Hacking How can I hack 1.0.0-0U 3ds?

[xdrz]

I recently got a 1.0.0-0U O3DS
And i found that even i update my firmeare by retail cart, there won't be browser installed
so i am thinking how to upgrade and hack it?

This is the way i am thinking:
-upgade to 2.1 by retail cart(fifa12)(that's only cart i see which's cheap in price now)
(necessary version for rxtool)
-Use gw menu by nds flashcard
-format emunand
-install rxtool by nds flashcard
-inject fbi into 3ds sysnand by rxtool
-install and use sysupdater cia by fbi to install 4.5 firmware downloaded from internet

Now i have 3ds with browser and on firmware 4.5?
the problem i concern is that
can i install gw menu in 2.1ver?
can i use sysupdater in 2.1ver?

If it is possible, i am going to buy a nds flashcard from internet's shop,
so i would like to ask if it's possible before buying it?

Or is it possible to use download play by my 4.4j o3ds with 9.5u emunand for the system upgrade on my 1.0u 3ds?

 

[MelonGx]

This is the way i am thinking:
-upgade to 2.1 by retail cart(fifa12)(that's only cart i see which's cheap in price now)
(necessary version for rxtool)
Wrong. GW only directly supports 4.1-4.5 MSET exploit.
You have to upgrade to 4.1-4.5 but not 2.1 by cart.
-Use gw menu by nds flashcard
-format emunand
-install rxtool by nds flashcard
-inject fbi into 3ds sysnand by rxtool
-install and use sysupdater cia by fbi to install 4.5 firmware downloaded from internet
You need to run Sysupdater on Devmode, not rxMode, otherwise it will BRICK!

Or is it possible to use download play by my 4.4j o3ds with 9.5u emunand for the system upgrade on my 1.0u?
Download Play never transfers upgrade pack.

 

[xdarkmario]

sorry to be off topic but where the hell did you get a Launch 3ds 0__0

 

[Normmatt]

I recently got a 1.0.0-0U O3DS
And i found that even i update my firmeare by retail cart, there won't be browser installed
so i am thinking how to upgrade and hack it?

This is the way i am thinking:
-upgade to 2.1 by retail cart(fifa12)(that's only cart i see which's cheap in price now)
(necessary version for rxtool)
-Use gw menu by nds flashcard
-format emunand
-install rxtool by nds flashcard
-inject fbi into 3ds sysnand by rxtool
-install and use sysupdater cia by fbi to install 4.5 firmware downloaded from internet

Now i have 3ds with browser and on firmware 4.5?
the problem i concern is that
can i install gw menu in 2.1ver?
can i use sysupdater in 2.1ver?

If it is possible, i am going to buy a nds flashcard from internet's shop,
so i would like to ask if it's possible before buying it?

Or is it possible to use download play by my 4.4j o3ds with 9.5u emunand for the system upgrade on my 1.0u 3ds?

You can use cubic ninja to exploit 1.0.0E its not very stable but its enough to get basic arm9 control (after a few retries). Scan http://i.imgur.com/7Q35Tuy.png and it will load the file load.bin into fcram at 0x23F00000 and start execution (size is limited to 0x3000 bytes)

This is how to retrieve the framebuffer addresses:
*(volatile uint32_t*)0x80FFFEC = *(volatile uint32_t*)0x23FFFF18;
*(volatile uint32_t*)0x80FFFC0 = *(volatile uint32_t*)0x23FFFE00; // framebuffer 1 top left
*(volatile uint32_t*)0x80FFFC4 = *(volatile uint32_t*)0x23FFFE04; // framebuffer 2 top left
*(volatile uint32_t*)0x80FFFC8 = *(volatile uint32_t*)0x23FFFE08; // framebuffer 1 top right
*(volatile uint32_t*)0x80FFFCC = *(volatile uint32_t*)0x23FFFE0C; // framebuffer 2 top right
*(volatile uint32_t*)0x80FFFD0 = *(volatile uint32_t*)0x23FFFE10; // framebuffer 1 bottom
*(volatile uint32_t*)0x80FFFD4 = *(volatile uint32_t*)0x23FFFE14; // framebuffer 2 bottom
*(volatile uint32_t*)0x80FFFD8 = *(volatile uint32_t*)0x23FFFE18; // framebuffer select top
*(volatile uint32_t*)0x80FFFDC = *(volatile uint32_t*)0x23FFFE1C; // framebuffer select bottom

uint32_t topScreenSelect = *(volatile uint32_t*)0x080FFFD8;
uint8_t* topScreen_left = (uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC0 + 4*(topScreenSelect&1)));
uint8_t* topScreen_right = (uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC8 + 4*(topScreenSelect&1)));

uint32_t bottomScreenSelect = *(volatile uint32_t*)0x080FFFDC;
uint8_t* bottomScreen = (uint8_t*)(*(uint32_t*)0x080FFFD0 + 4*(bottomScreenSelect&1));

 

[zoogie]

You can use cubic ninja to exploit 1.0.0E its not very stable but its enough to get basic arm9 control (after a few retries). Scan http://i.imgur.com/7Q35Tuy.png and it will load the file load.bin into fcram at 0x23F00000 and start execution (size is limited to 0x3000 bytes)

That would be really useful for those stuck without a browser on higher firmwares. Could you provide the source or maybe a version that will work 5.0-9.2? (i have a hunch this uses a simpler arm9 exploit to fit < 6K but I though i'd try to ask anyway)

 

[Asia81]

1.0 oO?

You bought it the first day and never opened xD?

 

[xdrz]

That would be really useful for those stuck without a browser on higher firmwares. Could you provide the source or maybe a version that will work 5.0-9.2? (i have a hunch this uses a simpler arm9 exploit to fit < 6K but I though i'd try to ask anyway)

May i ask ehat is arm9 ?

1.0 oO?

You bought it the first day and never opened xD?

I just bought it from a person who had not played 3ds for few years

 

[PandaMayFire]

You have quite the rarity there

 

[xdrz]

You have quite the rarity there

Haha...It may be valuable if i keep its version and don't play with it >0<

 

[Syphurith]

Haha...It may be valuable if i keep its version and don't play with it >0<

Just with a proper set up hard-mod, you can get the 1.0.0-U NAND dump!
The version is so rare, and i bet there are some devs would like to check your NAND dump with xorpad (see them on efnet, #3dsdev).
Just after hard mod dumped (you have to dump it several times in order to confirm it working properly)
You could update it to 4.x with a retail cart (find yourself a name in 3dsdb.com and borrow it) and use rxtools to get your NAND xorpad.
Then, you could play CIA games with it (don't forget to get a big SD card if you do so).
Note: Even years ago nintendo CDN didn't contain such a firmware version. Super rare.

 

[loco365]

Just with a proper set up hard-mod, you can get the 1.0.0-U NAND dump!

Yes, definitely do a NAND dump. 1.0.0 3DS systems do not show up that often and I bet a lot of devs would like to take a peek into the system. If you can find a way to perhaps boot rxTools or another CFW that supports NAND dumping, perhaps you can decrypt it and show the world its secrets.

 

[zoogie]

Just with a proper set up hard-mod, you can get the 1.0.0-U NAND dump!
The version is so rare, and i bet there are some devs would like to check your NAND dump with xorpad (see them on efnet, #3dsdev).
Just after hard mod dumped (you have to dump it several times in order to confirm it working properly)
You could update it to 4.x with a retail cart (find yourself a name in 3dsdb.com and borrow it) and use rxtools to get your NAND xorpad.
Then, you could play CIA games with it (don't forget to get a big SD card if you do so).
Note: Even years ago nintendo CDN didn't contain such a firmware version. Super rare.

If you look a few posts up you can see that normmatt posted a method to dump the nand without a nand mod. Just need cubic ninja.

 

[MelonGx]

BTW, do not cart-upgrade your 1.X consoles to 7.0 or higher!

For 4.1-6.3 console, you can use either MSET exploit or Spider hack to boot GW/CFW.
But for 7.0-9.2 console, you can only use Spider hack.

Unfortunately, 1.X has NO Browser.
Cartridge upgrading doesn't build/upgrade browser either.

So if a console is 7.0.0-0/1 ~ 9.2.0-0/1 (excluding 8.1.0-0J N3DS), it's unhackable & unfixable.

 

[MrJason005]

BTW, do not cart-upgrade your 1.X consoles to 7.0 or higher!

For 4.1-6.3 console, you can use either MSET exploit or Spider hack to boot GW/CFW.
But for 7.0-9.2 console, you can only use Spider hack.

Unfortunately, 1.X has NO Browser.
Cartridge upgrading doesn't build/upgrade browser either.

So if a console is 7.0.0-0/1 ~ 9.2.0-0/1 (excluding 8.1.0-0J N3DS), it's unhackable & unfixable.

Does ninjhax work on that range?

 

[EmceeKerser]

Does ninjhax work on that range?

no. Ninjhax relies on the browser to work

 

[xdrz]

If you look a few posts up you can see that normmatt posted a method to dump the nand without a nand mod. Just need cubic ninja.

no. Ninjas relies on the browser to work

so can i use cubic ninja to dump nand?
and how can i dump nand by cubic ninja?(place the GW launcher?)

 

[The Real Jdbye]

so can i use cubic ninja to dump nand?
and how can i dump nand by cubic ninja?(place the GW launcher?)

You'd have to find a NAND dumper that's made to work with that exploit, I kinda doubt one exists.
Anyway in the end your only option for hacking it is to get a game with 4.x on it and update using that.

 

[OctopusRift]

I love creating memes

 

[Xenon Hacks]

@capito27 How can this man dump his NAND and would it be of any use to you dev's?

 

[Syphurith]

so can i use cubic ninja to dump nand?
and how can i dump nand by cubic ninja?(place the GW launcher?)

(Sorry these are misleading, cause Normatt tells me he has ways to run arm9 payload on 1.x. Still i would recommend a hard-mod)
Do please not think of cubic ninja if you want to have your 1.0.0-U nand dump.
I don't know any working method for 1.0.0 with MSET, this is really rare so no software method supported currently for nand dumping for such a version.
Just find yourself a hard-mod guide, or ask for someone to help you with the mod, or even..
You could ask them if they want the dump first on irc, so some guys may even tell you who is an expert on modding it.
Any updates applied and your NAND dump would be significantly no special use.
For CN you would need to launch the game first, which would surely update it, also without updating browser, and that would be above 4.x.
The only way for you to choose if you want to get it hacked is find yourself a cart with 4.5 update, so you could use MSET.
Still if you think you would like to keep the special NAND dump, do a hard-mod, there isn't any other known ways.

EDIT:: If you've already updated it by yourself, hope you do update it to 4.x in order to be able to hack it.