nand hardware mod?

My current setup is:
Sysnand - 9.2
Emunand 9.4

In order to set it up I had to backup and delete my Nintendo 3DS folder on my SD card which contained my Eshop Animal Crossing, I have yet to test it out again after all was said an done because Emunand takes up to much space on my SD card. I also have two physical games Super Mario 3D Land and Dead or Alive Dimensions.

I've played a couple games on emunand that now have save files on the sd card.

This all being said if I were to downgrade right now, what would I break? I am unsure if my emunand is linked at this point.

 

[Liberty]

What about savegames?
- Game cartridge using 6.x KeyY played in emuNAND will not work on downgraded console's EmuNAND (Classic mode emuNAND use correct Savegame KeyY on 9.x)

I don't even understand what you're saying. Care to elaborate?

 

[sblast3]

Success!
2011 US Aqua Blue model, 9.2 -> 4.2

Edit: Upgrade from 4.2 to 4.5 worked!

 

[SirByte]

Not all NAND titles get downgraded (not that it truly matters though), not to mention banners show on 4.5 even for the newest game titles.

Greetings! I was wondering about the same thing. It's not like the PSP where the full Sony updater ran, then certain patches done after the fact. With the US systems, the dg is to 4.2 which theoretically opens the window to upgrading to 4.5.0-U using a gamecart, hopefully becoming indistinguishable from a "real" 4.5.

Question though; people are complaining their blue carts no longer working; does a DS flashcart block remain when downgrading from say 9.2?

Another question: what in your opinion does this bode for a real CFW? It used to be said that updates were signed specifically for your 3DS. Is this not true for those titles, does GW somehow (fake) sign them?

 

[mathieulh]

Greetings! I was wondering about the same thing. It's not like the PSP where the full Sony updater ran, then certain patches done after the fact. With the US systems, the dg is to 4.2 which theoretically opens the window to upgrading to 4.5.0-U using a gamecart, hopefully becoming indistinguishable from a "real" 4.5.

Question though; people are complaining their blue carts no longer working; does a DS flashcart block remain when downgrading from say 9.2?

Another question: what in your opinion does this bode for a real CFW? It used to be said that updates were signed specifically for your 3DS. Is this not true for those titles, does GW somehow (fake) sign them?

As far as I can tell, I could use the gateway blue card just fine on my now downgraded console

GW devs did not fake sign anything, the titles aren't encrypted with a per 3ds key, otherwise nobody could update/downgrade, it's using a set of generic keys. GW devs did patch the tmd version check in ram (it's not a permanant patch) so that older titles would get installed, otherwise they just use titles signed by nintendo (untouched). That's about it.
The boot chain of trust hasn't been broken, there are no unsigned binaries that run at boot.

 

[Cyan]

Thank you.

What about savegames?
- Game cartridge using 6.x KeyY played in emuNAND will not work on downgraded console's EmuNAND (Classic mode emuNAND use correct Savegame KeyY on 9.x)

I don't even understand what you're saying. Care to elaborate?

I'll try to explain in an easy way.


Well, games are using different methods and keys to encrypt savegame data.
games using the "6.x" method are using a set of keys available only on SysNAND.

when you are on a 4.5 console (with or without emuNAND) and playing a game requesting the "6.x" encryption key, the key used by the game is read from RealNAND (sysNAND), and the console's NAND don't even know the 6.x key because it's still on 4.5, so it falls back to use 2.x keyset instead of 6.x keyset.


But with updated SysNAND and gateway 3.0, it's now possible to use Gateway Classic emuNAND with console above 6.0
the SysNAND has the 6.0 key, so emuNAND is also using it to encrypt savegames.

All the savegame compatibility depends on the RealNAND version.
Console Real NAND 6.0+ = using new encryption
Console Real NAND 4.x = using old encryption.

if you downgrade from 6.0+ to 4.5, your game cartridge's savegame will not be recognized as it's encrypted with a different key.
and the other way is true too : if you started a "6.x" game on a console with real NAND v4.5, it will not work if you update your console past 6.0

Some games are still requesting the old keys, not all games want the 6.0 keys.
So, games always requesting the 2.0 key work fine whether you are on 4.x or above.

 

[mehrab2603]

Has any brave soul tried downgrading to a different region firmware?

 

[SirByte]

Has any brave soul tried downgrading to a different region firmware?

Soon but in a different way: http://gbatemp.net/threads/poc-3ds-region-changing-proof.378110/

 

[0bvious]

So, I downgraded successfully! But I have a couple of save game problems now. Thought I would post here to let everyone know my situation, and to ask for advice!

I have a 3DS XL (EUR), which was 4.5 when I bought it. I had since upgraded to 9.2 sysNAND.

I installed Gateway Ultra 3.0.0 using browser exploit
I backed up my NAND
I installed 9.4 on emuNAND
I backed up all my retail cart save games (except Animal Crossing which doesn't allow)
(I backed all those up to PC)
Then I downgraded to 4.5 (on Gateway 3.0.1)
I then installed Gateway Ultra 3.0.1 on 4.5 sysNAND using Blue Cart

Everything seems to be working fine, including eshop games, and all my retail carts EXCEPT:

- Smash Bros
- Zelda: Link Between Worlds

These two games show 'corrupt save game' message. I can't get them to work in Classic Mode.

Now, here's my question. Am I screwed?

I have the saves for these games backed up. Should I try and restore these, or will the restores also be broken?

Should I try and install these games on my Gateway as backups, and then use the saves I have backed up? Will this work?

Thanks

 

[gojeta09]

So, I downgraded successfully! But I have a couple of save game problems now. Thought I would post here to let everyone know my situation, and to ask for advice!

I have a 3DS XL (EUR), which was 4.5 when I bought it. I had since upgraded to 9.2 sysNAND.

I installed Gateway Ultra 3.0.0 using browser exploit
I backed up my NAND
I installed 9.4 on emuNAND
I backed up all my retail cart save games (except Animal Crossing which doesn't allow)
(I backed all those up to PC)
Then I downgraded to 4.5 (on Gateway 3.0.1)
I then installed Gateway Ultra 3.0.1 on 4.5 sysNAND using Blue Cart

Everything seems to be working fine, including eshop games, and all my retail carts EXCEPT:

- Smash Bros
- Zelda: Link Between Worlds

These two games show 'corrupt save game' message. I can't get them to work in Classic Mode.

Now, here's my question. Am I screwed?

I have the saves for these games backed up. Should I try and restore these, or will the restores also be broken?

Should I try and install these games on my Gateway as backups, and then use the saves I have backed up? Will this work?

Thanks

unfortunately this is due you saved the game in higher version .. me also occurred thankfully have two 3ds one in 7.2 and 4.2 in another so everything working .

 

[0bvious]

unfortunately this is due you saved the game in higher version .. me also occurred thankfully have two 3ds one in 7.2 and 4.2 in another so everything working .

So someone needs to program a 'save game' converter or something like that?

Or... if I installed these games as backups and ran them from the Gateway card I could use my save games?

 

[gojeta09]

So someone needs to program a 'save game' converter or something like that?

Or... if I installed these games as backups and ran them from the Gateway card I could use my save games?

There is some save editor but none Run For min to such modification

 

[Cyan]

Should I try and install these games on my Gateway as backups, and then use the saves I have backed up? Will this work?

It will not work.
Like you said, you where using emuNAND classic (and probably played these games without emuNAND at all), so it's using 6+ keys to encrypt the savegame.

now that you downgraded, the 4.x console doesn't know the 6.x key (even with emuNAND above 6), so your savegame can't be decrypted.


There's maybe a chance to convert it with Savedata filler?
I don't know if it deals with unencrypted data.

- restore your 9.x
- use savedata manager (illegal tool) to backup the save from your cartridge (I don't know if it will be unencrypted)
- downgrade
- restore save (to cartridge or to ROM).
I suggest playing from ROM. Dump your cartridge to ROM file, it's easier to backup .sav

use the Gateway savegame extraction tool to keep a backup of your current progress.

 

[Classicgamer]

fyi for those who were following the 4.5 to 4.2 downgrade quest of mine:

I successfully updated with M&L dream team to 5.x using an actual cart only(gw up method corrupts sysnand even for 5.x updates for me). I then successfully downgraded to 4.2. then I applied cearp flashcardtimewarp.cia to sysnand. now my ak2i is working again!

enjoy!

 

[WelshOne]

I'm still confused about this linked/unlinked sysnand and emunand. Should I have them linked or unlinked before downgrading to 4.5? I've heard different reports :/

 

[MrComputerRevo]

fyi for those who were following the 4.5 to 4.2 downgrade quest of mine:

I successfully updated with M&L dream team to 5.x using an actual cart only(gw up method corrupts sysnand even for 5.x updates for me). I then successfully downgraded to 4.2. then I applied cearp flashcardtimewarp.cia to sysnand. now my ak2i is working again!

enjoy!

Did you use another DS Mode flashcart or Gateway to apply cia? I only have an ak2i and it's blocked on 4.5... Would love to use it again.

 

[bytor]

Didn't someone the other day say they would eat their underpants if Gateway released a downgrader..? lol

 

[Apache Thunder]

Ok, need some help.

Been running fine for a while and thinking of downgrading, is it safe if we don't have a nand hardware mod?

My current setup is:
Sysnand - 9.2
Emunand 9.4

In order to set it up I had to backup and delete my Nintendo 3DS folder on my SD card which contained my Eshop Animal Crossing, I have yet to test it out again after all was said an done because Emunand takes up to much space on my SD card. I also have two physical games Super Mario 3D Land and Dead or Alive Dimensions.

I've played a couple games on emunand that now have save files on the sd card.

This all being said if I were to downgrade right now, what would I break? I am unsure if my emunand is linked at this point.

I downgraded successfully. from 9.2 to 4.2. Emunand is still linked as far as I can tell. Of coarse my goal was to format sysnand without unlinking NNID. Thus the reason I downgraded. Afterwords I then used Pokemon Alpha Sapphire to upgrade back to 7.2 and plan to use Super Smash Bros. 3DS to update to 8.x something. Not sure exactly what version that one updates me to, but it will be the latest available from a game card update.

The reason you don't really want to stay on 4.x fw is that if you played any retail games on 7.x+ fw then their saves will NOT work in classic mode nor in non-gateway mode (basically virgin 3DS without gateway exploit, though the game would just force you to update if you booted without using the gateway exploit).

The new Gateway Ultra 3.0/3.0.1 update still doesn't use the current save game encryption (however Classic Mode in the new update does use the new encryption), so once you dump your games (might effect mainly card2 games) the saves won't work in gateway mode. There's no way around this currently.

I got lucky in my case. There was a way to decrypt PowerSaves saves and I managed to decrypt mine and reimport it into my Pokemon Alpha Sapphire dump (dumped from my personal copy which was the same cart I used on PowerSaves) using SaveDataFiler, and now got my Pokemon save transferred into Gateway mode. The same I can do with Pokemon X once I get that out of the pawn shop.

I personally wouldn't recommend staying on 4.x firmware. It's really old and the only thing you lose by not being on it is the ability to run free CFW (which if you already own a Gateway, this is useless to you) and generating xorpads which requires a custom launcher.dat and currently no custom launcher.dat exists that works with the new ultra 3.x update. I genned xorpads to Pokemon Omega Ruby while I was still on 4.2, but have already updated back to 7.2 this morning. That's how fast I want to get off 4.2.

 

[Arkansaw]

Thank you.


I'll try to explain in an easy way.


Well, games are using different methods and keys to encrypt savegame data.
games using the "6.x" method are using a set of keys available only on SysNAND.

when you are on a 4.5 console (with or without emuNAND) and playing a game requesting the "6.x" encryption key, the key used by the game is read from RealNAND (sysNAND), and the console's NAND don't even know the 6.x key because it's still on 4.5, so it falls back to use 2.x keyset instead of 6.x keyset.


But with updated SysNAND and gateway 3.0, it's now possible to use Gateway Classic emuNAND with console above 6.0
the SysNAND has the 6.0 key, so emuNAND is also using it to encrypt savegames.

All the savegame compatibility depends on the RealNAND version.
Console Real NAND 6.0+ = using new encryption
Console Real NAND 4.x = using old encryption.

if you downgrade from 6.0+ to 4.5, your game cartridge's savegame will not be recognized as it's encrypted with a different key.
and the other way is true too : if you started a "6.x" game on a console with real NAND v4.5, it will not work if you update your console past 6.0

Some games are still requesting the old keys, not all games want the 6.0 keys.
So, games always requesting the 2.0 key work fine whether you are on 4.x or above.

So until gateway tries to store both the old and new keys if they are present and use them with the right save games, it is necessary to stick with the same "family" of sysnand for save game compatibility (this also includes NOT downgrading to 4.x if the console is alrdy past 6.0)