Hacking Is it possible to do a 'Perfect Clone'?

[MegaBoyEXE]

I readed some guides regarding 'region change', but I want to know if it's possible to fake out 2 devices with same serial, secureinfo_a, NNID, etc,. a perfect clone, like swapping SD cards both of them works with same apps, games, NNID.

Some tech info I was reading:
http://3dbrew.org/wiki/Nandrw/sys/SecureInfo_A
http://yifan.lu/2015/04/22/opening-up-cardboard-crafting-an-american-new-3ds-non-xl/

The steps would be something like that:

1- Get a 3DS fully functional vanilla updated sysnand, with NNID, original titles, call it device #1;
2- Get another 3DS fully functional (vanilla sysnand no NNID linked; rxtools emunand unliked), call it device #2 (both are different hardware devices);
3- Do a System Transfer from #1 to #2;
4- Backup emunand #2;
5- Wait 7 days;
6- Config device #1 to first use after System Transfer reset;
7- Do another System Transfer from #2 to #1;
8- Modify emunand #2 backup to have same secureinfo_A serial as #1;
9- Modify unknown files needed to make appears the same as #1; (<---- I need more info on this)
10- Restore 'cloned' emunand at #2;
11- Use emunand #2 as a clone of device #1 (not at same time of course).

First: Does this works? Since it's possible to do change region, why not just do a clone same region?

Second: For those that want to know why did I not tried myself, it's because I'm stuck at step 5 right now.

Third: Why I would like to to that?

Well, I have a O3DS XL, only able to do Homebrew through OOThax (10.3 firmware).
I bought another O3DS XL at firmware 6.1, did the rxtool stuff.
Now I want to use multiple SD cards at the exploitable device, to use my own account and on both devices, do regular backups of my titles, and do CFW tests.

Besides my lack of knowledge on what else I need to do at step 9, has anyone tried to do a cloned device?
And what else would I need to do in step 9?

 

[Sonansune]

oh.... great project.....

 

[tony_2018]

oh...nice....

 

[MegaBoyEXE]

Oh God! This is not a project!!
It's a noob question

Ok, if this looks like a great project, let's get some goals.

1- Device #1 continues fully functional at 10.3 (no exploitable kernel access, but able to Homebrew with OOThax);
2- Device #2 can use it's own unlinked emunands for CFW as everyone else does, but also can use another SD card with a emunand clone of device #1, but still exploitable.

It's like having device #2 booting off a mirror o device #1, but this time with exploitable version.

Now it looks more like a project to me.

 

[Deleted-236924]

I don't think it would be possible, because for most data saved to the SD card, something in nand is changed to reflect it.
You wouldn't be able to, say, download games off the eShop on the 10.3 3DS, and have them show up on the home menu and work on the other, exploitable 3DS on 10.3 emunand just by swapping the SD card, even if they had been "cloned" to have the same unique identifiers. It updates something in nand that keeps track of what titles are installed and all that kind of stuff.

Similar deal for extdata, at least the vast majority of it. Part of it is saved to nand when the SD extdata is modified. This is why, if you take out the SD card while you have a theme active, boot the 3DS without an SD card and go to the Themes menu and select "Do not use a theme", even though the theme data is present in extdata on the SD card, when you put the SD card back in, it will just wipe the extdata on SD card and use the default theme instead of showing the theme you had again.

 

[narutonic]

I don't think it would be possible, because for most data saved to the SD card, something in nand is changed to reflect it.
You wouldn't be able to, say, download games off the eShop on the 10.3 3DS, and have them show up on the home menu and work on the other, exploitable 3DS on 10.3 emunand just by swapping the SD card, even if they had been "cloned" to have the same unique identifiers. It updates something in nand that keeps track of what titles are installed and all that kind of stuff.

Similar deal for extdata, at least the vast majority of it. Part of it is saved to nand when the SD extdata is modified. This is why, if you take out the SD card while you have a theme active, boot the 3DS without an SD card and go to the Themes menu and select "Do not use a theme", even though the theme data is present in extdata on the SD card, when you put the SD card back in, it will just wipe the extdata on SD card and use the default theme instead of showing the theme you had again.

Its the ticket.bin

 

[MegaBoyEXE]

I see, ticket.bin.

Is there any operation that syncs the tickets from NNID server? I readed at System Transfer they do sync.
But also I know that they don't know what titles do you have because of this file, and it's because of that too the CIA apps are not deleted when accessing Data Management, right?

 

[Deleted-236924]

System transfer transfers the tickets, yes. Only as long as they are legit and valid tickets from legally-purchased software from the eShop. Tickets from installed pirated .cias will never be transferred, even if you installed legit .cias, because Nintendo keeps track of which 3DS serials came with games genuinely pre-installed. Attempt a system transfer, Nintendo's servers don't see any tickets associated to that 3DS on their servers, nothing is transferred.

You could possibly swap the SD cards between both systems and then access the eShop on the other system with the SD card in, and attempt to download whatever games and/or apps you had downloaded. Actually, simply connecting to the eShop might sync your tickets with what's on your eShop account data but I'm not sure. I'm only going off from assumptions there.
But what I know is that a ticket is generated for you when you legally download something off the eShop and it is added to your ticket.db, so the eShop should be able to give you the tickets for your legally-owned content.

 

[MegaBoyEXE]

I think I can test this ticket sync stuff.

I will look for some free content I did not aquired (I think there's nothing unfortunately).
Will backup emunand before aquiring, then backup again after aquiring, restore first backup and try to redownload (not purchase, just redownload).

If this works, then we have ticket sync, but unfortunately I'm still using the same device as test.
We will need to test at the 'cloned' emunand since it's use another encryption.

Maybe someone with 2 devices and emunands on both can try my cloning attempt steps way earlier than I, since there's no need to wait 7 days, just restore emunand backup after modifying what's need to modify.

Edit: Found a thing to aquire. First time I think a freemium pokemon game can be useful

 

[narutonic]

I will look for some free content I did not aquired (I think there's nothing unfortunately).
Will backup emunand before aquiring, then backup again after aquiring, restore first backup and try to redownload (not purchase, just redownload).

Yes it will sync the stuff.

 

[MegaBoyEXE]

OK, it indeed synced.

So, my attempt is not worthless!

I just need enough info for when I get to step 9.
Changing just the serial part o secureinfo_A is enough?
If I need the entire file, then I'm screwed up now, unless there's a way to retrieve this info by homebrew.

 

[gamesquest1]

nope, without recalling the specifics part of the eshop login process uses hardware embedded serials as part of the identifier to make sure the console connecting is the real console, this is why there is no perfect region changing as the only bypass for this is with on the fly patching performed with NTR which will only grant eshop access for as long as you patch the eshop challenge/responses to match those of the original console you want to spoof too.....plus the whole ticket issue meaning content isnt so easily shared without connecting to the eshop....and any games that use anti save restoration would need the secure value to be wiped every time you switch the SD card between the consoles

TL: DR there is no 100% spoofing of one console to another, and swapping SD cards between systems raises more issues

 

[MegaBoyEXE]

nope, without recalling the specifics part of the eshop login process uses hardware embedded serials as part of the identifier to make sure the console connecting is the real console, this is why there is no perfect region changing as the only bypass for this is with on the fly patching performed with NTR which will only grant eshop access for as long as you patch the eshop challenge/responses to match those of the original console you want to spoof too.....plus the whole ticket issue meaning content isnt so easily shared without connecting to the eshop....and any games that use anti save restoration would need the secure value to be wiped every time you switch the SD card between the consoles

TL: DR there is no 100% spoofing of one console to another, and swapping SD cards between systems raises more issues

I see your points. You are right about eshop, just found this. https://gist.github.com/yellows8/f15be7a51c38cea14f2c

I didn't knew there were hardware keys. I was just blindling looking at the firmware only.