Hacking [Release] PBT-CFW - Import CIAs on your SYSNAND

  • Thread starter Thread starter nop90
  • Start date Start date
  • Views Views 107,406
  • Replies Replies 341
  • Likes Likes 20
If you had a 1.0 launch console and somehow found a way to exploit it, then yes theoretically you could get the best possible compatiblity updating from that. Better yet, you could achieve this simply by nand modding a 1.0 console and dumping it's 1.0 NAND image. Then update the console to 4.x using a game. Then have Gateway create emunand. Then inject the 1.0 NAND dump you made into emunand and do the CIA updates from there. (although would you be able to install DevMan to a 1.0 emunand? Don't know if gateway rom selection menu would work on 1.0 emunand. You could keep them "linked" with 4.5 sysnand and install devman on sysnand and then devman should show up in emunand)

But not sure where you would find a console on 1.0 in this day and age. Not to mention this will pretty much require a nand mod as we can't boot Gateway mode on 1.0 FW.

Just note that cards (like original R4) that didn't work even on 1.0 will still not work on 9.2 after keeping the old TWL_FIRM and DS Cart white list (or just breaking the white list instead but also have the old TWL installed) I don't think cards like N-Card, R4 (and it's many clones), and other older cards didn't work on original 3DS launch firmware.
 
If you had a 1.0 launch console and somehow found a way to exploit it, then yes theoretically you could get the best possible compatiblity updating from that. Better yet, you could achieve this simply by nand modding a 1.0 console and dumping it's 1.0 NAND image. Then update the console to 4.x using a game. Then have Gateway create emunand. Then inject the 1.0 NAND dump you made into emunand and do the CIA updates from there.

But not sure where you would find a console on 1.0 in this day and age. Not to mention this will pretty much require a nand mod as we can't boot Gateway mode on 1.0 FW.
Pretty sure they only started blocking the NDS flashcards in twl_firm in 4.4, before that it was only done with the whitelist.....what I was saying was by disabling the whitelist via the flashcard time warp file you effectively have no whitelist....so even cards that where already blocked in v1.0.0 would work
 
What I am saying is the whitelist was what controlled the blocks in v1.0 even.......so flashcard time warp is even more effective than having a whitelist from 1.0 installed
So in theory let's just say we had R4 elephant edition, and this worked on the dsi, but never worked on the 3ds as it was already in the whitelist even on 1.0, disabling the whitelist completely, not just using a old version, theoretically could mean even r4 elephant edition that never ever worked on any 3ds, would be usable
 
  • Like
Reactions: Margen67
Apache Thunder Thank you for the response. I'm currently importing all the 9.2.0-20 USA CIAs, except for the DS Flashcard Whitelist and the TWL_FIRM, which I downloaded using 3DNUS. I have a Gateway blue card and an Acekard 2i, the latter of which I prefer using. Would it be possible to use your upgrade method to exclude components necessary for Gateway's DS Profile Mode Exploit so we could have an offline exploit on 9.x?
 
  • Like
Reactions: Margen67
Apache Thunder Thank you for the response. I'm currently importing all the 9.2.0-20 USA CIAs, except for the DS Flashcard Whitelist and the TWL_FIRM, which I downloaded using 3DNUS. I have a Gateway blue card and an Acekard 2i, the latter of which I prefer using. Would it be possible to use your upgrade method to exclude components necessary for Gateway's DS Profile Mode Exploit so we could have an offline exploit on 9.x?

No. I think the DS Profile exploit was an exploit patched with NATIVE_FIRM. You can't use 9.2 on a 4.x NATIVE_FIRM because of encryption and other compatibility issues. It would be like tying to boot Windows 7 using MS-DOS....It ain't going to end well. :P

Also if it organizes the folders the same way, don't install anything from the "stage2" folder. That's all n3DS stuff. That's assuming you have a USA console. Does Canada get USA region 3DSes? :P

If 3DNUS doesn't create a stage2 folder...don't use 3DNUS. (only use it to make eShop CIA though). Use UpdateCDN in that case.
 
No. I think the DS Profile exploit was an exploit patched with NATIVE_FIRM. You can't use 9.2 on a 4.x NATIVE_FIRM because of encryption and other compatibility issues. It would be like tying to boot Windows 7 using MS-DOS....It ain't going to end well. :P

Also if it organizes the folders the same way, don't install anything in the "stage2" folder. That's all n3DS stuff. That's assuming you have a USA console. Does Canada get USA region 3DSes? :P

Yeah, the 3DSes in Canada and in US are the same region. But for 3DNUS, I specified the firmware version (9.2.0-20) and the region (USA) and I installed the CIAs and booted EmuNAND. There was some configuration pop-up or something but when it finished, the screens stayed black even though the notification LEDs and the wireless LED were functioning normally. I rebooted into SysNAND, but EmuNAND won't boot past that black screen. Is that because I have to replace the firm1 and firm0 files from my 9.x SysNAND backup?

Edit: Nevermind! EmuNAND booted fine! Gonna inject my SysNAND 9.x firm1 and firm0 into my EmuNAND. And about that stage2 New3DS specific firmware, does it cause the EmuNAND to not boot or only the SysNAND? I just want to make sure before I restore the modified NAND.BIN because I don't have a hard mod.
 
Ok just a little theory, and I'm not sure if it will work.
So, if we have a signed cia for Firmware 8+ on it, and install it to sysnand with this CFW, we will not be able to launch it in Sysnand without updating, right?
And then, if we install an 9.5 EMUnand, will we be able to start it then there?
 
Emunand should boot regardless if you fixed the firm0/firm1 partitions or not. You might have installed n3DS stuff. I'd recommend starting over and finding the n3DS stuff. It will probably be easier for you to avoid n3DS stuff by just using UpdateCDN instead as it puts all the n3DS stuff into it's own folder which you can avoid.

But if you must use 3DNUS, then here's the list of all the filenames in the stage2 folder. They should be sprinkled through out the folder 3DNUS created, so you'll need to find and remove them:

Code:
0004013020002403.cia
0004013020002703.cia
0004013020002903.cia
0004013020003103.cia
0004013020003203.cia
0004013020003303.cia
0004013020004002.cia
0004013020004102.cia
0004013020004202.cia
0004013020008003.cia
0004013820000002.cia
0004013820000003.cia
0004013820000102.cia
0004013820000202.cia
000400DB20016302.cia
000400102002CF00.cia
000400102002D100.cia
000400102002D300.cia
000400102002D500.cia
000400302000C503.cia
000400302000C803.cia
0004001020021D00.cia
0004003020008A03.cia
0004013020001A03.cia
0004013020001B03.cia
0004013020001C02.cia
0004013020001C03.cia
0004013020001D03.cia
0004013020001E02.cia
0004013020001E03.cia
0004013020001F02.cia
0004013020001F03.cia
0004013020002C03.cia
0004013020002D03.cia
0004013020002E03.cia
0004013020002F03.cia
0004001020021300.cia
0004001020024100.cia
0004003020009402.cia
0004013020001503.cia
0004013020001602.cia
0004013020001703.cia
0004013020001803.cia
0004013020002103.cia
0004013020002202.cia
0004013020002203.cia
0004013020002302.cia
0004013020002303.cia

All of those are n3DS only and should not be installed on a 3DS. Remember, if emunand does not boot, it will definitely not boot on sysnand. So make sure emunand works before you move on in the process!

And these will be the CIAs you avoid so you can keep the old TWL and DS Cart whitelist:

Code:
0004013800000102.cia      <---TWL_FIRM
0004800F484E4841.cia      <---DSCartWhitelist

Make sure you are using DevMan 6.2 (or BigBlueMenu, but I have not tested that one). Old versions of DevMenu will not work and Big Red Menu will not install most of them correctly either.


Also, we are derailing this topic a bit with this as it doesn't really involve PBT-CFW. You can PM me further on this topic. ;)
 
Just for shits and giggles I tried a private release of Dsiware Zelda Four Swords Adventures (the same one mentioned here)

Booted to a black screen An error has occurred hold the power etc... I want to add that when I tried other non signed cia files from 3ds conversions it didn't boot past the home screen IE no black screen
 
You can install also other CIA on your sysnand (and entering in data management will not clean them anymore ;)) but you can run them only launching the CFW.
I have never lost anything by entering data management. Nothing at all.
 
If I have a linked sysnand and emunand could I install a cia patch for pokemon alpha sapphire on the 4.2 sysnand and have it work on emunand 9.4? (the latest firmware doesn't work because the game gets switched to Japanese and can't use battle spot)

Thanks
 
Emunand should boot regardless if you fixed the firm0/firm1 partitions or not. You might have installed n3DS stuff. I'd recommend starting over and finding the n3DS stuff. It will probably be easier for you to avoid n3DS stuff by just using UpdateCDN instead as it puts all the n3DS stuff into it's own folder which you can avoid.

But if you must use 3DNUS, then here's the list of all the filenames in the stage2 folder. They should be sprinkled through out the folder 3DNUS created, so you'll need to find and remove them:

Code:
0004013020002403.cia
0004013020002703.cia
0004013020002903.cia
0004013020003103.cia
0004013020003203.cia
0004013020003303.cia
0004013020004002.cia
0004013020004102.cia
0004013020004202.cia
0004013020008003.cia
0004013820000002.cia
0004013820000003.cia
0004013820000102.cia
0004013820000202.cia
000400DB20016302.cia
000400102002CF00.cia
000400102002D100.cia
000400102002D300.cia
000400102002D500.cia
000400302000C503.cia
000400302000C803.cia
0004001020021D00.cia
0004003020008A03.cia
0004013020001A03.cia
0004013020001B03.cia
0004013020001C02.cia
0004013020001C03.cia
0004013020001D03.cia
0004013020001E02.cia
0004013020001E03.cia
0004013020001F02.cia
0004013020001F03.cia
0004013020002C03.cia
0004013020002D03.cia
0004013020002E03.cia
0004013020002F03.cia
0004001020021300.cia
0004001020024100.cia
0004003020009402.cia
0004013020001503.cia
0004013020001602.cia
0004013020001703.cia
0004013020001803.cia
0004013020002103.cia
0004013020002202.cia
0004013020002203.cia
0004013020002302.cia
0004013020002303.cia

All of those are n3DS only and should not be installed on a 3DS. Remember, if emunand does not boot, it will definitely not boot on sysnand. So make sure emunand works before you move on in the process!

And these will be the CIAs you avoid so you can keep the old TWL and DS Cart whitelist:

Code:
0004013800000102.cia      <---TWL_FIRM
0004800F484E4841.cia      <---DSCartWhitelist

Make sure you are using DevMan 6.2 (or BigBlueMenu, but I have not tested that one). Old versions of DevMenu will not work and Big Red Menu will not install most of them correctly either.


Also, we are derailing this topic a bit with this as it doesn't really involve PBT-CFW. You can PM me further on this topic. ;)
thank you for this information ;), i will create a version of 3dNUS which will select the right .cia files for an old or new 3ds
 
Basically all n3DS stuff have a "2" in a certain position in the file name. Example:

0004013020002403.cia

From what I recall the same holds true for other region fw as well. This naming convention is exclusive to n3DS stuff, and all the standard 3DS titles will not have that 2 there.
 
After Cearp confirmed that system updates CIA made with UpdateCDN have a good sign, I installed the browser from 7.1.0-16 US (0004003000009402.cia) on my US 3DS and it works fine. I'll update later my other 2 EU 3DS with the 7.1.0-16 EU browser (0004003000009D02.cia) to check my 2 cubic ninja carts.

(Updated also the OP)
 
hey, just wondering something, if i were to install all the 9.4.0 CIAs but the one for the browser, would the spider exploit still work ?
 
hey, just wondering something, if i were to install all the 9.4.0 CIAs but the one for the browser, would the spider exploit still work ?

Install a sys update different from the browser with this tool, and you'll propably brick the 3DS.

If you want to experiment, use a hard modded 3DS so you can restore your nand if it bricks.
 
  • Like
Reactions: Margen67

Site & Scene News

Popular threads in this forum