Hacking [Idea] Making 2.1 Firmware run on emuNAND

W

Wahrrelasse

Well-Known Member
OP
Newcomer
Level 2
Joined
Apr 28, 2016
Messages
71
Trophies
0
Age
24
XP
214
Country
Gambia, The
Just a random idea: Would making 2.1 FW work on emuNAND the already safe A9LH installing guide even safer? I mean you could test if your emuNAND did downgrade correctly, before flashing it to sysNAND. Maybe the effort isn't worth it, but since I'm not a dev I don't know that.
Sorry if this is a stupid idea.
 
W

Wahrrelasse

Well-Known Member
OP
Newcomer
Level 2
Joined
Apr 28, 2016
Messages
71
Trophies
0
Age
24
XP
214
Country
Gambia, The
Well I didn't intent to dump the OTP with emuNAND i just wanted to check if the firmware is running or not, because i don't want to end up with a bricked 3ds after the One Click Setup
 
jurassicplayer

jurassicplayer

Completionist Themer
Member
Level 12
Joined
Mar 7, 2009
Messages
4,484
Trophies
1
Location
Pantsuland
Website
www.youtube.com
XP
2,904
Country
United States
Two out of three replies didn't read the question before answering and three out of three didn't even answer it. SURE IS GREAT WHEN THE MEMBERS READ.
Anyways, what solress said about no CFW being able to use an emunand 2.1 which is why it doesn't work currently. Nobody is really making it work partly because it's legacy software and aside from that singular step to get the OTP, there isn't much use to having a working v2.1 emunand. Not to mention that dok3, Plailect and co. have a number of verification steps in the other programs that should at the very least ease your mind on the validity of your v2.1 emunand.

tl;dr: it just isn't very worth it as long as people are paying attention.
 
Last edited by jurassicplayer,
  • Like
Reactions: Vappy
MelonGx

MelonGx

Well-Known Member
Member
Level 6
Joined
Jan 8, 2009
Messages
1,653
Trophies
1
XP
915
Country
China
2.1 EmuNAND is still important since you can verify if your 2.1 DG is a bad downgrade or not to avoid a brick on flashing bad downgraded 2.1 RedNAND into SysNAND.
 
  • Like
Reactions: Razorbacktrack
D

Deleted User

Guest
Perhaps going on discord and asking around (possibly asking a few Devs and PM'ing them) may answer your question. The Devs who create these types of this would (most-probably unless there's a silent dev) be of the only help to you. I wish you luck! It would be nice to figure out if the NAND had downgraded correctly but it's mostly in user error that most bricks occur.
 
astronautlevel

astronautlevel

Well-Known Member
Member
Level 15
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
5,008
Country
United States
tl;dr: Nintendo completely rewrote NFIRM from 2.1 to 3.0, whcih means all our EmuNAND patches won't work at all. We'd need to RE completely new EmuNAND patches and it just isn't worth the effort (especially given OTPHelper verifies the downgrade).
 
  • Like
Reactions: Deleted User
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,947
Trophies
4
Location
Making a non-binary fuss
XP
39,338
Country
Antarctica
There's a lot of technical reasons to why CFW's don't support 2.1 emuNANDs, but the big reason is because there's no reason to. All of the tools have safe guards to make sure the downgrade is successful and the flash is successful, thus eliminating the reason to even boot into the emuNAND.
Just pay attention and you should be ok.
 
  • Like
Reactions: Deleted User
Queno138

Queno138

Ravens
Member
Level 7
Joined
Sep 18, 2010
Messages
2,425
Trophies
0
Location
Luigi's Dark Mansion
XP
1,070
Country
Senegal
Wahrrelasse said:
Just a random idea: Would making 2.1 FW work on emuNAND the already safe A9LH installing guide even safer? I mean you could test if your emuNAND did downgrade correctly, before flashing it to sysNAND. Maybe the effort isn't worth it, but since I'm not a dev I don't know that.
Sorry if this is a stupid idea.
Click to expand...

If I'm not mistaken, the OTP helper checks every title versions' number, to ensure that they have all been downgraded to 2.1 (on emunand), and it only flashes it over to sysnand when the version numbers all match up.

And since Plaisysupdater also checks the MD5 of every title,
When both is accepted, it would mean your downgrade succeeded.
 
Last edited by Queno138,
W

Wahrrelasse

Well-Known Member
OP
Newcomer
Level 2
Joined
Apr 28, 2016
Messages
71
Trophies
0
Age
24
XP
214
Country
Gambia, The
Queno138 said:
If I'm not mistaken, the OTP helper checks every title versions' number, to ensure that they have all been downgraded to 2.1 (on emunand), and it only flashes it over to sysnand when the version numbers all match up.

And since Plaisysupdater also checks the MD5 of every title,
When both is accepted, it would mean your downgrade succeeded.
Click to expand...
I didn't know that OTP Helper also checks it. Well then, this thread is kinda pointless now xD
 
SpencerlyEverly

SpencerlyEverly

Spencer Everly
Member
Level 7
Joined
Nov 28, 2014
Messages
272
Trophies
0
Location
Central City, KY
Website
www.youtube.com
XP
1,046
Country
United States
This might something you don't wanna believe, but...

1_0_2_1_support_not_comfirmed_yet_FINAL.png


So I extracted the 1.0 and 2.1 FIRMs decrypted AND encrypted from my O3DS EmuNANDs via Decrypt9WIP's latest version, and sent them to Gateway for them to add to their next version for EmuNAND 2.1 checking (1.0 is also included just cause of rarity). 3.0 wasn't included due to me failing to install the NATIVE_FIRM from the NUS Servers CIA (Used 3DNUS Mod latest version).

Looks like what we didn't know the entire time is that they have a separate tech team, so when they reply again that if it works or not, I'll get back to you.
 
astronautlevel

astronautlevel

Well-Known Member
Member
Level 15
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
5,008
Country
United States
Newest Nick Team said:
This might something you don't wanna believe, but...

1_0_2_1_support_not_comfirmed_yet_FINAL.png


So I extracted the 1.0 and 2.1 FIRMs decrypted AND encrypted from my O3DS EmuNANDs via Decrypt9WIP's latest version, and sent them to Gateway for them to add to their next version for EmuNAND 2.1 checking (1.0 is also included just cause of rarity). 3.0 wasn't included due to me failing to install the NATIVE_FIRM from the NUS Servers CIA (Used 3DNUS Mod latest version).

Looks like what we didn't know the entire time is that they have a separate tech team, so when they reply again that if it works or not, I'll get back to you.
Click to expand...
Unless GW decides to reverse engineer the 2.1 NFIRM again in order to create brand new EmuNAND patches it isn't going to happen. Hell, we don't even know if EmuNAND patches are possible on 2.1.
 
SpencerlyEverly

SpencerlyEverly

Spencer Everly
Member
Level 7
Joined
Nov 28, 2014
Messages
272
Trophies
0
Location
Central City, KY
Website
www.youtube.com
XP
1,046
Country
United States
astronautlevel said:
Unless GW decides to reverse engineer the 2.1 NFIRM again in order to create brand new EmuNAND patches it isn't going to happen. Heck, we don't even know if EmuNAND patches are possible on 2.1.
Click to expand...
Well, patches... you mean like "signature patches"?

IDK, but maybe we should compare 2.1 and the main NATIVE_FIRM we use today. We need to look at Luma3DS's source code to see which patch it goes on though. I'll PM the 2.1 NFIRM decrypted bin and my decrypted NFIRM if you want.

Just like this code (On 11.0 down to 4.0 though)...

void patchSignatureChecks(u8 *pos, u32 size)
{
const u16 sigPatch[2] = {0x2000, 0x4770};

//Look for signature checks
const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7},
pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};

u16 *off = (u16 *)memsearch(pos, pattern, size, 4),
*off2 = (u16 *)(memsearch(pos, pattern2, size, 4) - 1);

*off = sigPatch[0];
off2[0] = sigPatch[0];
off2[1] = sigPatch[1];
}

Either that, or I can tell Gateway to not use those main signatures they do for their 2.1 EmuNAND boot...
 
astronautlevel

astronautlevel

Well-Known Member
Member
Level 15
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
5,008
Country
United States
Newest Nick Team said:
Well, patches... you mean like "signature patches"?

IDK, but maybe we should compare 2.1 and the main NATIVE_FIRM we use today. We need to look at Luma3DS's source code to see which patch it goes on though. I'll PM the 2.1 NFIRM decrypted bin and my decrypted NFIRM if you want.

Just like this code (On 11.0 down to 4.0 though)...

void patchSignatureChecks(u8 *pos, u32 size)
{
const u16 sigPatch[2] = {0x2000, 0x4770};

//Look for signature checks
const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7},
pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};

u16 *off = (u16 *)memsearch(pos, pattern, size, 4),
*off2 = (u16 *)(memsearch(pos, pattern2, size, 4) - 1);

*off = sigPatch[0];
off2[0] = sigPatch[0];
off2[1] = sigPatch[1];
}

Either that, or I can tell Gateway to not use those main signatures they do for their 2.1 EmuNAND boot...
Click to expand...
I'm not talking about signature patches. Loading from EmuNAND itself is a patch, and because the FIRM was completely rewritten sometime between 3.0 and 4.0, none of the EmuNAND patches we use today will work, as in booting a 2.1 emunand is impossible until someone reverses 2.1 NFIRM. Even if we reverse 2.1 NFIRM who knows if it will be possible to patch it to load from EmuNAND.

Also don't bother PMing me the FIRM. I have it already ;)
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Like for micro