Hacking 8.1J N3DS with Gateway MSET + Red Card: Update to 9.2J?

CrispyYoshi

Well-Known Member
OP
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
Hey! So this is kind of a specific-case question. I have a Gateway Red Card and an 8.1J N3DS from a while back. It has a downgraded NVRAM MSET but no web browser.

I was wondering, is it possible for me to get to 9.2J in my current situation without a JP copy of Cubic Ninja/OoT/PSMD/Sky3DS? (Furthermore, is it possible to install the web browser before doing so?) Alternatively, with the same given limitations, is it possible for me to dump and decrypt my JPN EmuNand SecureInfo_A for use on my USA N3DS?

I have a working DS-mode flashcart too, by the way.

EDIT: Oh wait a second, what if I installed Cubic Ninja (J).cia or Homebrew Launcher Loader.cia to launch NTR and update using Yifan Lu's method?
EDIT2: Scratch that, that would mean I'm trying to update in Gateway Mode... ha.

EDIT3: What if I updated EmuNand to 10.7, downgraded it to 9.2, and flashed it to sysnand in Gateway SysNand Mode + Decrypt9? Is that even safe..?

Another idea, potentially run a CFW within gateway mode and update after booting the CFW? I wonder if that would work.
 
Last edited by CrispyYoshi,

CrispyYoshi

Well-Known Member
OP
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
What about installing the browser in Gateway SysNAND mode?
Thanks for the reply. I'm currently trying that, but I'm not having much luck so far: Installing it runs perfectly fine on Gateway Mode, but not on real SysNand mode.

I think it's because SysNand doesn't think it's legit? It could be my devmenu version or the .cia itself, or I'm misunderstanding that installing a NAND .cia like the web browser will not be treated like a legit cia.

I tried to install the JPN browser, 0004003020008802.cia, from the 9.2J pack on the iso site and the guide. However, neither of those seemed to work. (I tried rxtools too, and now I can't seem to reinstall the Gateway MSET! Very bad!Just bad RNG. I got it back.)
 
Last edited by CrispyYoshi,

Jiro2

Well-Known Member
Member
Joined
Mar 28, 2011
Messages
781
Trophies
1
XP
729
Country
United States
Maybe if you installed the browser from the 8.1J instead of the 9.2J? Of course, you'd have to find an 8.1J browser first. Though that might not necessarily work because 8.1J never did normally have a browser on N3DS. Would the 8.1J browser used on 8.1J O3DS work?

Alternately, I wonder if you could use a JP copy of OOT/Mystery Dungeon *but* you may be able to install the savefile onto the cart yourself from Gateway mode. You could at least avoid buying a Powersaves.

rxtools is supposed to work with downgraded mset, but it seems to be with 9.,2 and 6.0 mset, not 8.1 and 4.x mset.
 
Last edited by Jiro2,

CrispyYoshi

Well-Known Member
OP
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
Maybe if you installed the browser from the 8.1J instead of the 9.2J? Of course, you'd have to find an 8.1J browser first.

Though that might not necessarily work because 8.1J never did normally have a browser on N3DS. Would the 8.1J browser used on the O3DS work?

Alternately, I wonder if you could use a JP copy of OOT/Mystery Dungeon *but* you may be able to install the savefile onto the cart yourself from Gateway mode. You could at least avoid buying a Powersaves.
Hmm, I'd have to look really hard to find a dump of the 8.1J browser then, ha! (I did dump my NAND before installing any of these .cias, so it probably exists somewhere in my NAND dump... I wonder if I could extract it somehow)

I do not have a JP copy of OoT/MD but I already have an A9LH USA N3DS. I was just hoping I could extract the EmuNand/SecureInfo_A from this one.

Although, now that I mention it, do you think it could be possible to extract the xorpads from this DS from Gateway, decrypt my NAND dump, tweak it to a 9.2 or at least add the browser, reencrypt it, and flash it back? Alternatively, I wonder if I could tweak it to 2.1, get the OTP, restore my original NAND dump, and then install A9LH via Gateway (Or does Gateway mess with FIRM0/FIRM1..? Blah)
 

Margen67

Dirty entited pirate
Banned
Joined
Nov 3, 2014
Messages
1,100
Trophies
0
XP
1,741
Country
United States
Hmm, I'd have to look really hard to find a dump of the 8.1J browser then, ha! (I did dump my NAND before installing any of these .cias, so it probably exists somewhere in my NAND dump... I wonder if I could extract it somehow)

I do not have a JP copy of OoT/MD but I already have an A9LH USA N3DS. I was just hoping I could extract the EmuNand/SecureInfo_A from this one.

Although, now that I mention it, do you think it could be possible to extract the xorpads from this DS from Gateway, decrypt my NAND dump, tweak it to a 9.2 or at least add the browser, reencrypt it, and flash it back? Alternatively, I wonder if I could tweak it to 2.1, get the OTP, restore my original NAND dump, and then install A9LH via Gateway (Or does Gateway mess with FIRM0/FIRM1..? Blah)
You could also try running Decrypt9 from a DS flashcart
 
  • Like
Reactions: CrispyYoshi

CrispyYoshi

Well-Known Member
OP
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
You could also try running Decrypt9 from a DS flashcart
I'll give it a shot! (Although I wonder what I can do if I manage to get in?)

EDIT: Nevermind, I found this post: https://gbatemp.net/threads/downloa...ryption-tools-wip.388831/page-41#post-5743221

I tried all the D9 MSET options and none seemed to work for me (I ignored the ropcustom ones)

I wonder if Gateway SysNand->Cubic Ninja JPN.cia->Ninjhax will let me run decrypt9 and do what I need to do

EDIT2: Nope, just tried Ninjhax on Gateway: It won't let me launch Decrypt9. I tried to launch Pasta too, but that didn't work either (From what I can tell, it seems Gateway locks the FIRMs similar to how the A9LH CFWs handle it... Dunno how true that is, though.)
 
Last edited by CrispyYoshi,

Drona

Well-Known Member
Newcomer
Joined
Jan 10, 2014
Messages
75
Trophies
1
Age
31
XP
578
Country
France
Sorry to hijack this thread.
I'm in the same case I have a 8.1j new 3ds,a red GW card, and a copy of Oot no downgraded MSET yet.
I can boot GW no problems.
If I understand correctly all I have to do is update to 10.7, install OOT3DHax, downgrade to 9.2 ?
 

zhdarkstar

Well-Known Member
Member
Joined
Jan 30, 2008
Messages
573
Trophies
1
XP
566
Country
United States
I'll give it a shot! (Although I wonder what I can do if I manage to get in?)

EDIT: Nevermind, I found this post: https://gbatemp.net/threads/downloa...ryption-tools-wip.388831/page-41#post-5743221

I tried all the D9 MSET options and none seemed to work for me (I ignored the ropcustom ones)

I wonder if Gateway SysNand->Cubic Ninja JPN.cia->Ninjhax will let me run decrypt9 and do what I need to do

EDIT2: Nope, just tried Ninjhax on Gateway: It won't let me launch Decrypt9. I tried to launch Pasta too, but that didn't work either (From what I can tell, it seems Gateway locks the FIRMs similar to how the A9LH CFWs handle it... Dunno how true that is, though.)

Have you tried looking at this guide and adapting it to MSET use? RxTools 2.5.2 still worked with MSET, although you might need to find a N3DS-specific ROP loader.

https://github.com/Plailect/Guide/wiki/9.2.0-Update
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
Usually I wouldn't suggest this, but for 8.1.0-0J N3DSes, you might be better off just updating to 10.7 and downgrading with Cubic Ninja or OoT3D (you could use Gateway emuNAND to install the hax payload for OoT for 10.7 before updating sysNAND). That way you don't need to mess around with installing browsers or trying to bother with the private server stuff. Gateway's N3DS MSET on 8.1 was never really utilised for anything else, unfortunately, so RxTools isn't an option.

Edit: And yes I saw the OP asked for a method without OoT/CN, but you should have one or the other laying around if you also have Gateway..
 
Last edited by daxtsu,

CrispyYoshi

Well-Known Member
OP
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
Usually I wouldn't suggest this, but for 8.1.0-0J N3DSes, you might be better off just updating to 10.7 and downgrading with Cubic Ninja or OoT3D (you could use Gateway emuNAND to install the hax payload for OoT for 10.7 before updating sysNAND). That way you don't need to mess around with installing browsers or trying to bother with the private server stuff. Gateway's N3DS MSET on 8.1 was never really utilised for anything else, unfortunately, so RxTools isn't an option.

Edit: And yes I saw the OP asked for a method without OoT/CN, but you should have one or the other laying around if you also have Gateway..
Alright, guess I'll throw in the towel and get myself JP OoT. Thanks for your suggestions, everyone!
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
I've never thought about that before.
I'll try.

It'd be the same as any other CFW: just install the HBL CIA and then run the OoTHax installer, tell it you want hax for 10.7.0-32J and then you should be good to go (you could even test it out on your emuNAND before updating sysNAND).
 

Drona

Well-Known Member
Newcomer
Joined
Jan 10, 2014
Messages
75
Trophies
1
Age
31
XP
578
Country
France
It'd be the same as any other CFW: just install the HBL CIA and then run the OoTHax installer, tell it you want hax for 10.7.0-32J and then you should be good to go (you could even test it out on your emuNAND before updating sysNAND).

Thanks :)
 

ragnamuffin

Well-Known Member
Newcomer
Joined
Jul 4, 2008
Messages
46
Trophies
1
XP
319
Country
I'm also in the same boat as CrispyYoshi and Drona. Have a stock 8.1J, a GW cart, and a Sky3DS, but haven't used any of them yet (so no MSET).

I'm trying to do this as cleanly as possible/avoid getting frankenfirm. Would it be better to update through the private server, or update to 10.7 and downgrade? Am I able to make a sysNand backup with the GW cart prior to starting all this or do I need to have set up *hax first?
 

CrispyYoshi

Well-Known Member
OP
Member
Joined
Mar 20, 2010
Messages
1,542
Trophies
1
XP
1,145
Country
United States
I'm also in the same boat as CrispyYoshi and Drona. Have a stock 8.1J, a GW cart, and a Sky3DS, but haven't used any of them yet (so no MSET).

I'm trying to do this as cleanly as possible/avoid getting frankenfirm. Would it be better to update through the private server, or update to 10.7 and downgrade? Am I able to make a sysNand backup with the GW cart prior to starting all this or do I need to have set up *hax first?
Actually, you have two solutions.

The first solution is the NTR debugger method: https://gbatemp.net/threads/guide-upgrading-8-1-0-0j-to-9-2-0-20j.384960/
The second solution is updating to 10.7 and downgrading. You won't have frankenfirmware if you follow the guide entirely: If you want to get rid of the extra titles, you can just manually uninstall them. However, if you intend to use A9LH SysNand (which Gateway currently does not support and you'd have to make a 9.2 emunand to get around that), then that would completely fix the frankenfirmware issue (besides A9LH being installed)

The second solution is probably easier, although both methods will require you to emulate Cubic Ninja on your Sky3DS cart.
 

Jiro2

Well-Known Member
Member
Joined
Mar 28, 2011
Messages
781
Trophies
1
XP
729
Country
United States
If you're going to get OOT/CN, can't you just use the OOT/CN to directly upgrade from 8.1 to 9.2? You'd use the normal method on Plailect's guide (not the NTR one linked above) except that instead of using the browser to enter homebrew, you use OOT/CN.
 

ragnamuffin

Well-Known Member
Newcomer
Joined
Jul 4, 2008
Messages
46
Trophies
1
XP
319
Country
Thanks for the responses, CrispyYoshi and Jiro2. I hadn't realized Plailect's method was viable without the browser. I might just go that route! Thank you!
 
  • Like
Reactions: CrispyYoshi

Swiftloke

Hwaaaa!
Member
Joined
Jan 26, 2015
Messages
1,770
Trophies
1
Location
Nowhere
XP
1,467
Country
United States
A. VVVVVVhax (aka V(*)hax) is also a thing as of today.
B. How do arm9 payloads like d9 run from a DS flashcart? Do they somehow trigger ntrcardhax or MSET, and if so how?
 

Drona

Well-Known Member
Newcomer
Joined
Jan 10, 2014
Messages
75
Trophies
1
Age
31
XP
578
Country
France
I have installed HBL on 10.7 Emunand but don't have time to go further because of University.

@ragnamuffin Keep us informed of your progress, please :)
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: "Now I know why he took his own life"