No screen init yet. Else I would do it.Slightly off-topic, but it'd be cool to see Xerpi's Linux payload working with this too sometime. Coldboot directly into Linux.
Yes, stage0x5C000 should be the payload2 part, which loades the arm9loaderhax.bin, but updating something on nand is more work than updating something on sd.
If something goes wrong on updating stage0x5C000 we would need to use a hardmod to fix, updating it on sd is simple drag'n'drop, if it got broken, its simply putting the sd into the card reader.
Edit:
I thought about making everything on nand as simple as possible, and doing everything that could be more(which leads to more possible mistakes) on sd.
Last edited by RednaxelaNnamtra,
with this would it be possible to add a recovery menu (holding r while booting) that would make nand injection and dumping possible? Basically the "recovery menu" would even be able to do stuff that decrypt9 would like xorpads? So basically a priiloader on steroids. Should all be possible since it would be booting up in early arm9 before the homemenu even appeared so dumping and injecting nand should easily be possible.
The possibilities with this entry point are amazing so happy people are developing with this, gonna wait about a month to see if downgrading to 2.0 gets any smoother and to see if some of the cfw's start to support it(though I did here reinand does now)
Anyhow great work to everyone working on this as usual the 3ds scene is amazing right now
The possibilities with this entry point are amazing so happy people are developing with this, gonna wait about a month to see if downgrading to 2.0 gets any smoother and to see if some of the cfw's start to support it(though I did here reinand does now)
Anyhow great work to everyone working on this as usual the 3ds scene is amazing right now
Can you explain farther what titles those are? This is applicable to the 2ds as well right?
Last edited by Just Passing By,
Table of Contents:
Introduction, BootRom, ARM9Loader Theory
ARM9Loader v1
ARM9Loader v2 (1/3 and 2/3)
ARM9Loader v2 (3/3), Conclusions
OTP dumping progress post / summary
Plailect's OTP Dumping Guide (external link)
Arm9LoaderHax source code (GitHub link)
Summary of differences from prior *hax (1/3)
Summary of differences from prior *hax (2/3)
Summary of differences from prior *hax (3/3)
Introduction, BootRom, ARM9Loader Theory
ARM9Loader v1
ARM9Loader v2 (1/3 and 2/3)
ARM9Loader v2 (3/3), Conclusions
OTP dumping progress post / summary
Plailect's OTP Dumping Guide (external link)
Arm9LoaderHax source code (GitHub link)
Summary of differences from prior *hax (1/3)
Summary of differences from prior *hax (2/3)
Summary of differences from prior *hax (3/3)
See https://plailect.github.io/OTP/.
CONFIRMED: Downgrade to FW 2.1.0-4U is possible on N3DS, and Cubic Ninja hax confirmed to work.
OTP downgrading tutorial development is now mature, see @Plialect 's OTP downgrade guide.
This still has a moderate risk of bricking a system.
Both N3DS and O3DS now have *hax and payload to restore sysNAND from prior backup.
O3DS upgrade might also be possible via a game cartridge.
N3DS upgrade will brick if attempted via a game cartridge.
Still not recommended without a NAND hardmod, or if you're not interested in active development of new CFW, as Arm9LoaderHax creation is not for the faint-of-heart.
Current Outdated hints:
1. Downgrade in EmuNAND, even if EmuNAND can't boot the final downgrade directly. This avoids the major pain of having to re-flash SysNAND if sysupdater instability hits.
2. Use the .CIA version of SysUpdater (so install it before updating your emuNAND.bin past 9.2)
3. Backup, backup, backup... and have a hardmod to restore when things go awry after modifying sysNAND
OTP downgrading tutorial development is now mature, see @Plialect 's OTP downgrade guide.
This still has a moderate risk of bricking a system.
Both N3DS and O3DS now have *hax and payload to restore sysNAND from prior backup.
O3DS upgrade might also be possible via a game cartridge.
N3DS upgrade will brick if attempted via a game cartridge.
Still not recommended without a NAND hardmod, or if you're not interested in active development of new CFW, as Arm9LoaderHax creation is not for the faint-of-heart.
1. Downgrade in EmuNAND, even if EmuNAND can't boot the final downgrade directly. This avoids the major pain of having to re-flash SysNAND if sysupdater instability hits.
2. Use the .CIA version of SysUpdater (so install it before updating your emuNAND.bin past 9.2)
3. Backup, backup, backup... and have a hardmod to restore when things go awry after modifying sysNAND
a reliable webHax- Apparently completed!method to restore SysNAND from 2.1 (e.g., after OTP is dumped)- Restore prior NAND dump via webHax & custom 2.1 payload (Decrypt9?)Arm9LoaderHax -- screen init and other firm-style initialization so UI can work- Apparently added last week of February
Whether to screen-init at loader, or in each payloadAurora's last commits merge both options into single A9LH- How bright to set backlight during screen-init
- If it's OK to use SysNAND to store additional data
- How to detect that portions of SysNAND not used by the 3DS are in use by another payload
- How to detect that portions of SysNAND are being used by their own payload
NinjHax 1, supporting firmware 4.0.0-07 through 9.2.0-20
==> http://smealum.net/ninjhax/
NinjHax 2.5, supporting firmware 9.0.0-xx through 10.3.0-xx
==> https://smealum.github.io/ninjhax2/
Clear cartridge's save game by, at main menu, holding L+R+X+Y.
==> http://smealum.net/ninjhax/
NinjHax 2.5, supporting firmware 9.0.0-xx through 10.3.0-xx
==> https://smealum.github.io/ninjhax2/
Clear cartridge's save game by, at main menu, holding L+R+X+Y.
1.0 QR code: https://i.imgur.com/7Q35Tuy.png
1.1 QR code: http://i.imgur.com/XfdtO8f.png
2.1 QR code: http://i.imgur.com/HLteE39.png
Clear cartridge's save game by, at main menu, holding L+R+X+Y.
These load the file sd:/load.bin into fcram at 0x23F00000 and starts execution. Size of load.bin is limited to 0x3000 bytes.
One could also replace the code.bin, which is based at 0x20600000.
1.1 QR code: http://i.imgur.com/XfdtO8f.png
2.1 QR code: http://i.imgur.com/HLteE39.png
Clear cartridge's save game by, at main menu, holding L+R+X+Y.
These load the file sd:/load.bin into fcram at 0x23F00000 and starts execution. Size of load.bin is limited to 0x3000 bytes.
One could also replace the code.bin, which is based at 0x20600000.
Post #385 or mega folder in pakrett's thread ??what is this??
Last edited by Selver,
I thought TWL titles shouldn't matter? Since they're not a vital part of the boot process, 3DS should still start fine even if TWL doesn't work.
Also, just another confirmation of 2.1.0-4E downgrade successful, OTP dumped.
Last edited by Vappy,
There is. It's detailed in the first few posts of this thread I believe. It requires hardmodding though.
The bruteforce using RPI2 is to find a "secret sector" value that will execute a payload previously left in memory via another means. Those other means could be the exception vectors, if already have some existing method of attacking the system, or it could be via custom FIRM0 / FIRM1 (using OTP_HASH).
It's not a complete solution, as the OTP itself is, because only a few bytes of the secret sector have been used thus far in new firmware....
Well this has been fun.
Now i have arm9loaderhax on sysnand 10.5 and a mod of AuReiNand running too (sysnand only), on one of my n3ds's.
Now i have arm9loaderhax on sysnand 10.5 and a mod of AuReiNand running too (sysnand only), on one of my n3ds's.
Oh nice! You got it to workWell this has been fun.
Now i have arm9loaderhax on sysnand 10.5 and a mod of AuReiNand running too (sysnand only), on one of my n3ds's.
Was wondering if you were able to get it to work. (I left #cakey a bit after you started to download the 10.5 files yesterday).
You just deleted the 10.4 NATIVE_FIRM right? So your sysNAND is still on the 9.2 NATIVE_FIRM?
Yeah at first i removed the native firm cia from the update pack but eshop still complained, so i made a backup let eshop update system, of course that bricked.Oh nice! You got it to work
Was wondering if you were able to get it to work. (I left #cakey a bit after you started to download the 10.5 files yesterday).
You just deleted the 10.4 NATIVE_FIRM right? So your sysNAND is still on the 9.2 NATIVE_FIRM?
Restored backup, installed the native firm cia myself with devmenu and all is working fine.
Oh shit. Pretty nice to hear!Yeah at first i removed the native firm cia from the update pack but eshop still complained, so i made a backup let eshop update system, of course that bricked.
Restored backup, installed the native firm cia myself with devmenu and all is working fine.
I'll give this a shot once I hardmod my n3DS.
Similar threads
-
-
-
-
-
-
@
K3Nv2:
I'm beefing with a neighbor currently each time I ask him for help with something he makes bs excuses then ignores my calls text but seems to randomly speak when I'm done with the project after doing things to help him -
@
RedColoredStars:
DiGiorno Crispy Pan Pizza tasted pretty dang close to Pizza hut pan pizza, but Im not sure if theyve been discontinued or not. Havent seen them locally for a couple of months now. -
-
-
-
-
-
@
RedColoredStars:
Never even seen a tiger crust pizza in any stores around here. Walmart, Cub, or otherwise.
-
-
-
@
RedColoredStars:
Last thing I told her is how much I love her, and that Im not leaving her there forever and I promise to come back and take her back home with me.
-
-
-
@
Black_Manta_8bit:
hello, anyone is able to create cheat patches for cemu? i have a simple request if anyone can help -
-
-
-
-
-
