Hacking Why the 3DS can't be downgraded on 11.4 "For Dummies" (A simple explanation for the rest of us)

[Halvorsen]

The thing is, those threads are still technically useful. This thread is no longer relevant since the issues it was tackling no longer apply. We now can downgrade past 11.0+. At best this information belongs in a wiki for a better understand of what used to be. But it really doesn't need to be stickied anymore.

If a useful thread with relevant information to how the 3DS works as a whole is somehow irrelevant, why is Gateway and the 3DS - Hacking and Homebrew threads stickied? The latter was made when cfw was barely existent.

 

[The Catboy]

If a useful thread with relevant information to how the 3DS works as a whole is somehow irrelevant, why is Gateway and the 3DS - Hacking and Homebrew threads stickied? The latter was made when cfw was barely existent.

Actually looking at those threads again, they actually don't seem useful anymore.

 

[ih8ih8sn0w]

The thing is, those threads are still technically useful. This thread is no longer relevant since the issues it was tackling no longer apply. We now can downgrade past 11.0+. At best this information belongs in a wiki for a better understand of what used to be. But it really doesn't need to be stickied anymore.

I would honestly be okay with it being put somewhere else that is accessible, but I'm positive that most people demanding for it to not be stickied would not have said to do that '_>'. GW shouldn't still be supported, and the OPs of those threads aren't even alive. Why have stuff that cannot be managed? We want noobs to be well informed, having a thread for gateway questions (OP says 9.5 is latest fw) sends people in the wrong direction, and emunand shit sends more in the wrong direction by thinking that they need it for some reason.

 

[The Catboy]

I would honestly be okay with it being put somewhere else that is accessible, but I'm positive that most people demanding for it to not be stickied would not have said to do that '_>'. GW shouldn't still be supported, and the OPs of those threads aren't even alive. Why have stuff that cannot be managed? We want noobs to be well informed, having a thread for gateway questions (OP says 9.5 is latest fw) sends people in the wrong direction, and emunand shit sends more in the wrong direction by thinking that they need it for some reason.

I actually went and read through those threads again after posting that and realize just how out of date they are.

 

[NoNAND]

Somebody please update this thread

 

[Halvorsen]

Somebody please update this thread

Note: With safefirmlaunchhax, an arm9 exploit is now avaliable on 11.2! Downgrading is now possible!

 

[jt_1258]

Ya know, it's just eratating reading through here. The thread has been updated to be relevant and if they looked through they would relise it has already been requested before for a change yet people still continued to ask. People can't even have the decency to even read a couple of comments back, so hasty to say their word before seeing if the request was already made and giving the post a like(I treat it like the yeah button on miiverse) to show that they agree. People are so childish and frustrating at times -.-

 

[goldensun87]

"oh who am I kidding it means piracy"

Best part of the explaation .

 

[goldensun87]

"oh who am I kidding it means piracy"

Best part of the explaation .

 

[aaronrpgi36]

I don't understand the part which explains dsiware and hardmod downgrades, hardmod downgrade is patched? I'm thinking in hardmodding my N3DS with 11.3 fw but doesn't look good for me

 

[Tenshi_Okami]

I don't understand the part which explains dsiware and hardmod downgrades, hardmod downgrade is patched? I'm thinking in hardmodding my N3DS with 11.3 fw but doesn't look good for me

You can hardmod to have a NAND backup, but you can't do a downgrade, since NFIRM needs to be the latest, if you downgrade the NFIRM it will not boot the 3DS

 

[aaronrpgi36]

You can hardmod to have a NAND backup, but you can't do a downgrade, since NFIRM needs to be the latest, if you downgrade the NFIRM it will not boot the 3DS

Thanks for the help

 

[Vieax]

This is a very good explanation of the arm9 and the arm11 security

 

[Jonhyjp]

Are there any homebrew programs that tell you, your privilege level? (Eg. Userland) that would be useful, say, if i found a new entrypoint to launch the hblauncher but im not sure what kind of access do i have.

 

[ThommyDude]

Don't misunderstand, I am a massive idiot who (although reading up on things) doesn't really know much about how most of these things work. But from what I understand the reason we can't downgrade at the moment is because we give a firmware < 11.3 to arm11 to install, and arm9 checks what we give to arm11 against a list it has built in with "things allowed to be installed" and has the final say on if the install is ok to do or not.

Basically my question is this:
Do we know exactly HOW arm9 checks this? And if yes, has anyone tried tricking it by giving a firm<11.3 but showing it as being a firm that is ON the list? (I assume firms >= 11.3 are on the list, but as I said, this IS the part I'm a bit fuzzy on...)

 

[Tenshi_Okami]

Do we know exactly HOW arm9 checks this? And if yes, has anyone tried tricking it by giving a firm<11.3 but showing it as being a firm that is ON the list? (I assume firms >= 11.3 are on the list, but as I said, this IS the part I'm a bit fuzzy on...)

Do you mean changing the version of an old FIRM to read like the current one? IIRC, if we do this it would make the FIRM not signed... making the need of a CFW to patch signature checks

 

[ThommyDude]

Do you mean changing the version of an old FIRM to read like the current one? IIRC, if we do this it would make the FIRM not signed... making the need of a CFW to patch signature checks

So installing unsigned firms would mean that the system would already need to be hacked...
Alright then I think I understand. I was just wondering if that might have been possible, I was just running all the options through my mind and thought "But... wouldn't that be possible?" but clearly it isn't! Haha!

I had two other ideas, but both of those are pretty stupid...

In terms of the OP with the permissions, arm9 tell arm11 what to do when arm11 asks something. But if that means that when we give arm11 something to install it first goes to arm9 to ask for permission and depending on the answer arm11 does the installing. Would it be possible to intercept the back and forth between arm11 and arm9 so that whatever arm9 says, arm11 interprets it as a "alright, lets do this!" even if arm9 actually says "like hell we're doing that!". In that way basically completely bypassing arm9 to begin with.

The other (kinda) logical thing I thought of was change the list itself. But to do that we would still need a arm9 exploit.

I'm just thinking out loud here, which most of us do here on the internet.
Do we know or do we have a list somewhere of things that HAVE been tried?

 

[brenoppr]

I've got some questions
First, couldn't nintendo modify something on bootrom to shut down a9lh?
Secondly, we can install unsigned cias after installing a9lh. But how does that work? Arm9 tells arm11 to install the cia or arm9 install the cia by itself?
And also, does arm9 only check if the title is signed by nintendo on the installation or when you run the file it checks the signature too? (An example would be installing a title with a9lh, then uninstalling a9lh and try to run the title)

 

[ih8ih8sn0w]

I've got some questions
First, couldn't nintendo modify something on bootrom to shut down a9lh?
Secondly, we can install unsigned cias after installing a9lh. But how does that work? Arm9 tells arm11 to install the cia or arm9 install the cia by itself?
And also, does arm9 only check if the title is signed by nintendo on the installation or when you run the file it checks the signature too? (An example would be installing a title with a9lh, then uninstalling a9lh and try to run the title)

ROM is read-only memory.
Signature checks are patched out, and a title installer has permissions to install CIAs.
It is supposed to check signatures when the title is launched or on console boot (idr which). You need a cfw with sigpatches enabled in order to launch unsigned titles.

 

[CrispyCola]

Safehax is now compatible with 11.3 (found here). This should (in my opinion) be updated to explain why the 3DS can't be downgraded on 11.4.

 

[CupcakesForDinne]

ROM is read-only memory.
Signature checks are patched out, and a title installer has permissions to install CIAs.
It is supposed to check signatures when the title is launched or on console boot (idr which). You need a cfw with sigpatches enabled in order to launch unsigned titles.

Apparently I had an account here and Chrome remembered it. Anyway I'm on 11.0.0-33E and all I get when I start Safehax is text that says "[!] PM INIT FAILED!" and you know it's serious because it's in red. Am I just stupid or am I missing something?