Hacking Arm9loaderhax cold boot CFW on sysnand

[mashers]

Hi all

I apologise if this has been discussed elsewhere or if there is a better place to post it, but some of the A9LH threads are really long now so I'm not sure whether what I'm asking has already been answered, and a search didn't turn up an answer. Basically I've got arm9loaderhax installed on my n3DS and I'm using the ReiNand emunand payload to boot my emunand from SD card. I'm wondering whether it is possible to replace the payload with one which will boot sysnand with sig checks patched, so it will be like running emunand but from sysnand. I don't care about safety as I have a hard mod.

Thanks in advance!

 

[Vappy]

Regular ReiNand won't, but https://gbatemp.net/threads/reinand-mod-o3ds-n3ds-sysnand.411110/ this will.

 

[mashers]

Thank you! So it looks like I have to copy over the modified payload and ReiNand files, and create /rei/updatedsysnand to make ReiNand boot sysnand, right?

If I do this, can I still update to 10.5 since A9LH is taking care of patching out checks, or would sysnand need to remain on 9.2?

 

[daxtsu]

Thank you! So it looks like I have to copy over the modified payload and ReiNand files, and create /rei/updatedsysnand to make ReiNand boot sysnand, right?

If I do this, can I still update to 10.5 since A9LH is taking care of patching out checks, or would sysnand need to remain on 9.2?

It will be safe to update to 10.5 (Her mod now has a patch which blocks updating NATIVE_FIRM, so your A9LH will stay intact). Just note that doing so leaves you without a way to run ARM9 homebrew like EmuNAND9 and Decrypt9 unless you make a 9.0-9.2 emuNAND (and then boot into it with 9.0 FIRM), for now (A9LH could be expanded to allow it from userland, in theory). If you're concerned, make a sysNAND backup if you don't have a recent one.

 

[peteruk]

I feel this could lead (hopefully) to one of @mashers excellent tutorial guides at some point in the future

 

[mashers]

It will be safe to update to 10.5 (Her mod now has a patch which blocks updating NATIVE_FIRM, so your A9LH will stay intact). Just note that doing so leaves you without a way to run ARM9 homebrew like EmuNAND9 and Decrypt9 unless you make a 9.0-9.2 emuNAND (and then boot into it with 9.0 FIRM), for now (A9LH could be expanded to allow it from userland, in theory). If you're concerned, make a sysNAND backup if you don't have a recent one.

Great, thanks! I'm going to give it a try with a new SD card to check I can cold boot sysnand Rei from A9LH. Thanks again guys!

--------------------- MERGED ---------------------------

I feel this could lead (hopefully) to one of @mashers excellent tutorial guides at some point in the future

Heh, thanks mate Not sure a tutorial is truly needed, though migrating from emunand back to sysnand might be tricky.

 

[daxtsu]

Heh, thanks mate Not sure a tutorial is truly needed, though migrating from emunand back to sysnand might be tricky.

You could extract all of the emuNAND partitions except for FIRM0 and FIRM1 using Decrypt9 and then just inject them to sysNAND directly.

 

[Aurora Wright]

10.5 sysNAND has its advantages though (no more double-installing GBA and DSi stuff!).

 

[daxtsu]

10.5 sysNAND has its advantages though (no more double-installing GBA and DSi stuff!).

Couldn't a patch be written for emuNAND's TWL_FIRM/AGB_FIRM to correct that?

 

[Aurora Wright]

Couldn't a patch be written for emuNAND's TWL_FIRM/AGB_FIRM to correct that?

DSi games access NAND directly in their code, so no. AGB_FIRM is possible but no one did that yet

 

[daxtsu]

DSi games access NAND directly in their code, so no.

Huh, so they don't have to go through any sort of security layer? I wonder if Myria's (I think it was hers) idea of using TWL_FIRM to inject ARM9Loaderhax (or something similar) could work then, given an OTP dump..but that's for another topic.

 

[Aurora Wright]

Huh, so they don't have to go through any sort of security layer? I wonder if Myria's (I think it was hers) idea of using TWL_FIRM to inject ARM9Loaderhax (or something similar) could work then, given an OTP dump..but that's for another topic.

It does, it was tested already.

 

[daxtsu]

It does, it was tested already.

Which part, Myria's idea?

 

[Aurora Wright]

Which part, Myria's idea?

Yeah. However that will only work until Nintendo makes system titles require higher FIRMs.

 

[mashers]

Ok, so here's what I'm thinking:

1. Re-flash sysnand to remove A9LH
2. Run Decrypt9 and dump the emunand partitions
3. Inject the emunand partitions into sysnand (does decrypt9 do this?)
4. Copy the contents of the emunand Nintendo 3DS folder to sysnand Nintendo 3DS folder
5. Reinstall A9LH using the modified ReiNand files and payload to boot Rei to sysnand on cold boot

Does that sound about right?

 

[daxtsu]

Ok, so here's what I'm thinking:

1. Re-flash sysnand to remove A9LH
2. Run Decrypt9 and dump the emunand partitions
3. Inject the emunand partitions into sysnand (does decrypt9 do this?)
4. Copy the contents of the emunand Nintendo 3DS folder to sysnand Nintendo 3DS folder
5. Reinstall A9LH using the modified ReiNand files and payload to boot Rei to sysnand on cold boot

Does that sound about right?

If you leave out the FIRM0 and FIRM1 partitions (dump CTRNAND, TWLNAND, etc individually from emuNAND, don't make one large dump), you should be able to cut out just about all of those steps altogether. I could be wrong, but the sector A9LH lives in won't be affected by restoring emuNAND partitions unless you mess with the FIRM partitions.

If you really want to do all of that though, it should be fine, yeah. Disregard then, see Aurora's answer.

 

[Aurora Wright]

1-2-3 will bring you an updated system with no way of reinstalling A9LH. You have to just setup ReiNand now and do the things you mentioned (you can use Decrypt9 if you boot SysNAND with 9.0 FIRM with L+R, until you turn the updatedsysnand flag on).

 

[daxtsu]

1-2-3 will bring you an updated system with no way of reinstalling A9LH. You have to just setup ReiNand now and do the things you mentioned (you can use Decrypt9 if you boot SysNAND with 9.0 FIRM with L+R, until you turn the updatedsysnand flag on).

Will restoring CTRNAND, etc., to sysNAND, while ignoring FIRM0 and FIRM1 from emuNAND still cause him to be unable to use A9LH? I thought I read somewhere that it's okay to do that as long as the FIRM partitions are left out.

 

[DeathChaos]

Wait so, if I hardmod my 3DS and install Arm9loaderHax this means I can use CFW on sysNAND in the latest FW and completely get rid of emuNAND?

The point of emuNAND is twofold in that it allows you to have CFW access on lates FW which can't be done on sysNAND, while also being able to interact with the NAND easier, hardmod takes care of 2nd issue, but 1st issue still requires emuNAND.

 

[Aurora Wright]

Will restoring CTRNAND, etc., to sysNAND, while ignoring FIRM0 and FIRM1 from emuNAND still cause him to be unable to use A9LH? I thought I read somewhere that it's okay to do that as long as the FIRM partitions are left out.

He said "Re-flash sysnand to remove A9LH". If he does that and then restore a 10.5 CTRNAND from emuNAND, he'll brick (as you can't use a 10.5 CTRNAND with 9.0 FIRM). If he flashes a whole emuNAND into sysNAND, he'll be on 10.5 and have no way to get back.

Wait so, if I hardmod my 3DS and install Arm9loaderHax this means I can use CFW on sysNAND in the latest FW and completely get rid of emuNAND?

The point of emuNAND is twofold in that it allows you to have CFW access on lates FW which can't be done on sysNAND, while also being able to interact with the NAND easier, hardmod takes care of 2nd issue, but 1st issue still requires emuNAND.

Correct.