Hacking Flashing NAND on 11.0 - read OP first

[lisreal2401]

So, I messed up downgrading a friends 3DS to 2.1.0 and now it's stuck at 11.0. I can get into HBL through oothax if I try a bunch. I've been told already that the NAND can't be written to without escalated permissions but I have evidence to counter this thought. I was able to dump and flash my NAND on 9.2 without any kernel access back in 2015 using Gateway's launcher tool. I'm not trying to downgrade the system by reinstalling titles, but trying to straight restore a NAND dump - which I've read can be done in DSi mode under the right circumstances. I suppose I'm asking, is it possible to restore it in userland or is the TWL mode for standard DS have access to NAND writing and would that work with a flashcart? I don't want to hardmod the system (or pay for it) and neither does he. I'm just trying to get a solid answer on whether or not this is feasible at all right now in some way now.

 

[Davidosky99]

no, as in 11.0 there's no arm9 acess, so there's no way of doing such operation without a hardmod.
previously you managed to do it, because in 9.2 it existed arm9 acess(nothing to do with gateway) but again, on 11.0 there's no arm9 acess, no way of downgrading and NO WAY of restoring a NAND backup without downgrading the native firm, which is possible via a hardmod

 

[lisreal2401]

no, as in 11.0 there's no arm9 acess, so there's no way of doing such operation without a hardmod.
previously you managed to do it, because in 9.2 it existed arm9 acess(nothing to do with gateway) but again, on 11.0 there's no arm9 acess, no way of downgrading and NO WAY of restoring a NAND backup without downgrading the native firm, which is possible via a hardmod

But arm9 access shouldn't be needed to restore a NAND backup - if you can downgrade system modules with ARM11 access why is it a NAND restore is only writable with arm9 permissions, and why is it writable within DSi mode?

 

[Davidosky99]

But arm9 access shouldn't be needed to restore a NAND backup - if you can downgrade system modules with ARM11 access why is it a NAND restore is only writable with arm9 permissions, and why is it writable within DSi mode?

a nand restore and a title downgrade are completely different things. And it's only writtable in 9.2 which is the fw that has arm9 acess.
also, 11.0 implemented a title downgrade limit, so you can't really get out of this one without a hardmod

 

[GothicIII]

You can't write NAND directly without arm9 kernel access. Its as simple as that.

Read this what you can and what you can't do (Just remember that you can't downgrade on fw11.0 due to new mechanisms):
http://wiki.gbatemp.net/wiki/3DS_Homebrew

 

[lisreal2401]

Well, damn. Guess I'll hold out and see if something comes up - no big deal.

 

[Temarile]

Well, damn. Guess I'll hold out and see if something comes up - no big deal.

You may be waiting a looong time. The last time there was a 1,5 year gap before another kernel exploit was found.

 

[astronautlevel]

You may be waiting a looong time. The last time there was a 1,5 year gap before another kernel exploit was found.

Or until September at the pace we're going

 

[Temarile]

Or until September at the pace we're going

Just warning the OP for a possible SOON.

But you're right, at the current rate of development I wouldn't be surprised if we had downgrades on any firmware, the boot rooms and DS emulation () before the end of 2016

 

[Ramzh]

Deleted

 

[einhuman197]

If OP has a Cyclo DSi evolution, sudokuhax or another way to exploit twl (r4 wood twl mode loader for example) , then he could be lucky:

https://gbatemp.net/threads/ds-i-mode-hacking-progress-thread.413015/page-35#post-6073292

I tried that with sudokuhax in emunand and it worked. I successfully dumped and restored my nand. But you have to compile it. If you want it, Ask me, I have a compiled version.

 

[Davidosky99]

If OP has a Cyclo DSi evolution, sudokuhax or another way to exploit twl (r4 wood twl mode loader for example) , then he could be lucky:

https://gbatemp.net/threads/ds-i-mode-hacking-progress-thread.413015/page-35#post-6073292

I tried that with sudokuhax in emunand and it worked. I successfully dumped and restored my nand. But you have to compile it. Ask me, I have a compiled version.

Could this theoretically be used through a dsi save game exploit to restore NAND dumps on 10.4/10.5 systems? Or is the patched TWL_FIRM still needed?

If you have injected dsiware hax booting from sysnand on <=9.2 then update, maybe! Haven't tested that lately.
Remember, if you've patched twl_firm, it will not boot if you update.

No patching needed but there isn't currently any way to run TWL nand hb on latest firmware. We don't know how to access TWL save files without arm9 yet.

Not without arm9 access! (No fw version>9.2 !)

 

[zoogie]

Not without arm9 access! (No fw version>9.2 !)

You're quite mistaken there.

 

[Davidosky99]

You're quite mistaken there.

Enlighten me how I'm mistaken please

 

[zoogie]

Enlighten me how I'm mistaken please

Say if you injected sudokuhax into a dsi system app on firm <=9.2. You could still run it, on sysnand, if you accidently update. You would then have the ability to restore your nand with the above twl hombrew tool.

 

[Davidosky99]

Say if you injected sudokuhax into a dsi system app on firm <=9.2. You could still run it, on sysnand, if you accidently update. You would then have the ability to restore your nand with the above twl hombrew tool.

But OP is on 11.0, there is no way for him to inject now/at this moment right?

 

[zoogie]

But OP is on 11.0, there is no way for him to inject now/at this moment right?

If there was a second arm9 hacked 3ds around, sure. It would be able to donate a hacked dsiware game via system transfer. I doubt injected twl sysnand titles would transfer though. Would have to be a totally legit title with a hacked save file to go through.

 

[AmandaRose]

Or until September at the pace we're going

astronautlevel do you know something we don't lol I have seen you post in a few various threads little hints that you may know of something incoming.

 

[einhuman197]

@zoogie, do you think it's possible to inject sudoku and the save in a normal dsiware cia?

Then it would be possible to transfer sudoku with the save and boom, nand access.
But we need a sudoku cia, I didn't found one yet.

Gesendet von meinem LG G5 mit Tapatalk

 

[Davidosky99]

@zoogie, do you think it's possible to inject sudoku and the save in a normal dsiware cia?

Then it would be possible to transfer sudoku with the save and boom, nand access.
But we need a sudoku cia, I didn't found one yet.

Gesendet von meinem LG G5 mit Tapatalk

This might be an alternative to sudokuhax
https://gbatemp.net/threads/dsi-homebrew-menu-directly-on-your-home-menu.416791/