Hacking GATEWAY 3.2 ULTRA PUBLIC BETA

[Farowe]

Simple solution is available and still the simplest of all and works, it's Sky3DS. GW since the beginning has never been easy to use but that's the beauty of it... it allows for more than just being a flashcart... and that's a good thing IMO.

Sky3ds doesn´t have very much time since it released into the market so gateway already had a pre-existent market share by the time sky3ds was released.

Now, even the early gateway procedure to install the hack (the original mset exploit) wasn´t simple if we compare it to sky3ds but atleast the instructions were pretty clear (basically drag and drop files through the microsd cards and the main sd, launch ds cart, install hack, launch ds profile = success!). And thats my actual critic to gateway, that the instructions were everything but clear, if it weren´t for this board i wouldn´t have been able to install the mset hack on my n3ds: the instructions provided by gateway would have led me to nowhere.

 

[idx13]

Everything you would need to know is on the gateway user manual, or in this forum. Doing some google search wouldn't hurt too
MSET is the system setting app on 3ds.

It's SO much easier asking actual humans than searching blindly. If people have a problem with it because they have some vendetta against what they deem internet "lazy" they need to reevaluate their priorities.

Someone, could you at least tell me what file i need to look for for european new 3ds?

 

[Just3DS]

It's SO much easier asking actual humans than searching blindly. If people have a problem with it because they have some vendetta against what they deem internet "lazy" they need to reevaluate their priorities.

Someone, could you at least tell me what file i need to look for for european new 3ds?

lt's in the GW Ultra 3.2 pack. There is a new folder with three different CIAs one for each region, make sure you select the right one.

 

[Shadowhawk64]

Is there anyway I can get 9.5 settings back on emuNAND without restoring a previous emuNAND backup? I accidentally installed that CIA on my emuNAND. Other than that, everything's working.

 

[Canadacdn]

-snip-

 

[VinsCool]

It's SO much easier asking actual humans than searching blindly. If people have a problem with it because they have some vendetta against what they deem internet "lazy" they need to reevaluate their priorities.

Someone, could you at least tell me what file i need to look for for european new 3ds?

You will need:
-Gateway launcher.dat 3.2, file put in your 3ds sdcard
-an exploit game (Cubic ninja or zelda OOT)
-Your gateway cart
and:

If you downgraded your emunand system settings or want to undo the downgrade in sysnand : https://gbatemp.net/threads/3dnus.376488/
then enter these titles depending on your region and install via devmenu
US = 0004001000021000 9.0-9.5 = v8203
EU = 0004001000022000 9.0-9.5 = v8202 ==> european version
JPN = 0004001000020000 8.1-9.5 = v9224

 

[Just3DS]

Is there anyway I can get 9.5 settings back on emuNAND without restoring a previous emuNAND backup? I accidentally installed that CIA on my emuNAND. Other than that, everything's working.

Read last paragraph in first post of this topic.

 

[VinsCool]

I just had a though. Let's say someone install the downgraded mset in a 9.7 emunand (old 3ds) or 9.5 (new 3ds), then extract the emunand from the sd card and restore to the sysnand the "hacked" nand.bin. Would this in theory allow to load gateway in "latest system version"?

 

[HtheB]

Finally, got the rop installer to work with this Attached.

I can only test on USA n3ds so, EU and JPN let me know if it works for you too.

If not, please install the GW menu NVRAM installer then immediatly dump your DS profile with this app
https://gbatemp.net/threads/release-nvram-flash-manager.383838/
and send it to me (just the last 0x200 bytes of your nvram, i don't want to know your wifi password )

Did anyone try this out on an EUR console?

 

[Ra1d]

NVM.

 

[VinsCool]

Short answer : Nope.

That's what I thought Thanks for confirming.

 

[1alien1]

i installed everything on my virgin n3dsxl eu version. i have emunand and sysnand like on my o3dsxl. both are at fw 9.0.
now i have some questions:

1) can i unlink emunand still from sysnand like with the o3dsxl or will resetting the n3ds with the sd card removed somehow erase some of the hacks (dont really understand what nvram and mset is and what those do). if so, how will i do it?

2) i havent logged in into any eshop with this n3ds yet, i wondered about downloading e.g smash updated but i wont be able to since the fw limit in emunand right? so no online gaming with the n3dsxl for yet and i dont have to bother thinking about eshop? im asking since i read many threads about corrupt nnid etc.

3)downgrading with the n3dsxl is not possible as of yet right?

4) can i use the oot hack to get into my 2nd o3dsxl which is on 9.2 to hack it and downgrade directly to 4.5?

thanks for the replies. very grateful!

 

[gamesquest1]

I just had a though. Let's say someone install the downgraded mset in a 9.7 emunand (old 3ds) or 9.5 (new 3ds), then extract the emunand from the sd card and restore to the sysnand the "hacked" nand.bin. Would this in theory allow to load gateway in "latest system version"?

slightly longer answer, no, because the exploits used to enter GW mode would still be fixed in 9.7, only difference is you would be able to use basic userland rop code like the ram dumper......but essentially useless

 

[Ra1d]

That's what I thought Thanks for confirming.

Actually, re-reading your question, I got it wrong, I thought you meant if you take a regular emuNAND and inject it into sysNAND, I'm not really sure about NVRAM, so I can't say for sure, so wait for someone more knowledgabale to answer

Edit***

There you go.

 

[Kikirini]

Forgive me if this has been asked before, but Dev Menu black screens every time I try to open it. Is anyone else having this issue, and if so, what is the solution?

 

[VinsCool]

slightly longer answer, no, because the exploits used to enter GW mode would still be fixed in 9.7, only difference is you would be able to use basic userland rop code like the ram dumper......but essentially useless

Wouldn't it be, in theory, be possible to exploit this ROP and maybe someday, have a new exploit through the downgraded mset?

 

[VinsCool]

Forgive me if this has been asked before, but Dev Menu black screens every time I try to open it. Is anyone else having this issue, and if so, what is the solution?

Yes, try to get another version of dev menu on google. Or better, try with FBI.

 

[Kikirini]

Yes, try to get another version of dev menu on google. Or better, try with FBI.

Okay. It figures the one time I use Dev Menu, it doesn't work >.<

 

[gamesquest1]

Wouldn't it be, in theory, be possible to exploit this ROP and maybe someday, have a new exploit through the downgraded mset?

well the exploit would be relying on you have an exploit with full capabilities in the first place to downgrade MSET......in which case you would only achieve MSET rop from an already exploited system......non exploitable systems would have an updated MSET and not be susceptible to running code through MSET, and CN and oot could still be used for pretty much the same purpose, its just the later stages that dont exist on 9.3+

 

[VinsCool]

Okay. It figures the one time I use Dev Menu, it doesn't work >.<

I know what you mean. I had to burrow until I found the working version of it. I tried like 3 different files until it worked in my end. You could also look for BigBlueMenu. It virtually is the same as devmenu.

well the exploit would be relying on you have an exploit with full capabilities in the first place to downgrade MSET......in which case you would only achieve MSET rop from an already exploited system......non exploitable systems would have an updated MSET and not be susceptible to running code through MSET, and CN and oot could still be used for pretty much the same purpose, its just the later stages that dont exist on 9.3+

Ok, that made sense. So, if it happen a new exploit is found, those entrypoints might still be useful, right?