Homebrew System transfer without updating, Is it possible? 9.9.0.26U FW

Acryt

Well-Known Member
OP
Member
Joined
Aug 22, 2015
Messages
310
Trophies
0
XP
169
Country
United States
I wnat to transfer from my o3DS -> to N3DS XL I just got today and both are the same FW on 9.9.0.26U, but it requires you to update. Is it possible to do this?

Tried a hans FW spoof, but it just blackscreens when using system transfer. ho hum..
 
Last edited by Acryt,
  • Like
Reactions: OctopusRift

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
I wnat to transfer from my o3DS -> to N3DS XL I just got today and both are the same FW on 9.9.0.26U, but it requires you to update. Is it possible to do this?

Tried a hans FW spoof, but it just blackscreens when using system transfer. ho hum..
Same here. I tried launching System Settings with HANS and the fw spoof on my 9.4 O3DS and going to start a system transfer and got a black screen. I think the transfer is handled by a different title than MSET.

One thing I noticed is that using HBL to spoof the firmware and launch the eshop prevented me from exiting the eshop without powering down the system and restarting it.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
hmmn... from what I know... Spider don't work on those new FW, right? I have one file to spoof eShop and maybe Sys Transfer, tried to the screen where it search for the console...

If you use HBL to spoof the eshop directly, you cannot exit the eshop without doing a hard reboot (hold the power button down). Nearest I can tell using HANS to spoof the fw for any title only applies the spoof until you exit the title.
 

MAXLEMPIRA

Legends are Made from True Stories...
Member
Joined
Jun 24, 2012
Messages
1,039
Trophies
1
Age
32
Location
Kanto <- Hyrule -> Unova
Website
maxlempira.deviantart.com
XP
1,751
Country
Mexico
If you use HBL to spoof the eshop directly, you cannot exit the eshop without doing a hard reboot (hold the power button down). Nearest I can tell using HANS to spoof the fw for any title only applies the spoof until you exit the title.
the file I use is for Spider, a Code.bin for the internet browser, go to a site, exit internet app and then open eShop or Sys Settings, I want to do a Sys Transfer from one 2DS to another one, the (New) 2DS I bought is about to arrive in the mail, so, as far as I can go in Sys Transfer settings is to the part where it search for the Target System, and never ask me for an Update or something, I'm on 9.2, so... I assume that it maybe don't work for both of you :/
 
D

Deleted User

Guest
I've been poking around with the same idea myself. If you dump and decompress the ExeFS code.bin of the 9.6+ System Transfer application (orange box icon with "???" title and description in title selector), you can open it up with a hex editor, change the 4 bytes at offset 0x7BC38 from "08 00 D4 E5" to "00 00 A0 E3", and use the patched code binary with HANS. That should bypass the update check.

Do note that I haven't tested an actual transfer with this. I'm planning to get a N3DS soon, but I don't have it yet.
 
Last edited by ,

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
the file I use is for Spider, a Code.bin for the internet browser, go to a site, exit internet app and then open eShop or Sys Settings, I want to do a Sys Transfer from one 2DS to another one, the (New) 2DS I bought is about to arrive in the mail, so, as far as I can go in Sys Transfer settings is to the part where it search for the Target System, and never ask me for an Update or something, I'm on 9.2, so... I assume that it maybe don't work for both of you :/
No, if we were on 9.2 we would just use freemultipatcher to patch nim.

--------------------- MERGED ---------------------------

I've been poking around with the same idea myself. If you dump and decompress the ExeFS code.bin of the 9.6+ System Transfer application (orange box icon with "???" title and description in title selector), you can open it up with a hex editor, change the 4 bytes at offset 0x7BC38 from "08 00 D4 E5" to "00 00 A0 E3", and use the code binary with HANS. That should bypass the update check.

Do note that I haven't tested an actual transfer with this. I'm planning to get a N3DS soon, but I don't have it yet.

I actually just tried to open that with HANS and I THOUGHT I enabled the fw spoof (but maybe i didnt) and got a "you must update the system" message.

Any idea if that offset and values will work with the 9.4 version? Updating to 9.6 is not an option for me as I need to be able to transfer to a system that is on 9.0
 
D

Deleted User

Guest
Any idea if that offset and values will work with the 9.4 version? Updating to 9.6 is not an option for me as I need to be able to transfer to a system that is on 9.0
It depends on how much the System Transfer app changed in the 9.6 update. It's definitely possible, but the offset might have changed.

Also, the normal firmware spoofing option did not seem to work for me, which prompted me to come up with this manual patch.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
It depends on how much the System Transfer app changed in the 9.6 update. It's definitely possible, but the offset might have changed.

Also, the normal firmware spoofing option did not seem to work for me, which prompted me to come up with this manual patch.

Just tested again and confirmed I did in fact have the spoof checked and got the same error. Going to make sure I have the most up to date packages as I seem to remember Smea mentioning some issues with HANS (idr if it was spoof related or not) and releasing an update after I grabbed mine.

What is the worst that could happen if I did attempt to do it using the manual patch you suggested? Worst case scenario?
 
D

Deleted User

Guest
Just tested again and confirmed I did in fact have the spoof checked and got the same error. Going to make sure I have the most up to date packages as I seem to remember Smea mentioning some issues with HANS (idr if it was spoof related or not) and releasing an update after I grabbed mine.

What is the worst that could happen if I did attempt to do it using the manual patch you suggested? Worst case scenario?
It could end up changing something completely different if the offsets changed. Especially don't do it if the existing bytes at that offset are not the ones I mentioned.

I'll see if I can dump and check the 9.0-9.5 version.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
It could end up changing something completely different if the offsets changed. Especially don't do it if the existing bytes at that offset are not the ones I mentioned.

I'll see if I can dump and check the 9.0-9.5 version.

Ok two questions then, if the required bytes are different, whats the worst that could happen? app crashes and nothing starts? or i get half way through the transfer and fuck both systems?

Second, assuming the values are good and it accepts the transfer, what is the worst case scenario? I lose my shit (well saves since I assume Nintendo can restore my NNID)? Or do I risk bricking the N3DS?
 

Acryt

Well-Known Member
OP
Member
Joined
Aug 22, 2015
Messages
310
Trophies
0
XP
169
Country
United States
It could end up changing something completely different if the offsets changed. Especially don't do it if the existing bytes at that offset are not the ones I mentioned.

I'll see if I can dump and check the 9.0-9.5 version.
Thanks for looking into this, any chance you can check the 9.9.x version as well?
 

GBAFail

Smell my finger.
Member
Joined
Oct 26, 2015
Messages
491
Trophies
0
Location
Uranus
XP
321
Country
United States
If you use HBL to spoof the eshop directly, you cannot exit the eshop without doing a hard reboot (hold the power button down). Nearest I can tell using HANS to spoof the fw for any title only applies the spoof until you exit the title.
L + R + Down + B :P

^ Return to HBL from eShop.
 
D

Deleted User

Guest
Ok two questions then, if the required bytes are different, whats the worst that could happen? app crashes and nothing starts? or i get half way through the transfer and fuck both systems?

Second, assuming the values are good and it accepts the transfer, what is the worst case scenario? I lose my shit (well saves since I assume Nintendo can restore my NNID)? Or do I risk bricking the N3DS?
If the required bytes are different, it definitely is the wrong place to patch. It could do various things depending on what is patched, so I wouldn't try it.

As far as I can tell, if the patch is successful nothing should go wrong, but once again, I haven't been able to personally test it yet. If something DID somehow go wrong, worse case scenario you would probably lose saves, data, etc. and maybe have to get Nintendo to manually relink your NNID to the new system, assuming that something went wrong there.
Thanks for looking into this, any chance you can check the 9.9.x version as well?
The System Transfer app is the same from 9.6.0-10.2.0, so it should be fine.
 
Last edited by ,

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
Can someone point me in the general direction of a tutorial on dumping and decrypting the exefs code.bin?

The System Transfer title was updated in 9.6, so I am 99% sure the offest and values you listed won't be any good.

Wish I knew why HANS isnt able to spoof it in the first place.
 
Last edited by Aroth,
D

Deleted User

Guest
Can someone point me in the general direction of a tutorial on dumping and decrypting the exefs code.bin?

The System Transfer title was updated in 9.6, so I am 99% sure the offest and values you listed won't be any good.

Wish I knew why HANS isnt able to spoof it in the first place.
The offset and values I listed ARE for the 9.6+ version.

Also, I just checked, the 9.0-9.5 offset is 0x79CB0, same before and after values. Works to bypass system update check, but once again I haven't been able to test an actual transfer.

To sum it up:
9.0-9.5: At code.bin offset 0x79CB0, change "08 00 D4 E5" to "00 00 A0 E3"
9.6-10.2: At code.bin offset 0x7BC38, change "08 00 D4 E5" to "00 00 A0 E3"
 
Last edited by ,

03bgood

Banned!
Banned
Joined
Aug 29, 2014
Messages
880
Trophies
0
Age
35
Location
Paris, Illinois
XP
361
Country
United States
I'm trying to a do a system transfer to where I transfer the data but I don't want to lose any save data or have to re-download over 280+ games. How do I do that and do I have to update my firmware on both systems? I have 10.1 on my o3DS and 9.8 on my n3DS.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
I assume you have the files needed to test it?

My biggest concern is the likelyhood of a brick requiring a nand mod on my New 3DS. If I manage to fuck up the transfer and lose my data/saves then oh fucking well imo. (though isnt there a tool now to use with *hax 2.5 to extra cia save data?)
 

Acryt

Well-Known Member
OP
Member
Joined
Aug 22, 2015
Messages
310
Trophies
0
XP
169
Country
United States
I might be able to test this, if I had the stuff on hand. my 2 DS are the same firmware, so there shouldn't be any incompatibilities i'm presuming.
 

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
37
XP
891
Country
United States
I might be able to test this, if I had the stuff on hand. my 2 DS are the same firmware, so there shouldn't be any incompatibilities i'm presuming.

If he has the files and I am at minimal risk of bricking the New3DS i am transfering too, I will test it tonight.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: "Now I know why he took his own life"