Hacking [How did this happen!?] Custom theme installed on Sysnand 9.6

boomie0123

boomie0123

Well-Known Member
OP
Member
Level 2
Joined
Mar 11, 2010
Messages
113
Trophies
0
XP
200
Country
United States
Okay, before anyone tells me this isn't possible and didn't happen, listen to this:

I bought a N3DS XL running on sysnand 9.0 and installed gateway emunand on it. I installed a bunch of CIA files and even a custom Jibanyan theme! (Unlinked NANDs of course) Everything was going awesome, but then the regular N3DS exploit came out, so I decided to gift the N3DS XL to my little sister. At this point I had emunand still installed on the 3DS XL SD card when I gave it to her. I then formatted sysnand and cleaned up the system, making it look as new as possible to gift it to her.

This is where it gets real.

She opens up the N3DS XL and sets it up like normal. Then the homescreen shows up. The Jibanyan JPN only theme is still installed on a US N3DS XL SysNAND. My first though was "Wait. What? THAT SHOULDN'T BE POSSIBLE. How did EmuNAND cross over to SysNAND!?" She was excited because she loves Yokai Watch, so I figured it was a plus. Then came the next step : We updated SysNAND to 9.6 and the Jibanyan JPN theme was still there. BUT SYSNAND DOESN'T LET EXPLOITS RUN? ESPECIALLY NOT UNSIGNED CODE? This is where I'm stuck at... HOW DID THIS HAPPEN!?

Sad part now is that she saved the theme under theme manager, then tried to load it and it spit back the error of "Cannot load theme". So as of right now, Jibanyan is dead, but his custom theme still shows up under saved themes.

Can anyone chime in on how this is even possible, and if there's any way to force the saved theme to load?

tl;dr: Custom JPN theme that was installed on unlinked EmuNAND, was somehow installed on US SysNAND, then SysNAND was updated to 9.6, and the theme was still there. How did this happen?

Here's a picture for what I'm talking about:
WP_20150416_16_51_47_Pro.jpg

Bumping for any response! I really want to know what happened here.
 
  • Like
Reactions: Margen67
misterb98

misterb98

Moral Gateway User. Wat.
Member
Level 3
Joined
Aug 24, 2010
Messages
449
Trophies
0
XP
290
Country
United States
boomie0123 said:
But I entered the shop and even downloaded demos. The theme was still there. It only went away when she tried to load it up as a saved theme.
Click to expand...
This probably has something to do with the theme cache. It is currently loaded into the cache and thus will continue to work without checks. Pretty sure this is why you can have custom themes on sysNAND through NINJHAX.
 
  • Like
Reactions: Margen67
boomie0123

boomie0123

Well-Known Member
OP
Member
Level 2
Joined
Mar 11, 2010
Messages
113
Trophies
0
XP
200
Country
United States
misterb98 said:
This probably has something to do with the theme cache. It is currently loaded into the cache and thus will continue to work without checks. Pretty sure this is why you can have custom themes on sysNAND through NINJHAX.
Click to expand...


But then since that's stored on the SD card, wouldn't it be able to inject it in or something?
 
  • Like
Reactions: Margen67
mid-kid

mid-kid

GBAtemp spamBOT
Member
Level 7
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
I've been noticing, that if you format emuNAND to unlink the NANDs, every new emuNAND you make (and format) has the exact same ID (Thus will inherit the other's extdata, including themes). So, if you format emuNAND, and then format sysNAND, you will have the same ID and extdata foler on the SD card, thus they will be linked again.
 
  • Like
Reactions: boomie0123
boomie0123

boomie0123

Well-Known Member
OP
Member
Level 2
Joined
Mar 11, 2010
Messages
113
Trophies
0
XP
200
Country
United States
mid-kid said:
I've been noticing, that if you format emuNAND to unlink the NANDs, every new emuNAND you make (and format) has the exact same ID (Thus will inherit the other's extdata, including themes). So, if you format emuNAND, and then format sysNAND, you will have the same ID and extdata foler on the SD card, thus they will be linked again.
Click to expand...

That actually explains a lot! Essentially you could totally get a custom theme like that on the newest FW. I mean, you wouldn't be able to change it, but still! Only bummer now is if there's any way to recover it....
 
GhostLatte

GhostLatte

GBAtemp's Official Van Master™
Member
GBAtemp Patron
Level 21
Joined
Mar 26, 2015
Messages
3,651
Trophies
3
Age
24
XP
11,180
Country
United States
It seems that custom themes are stored in the Nintendo 3DS folder as I removed all of Ninjhax and the theme still works on my N3DS in sysNAND.
 
  • Like
Reactions: Margen67
Searinox

Searinox

"Dances" with Dragons
Member
Level 10
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,203
Country
Romania
So in other words unique firmware IDs are not generated randomly but deterministically? Reformatting either one or the other will have them go through the same new IDs in the same order?
 
  • Like
Reactions: Margen67

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    RedColoredStars @ RedColoredStars: The tots through Tina quotes are Napoleon. No free drinks and the big brown finger are Greasy...