Hacking 3Down - CTRNAND Downgrade

[OrGoN3]

Ok after around 7 hours I finally managed to completely clean that sh*t up. big thanks to @aut0mat3d for helping me out also!

--------------------- MERGED ---------------------------

@ColtonDRG you wanted me to tag you.

So, does that mean all magnet links on the site are for the updated, scrubbed/cleaned images that won't get a Ninty ban?

 

[proflayton123]

So, does that mean all magnet links on the site are for the updated, scrubbed/cleaned images that won't get a Ninty ban?

Nor brick your system.

 

[OrGoN3]

Nor brick your system.

Stalker jkjkjkjk

 

[Blurr_]

Since a lot of people were complaining about 11.4 breaking NTR's streaming feature and wanting to Get Back to 11.3 without SysDowngrader / Having a NAND Backup (whyever), I am presenting you:
3Down
This is NOT violating any Terms in here, since the ctr images are torrent-hosted like in 3ds.guide
ATM I am seeding everything by myself so seeders are needed to even get this to work faster
So there you go this is hopefully helpful.

[SPOILER="Secure" Providing a ctrtransfer:]
Thx to @Altimit for stating 4 the need of scrubbing!
If you want to share ctrtransfer dumps, you have to clean them to not provide personal data to the Public!
To Clean/Scrub a ctrtransfer dump you should:
Godmode9 Part:

• Mount a public ctrtransfer.bin which matches your 3DS and Region (for Example: 9.2.0-20E_ctrtransfer_n3ds)
• Copy the following Files to a Folder on the SD-Card:

/dbs/ticket.db
/private/movable.sed
/rw/sys/LocalFriendCodeSeed_B
/rw/sys/SecureInfo_A

• Mount your ctrtransfer.bin
• Copy and replace the following Files you extracted one step before in your ctrtransfer.bin:

/dbs/ticket.db
/private/movable.sed
/rw/sys/LocalFriendCodeSeed_B
/rw/sys/SecureInfo_A

• Delete the .sha for your ctrtransfer dump
• Generate a new .sha for your modified dump

PC-Part:
Copy the ctrtransfer.bin and ctrtransfer.sha from SD-Card to your PC
Open the ctrtransfer.sha with a Hexeditor
Append HEX Value 02 (0x02) at the end of the File
Example:

Hash before modification:
E7 B9 5B 8C 3F EC E4 92 FC 2E D1 65 31 9E 54 27 6A 08 5F DC DC F1 AC 5F E2 85 B4 03 F2 6D 17 61
Hash after modification:
E7 B9 5B 8C 3F EC E4 92 FC 2E D1 65 31 9E 54 27 6A 08 5F DC DC F1 AC 5F E2 85 B4 03 F2 6D 17 61 02

It is not clear why safectrtransfer adds 0x02 to the Hash, perhaps it is some sort of Protection or EOF Checking - whatever

Technical Detail:
When flashing the ctrtransfer Image via Decrypt9,
/dbs/ticket.db
/private/movable.sed
/rw/sys/LocalFriendCodeSeed_B
/rw/sys/SecureInfo_A
and additionally configsave.bin
will be saved from your console Flash and restored after ctrtransfer. Unfortuanally Decrypt9 will not do its job when these files are missing, so this is why we have to replace them in the .bin
[/SPOILER]

Update: finally manged to clean the images after 7 hours with help from @aut0mat3d
Update: Quick How2 to make your own ctrtransfer dumps "safe" by @aut0mat3d
Update: 11.2 / 11.3 o3ds EUR are live!
Update: 11.2 USA o3ds is Live! big thanks to @Yuan !
Update: added friendsave.bin dump + inject to prevent eventual loss of friendlists.
Update: added (obvious) Emunand instructions at Section 3 for Emunand users
Update: cleaned it up a bit, should be easier to see everything now.
Update: 11.2 Eur + 11.4 Eur + Tik bkup/restore is added

I found it why my tickets have not been dumping, I do not have a ticket.db file. I do not know why and I have no idea where it went. Do you have any idea?

 

[proflayton123]

I found it why my tickets have not been dumping, I do not have a ticket.db file. I do not know why and I have no idea where it went. Do you have any idea?

Re-dump/generate it

 

[Blurr_]

Re-dump/generate it

You are everywhere and it scares me

 

[proflayton123]

You are everywhere and it scares me

I hope it does

 

[Blurr_]

Re-dump/generate it

How do I generate it..?

 

[adrifcastr]

So, does that mean all magnet links on the site are for the updated, scrubbed/cleaned images that won't get a Ninty ban?

I don't really understand what you mean by that, I am pretty sure the localfriendcodeseed which I extracted from the 9.2 image is already banned, so if someone wants to purposely ban my 3ds by trying to use this localfriendcodeseed he wouldn't even be able to go online.

 

[Slowbeatle]

Backed up nand of 11.4, backed up friendsave, backed up tickets.

Everything installed fine, but when i go to friends it tells me to create a mii and no friends show up.

Do i lose it in this process?

 

[proflayton123]

Backed up nand of 11.4, backed up friendsave, backed up tickets.

Everything installed fine, but when i go to friends it tells me to create a mii and no friends show up.

Do i lose it in this process?

Did you re-inject your friends save? and backup your LCFS_FriendCode?

 

[Slowbeatle]

Did you re-inject your friends save? and backup your LCFS_FriendCode?

I did re-inject my save. How do i backup lcfs_friendcode?

 

[proflayton123]

I did re-inject my save. How do i backup lcfs_friendcode?

You should of backed it up before doing it imo. You may be left with no friends now? :v

 

[Slowbeatle]

Nah, i restored 11.4 and have them again. I'll try that now. Thanks

 

[Slowbeatle]

You should of backed it up before doing it imo. You may be left with no friends now? :v

This is odd. Where are miis stored? I tried to import my mii save and they dont show up :sigh:

 

[PabloMK7]

Is it normal that I'm getting an average of 40KB/sec of download speed? :/

 

[adrifcastr]

Is it normal that I'm getting an average of 40KB/sec of download speed? :/

Yes I apologize, the new files are just being seeded by me and my internet is sh*t

 

[proflayton123]

Yes I apologize, the new files are just being seeded by me and my internet is sh*t

I'm seeding all of the image currenfly

 

[PabloMK7]

1. Launch Decrypt9WIP
2. Navigate to Ticket/Titlekey Options
3. Navigate to SysNAND Options / EmuNAND Options if you are using this guide on an EmuNAND
4. Navigate to System Save Inject…
5. Select Inject friendsave.bin
6. Put in the given Code to unlock NAND writing and confirm the injecton
7. Launch FBI
8. Navigate to SD -> files9
9. Navigate to current directory
10. Hit A
11. Select Install and delete all Tickets and hit A to install
12. Press B to decline Titles being downloaded from Ninty’s CDN Servers DONE

Huh? Step 2 seeems to be wrong... also FBI is not showing any option to install all tickets. (Decrypt9 just creates enctitlekeys.bin)

 

[manupera]

Still don't know how to restore my tickets since they get dumped in a .bin file and with FBI I can't do anything with it.
Also, what is this:
">Launch Decrypt9WIP
>Navigate to Ticket/Titlekey Options
>Navigate to SysNAND Options"