A glossary of 3DS hacking terms

Discussion in '3DS - Flashcards & Custom Firmwares' started by Swiftloke, Oct 2, 2016.

  1. Swiftloke

    Swiftloke Hwaaaa!

    Jan 26, 2015
    United States
    Hi, GBATemp. I've been seeing a lot of people who aren't sure where to start in 3DS hacking, and probably don't understand most of the terms used to them. Let's fix that.
    A disclaimer
    Another disclaimer
    All right, enough of this stupid disclaimer crap. Let's get to the good stuff.
    arm11: The main processor of the 3DS, this controls almost everything you see- the games that run, the HOME menu, CIA installation, and more. It's what handles practically everything the system will do.

    : The security processor of the 3DS. Checks signatures, handles NAND read/writing, encryption/decryption of content, and basically anything sensitive to security. Also handles backwards compatibility with DS games.

    : The processor whose only purpose is to handle DS/GBA backwards compatibility. Not really important, and turned off in 3DS mode.

    : A New-3DS security feature that intends to improve the boot security. Ironically is what breaks it (see below)

    : A boot-time exploit that allows unsigned code execution before the OS starts, allowing dumping of usually undumpable stuff. The gold standard of 3DS hacking. Info on installing it can be found here.

    : The first thing the processor executes, burned directly onto the chip at the factory. Contains extremely sensitive keys, and a whole lot of other secret stuff we don't know about. Locks the sensitive part of itself, meaning that later code execution (even A9LH) can't read it. Part of it is left unprotected, presumably so that the processor can read from it after the sensitive part is locked.

    : Custom Firmware, which requires an arm9 exploit to run. Usually its main use is to disable signature checks, and (in the past) boot emuNAND. Modern CFWs like Luma3DS allow for a lot more cool things, like requiring a PIN to start up, and showing the original GBA boot screen when booting a GBA game. See here for a list of CFWs.

    CIA files
    : CTR Installable Applications. The file format for 3DS apps. This is what you install to the 3DS to make * (* being anything, really; homebrew, commercial games, whatever) show up on the HOME menu. Usually needs an arm9 exploit to install (though there is an exception; see "Legit CIAs")

    : The codename for the 3DS. Take a look at the back of the original (Non-XL, Not-New) 3DS; you'll see CTR-001 on it. What it stands for is unclear.

    : Refers to installing an older version of the 3DS OS to open up old security holes. Common versions to downgrade to are 9.2, to get an arm9 exploit, and 2.1, to get the OTP. More info on how it works can be found here.

    DSiWare downgrading
    : A downgrade method that abuses DSi modes strange ability to access the entire NAND. (See "hardmod downgrade") Requires another hacked 3DS and $5.

    : An outdated solution to allow you to update to the latest version to play online using an emulated NAND stored on your SD card, while staying on a version with an arm9 exploit required to boot it. Useless now with A9LH.

    : Usually refers to a DS mode flashcart, to play DS games. This device (usually ~$5-10) is required to play DS ROMs.

    : Refers to what mode the 3DS is running in. NATIVE_FIRM is 3DS mode, of course, TWL_FIRM is DSi mode, NTR_FIRM is original DS mode, AGB_FIRM is GBA mode, and SAFE_FIRM is basically a... protected NATIVE_FIRM, which System Settings runs under (Ironically, it's not "safe" at all: it hadn't been updated since 3.0, so the old 9.2 arm9 exploit still worked on 11.2 if you booted into SAFE_FIRM). The 3DS must restart (in this case called a "firmlaunch") to change the currently running FIRM.

    : What the processor executes after the bootrom is done doing its secret stuff. Usually loads the OS. Is unencrypted on the Old 3DS; In the case of the New 3DS, arm9loader is there instead, which decrypts FIRM0/FIRM1 then jumps to it. FIRM1 is a backup of FIRM0 in case it gets corrupted somehow (usually a failed system update)

    : A hardware modification which allows NAND dumping by soldering 4 wires to the 3DS' NAND.

    Hardmod downgrade
    : A special method of downgrading which takes a NAND dump and replaces the dumps NATIVE_FIRM with an older one.

    : Exploits like ninjhax, oot3dhax or stickerhax (exploits in a game or the browser) which run The Homebrew Launcher, an arm11 launcher which can run .3dsx files. Generally not used due to the superior CFW.

    Legit CIAs
    : CIAs specially designed by Nintendo to have valid signatures on every console. Only needs an arm11 kernel exploit to install, as the arm11 kernel is what actually installs CIA files; the arm9 is OK with it since it's got a valid signature.

    : This can refer to one of two uses for the same thing: Exploits by yellows8 that take over arm11 while starting up the HOME menu. On versions above 9.2, this is usually used to load the Homebrew Launcher (its original purpose). On version 9.2, it's usually used instead to chain into the arm9 exploit present; this use is not recommended because of A9LH's superiority.

    New 3DS (n3DS)
    : The hardware revision of the 3DS released in 2015. Includes better processing power, more RAM, a special hardware video encoder/decoder that's normally used for the browser (but which NTR uses for its streaming capability), and more.

    : Basically the hard drive of the 3DS. Stores everything that isn't on the SD card, like the OS, keys, DSi apps, and so on.

    NTR CFW: A special Custom firmware that isn't really one. Started from a .CIA file, which means an arm9 exploit is required to run it. Allows for things like cheats, plugins, dumps, and streaming (On n3DS only, due to the increased processing power and video en/decoder; see "New 3DS")

    Old 3DS (o3DS)
    : The original version of the 3DS released on 2011. These include the original 3DS, the 3DS XL, and the 2DS, since they share the exact same internal hardware.

    : One Time Programmable, a file which is unique to each console and burned into the CPU, much like the bootrom. Is locked like the bootrom... except on versions 2.1 and under. Required for A9LH on o3DS.

    Plailect's Guide
    : Refers to the ultimate 3DS hacking guide, which is always updated and is extremely noob friendly. Found here.

    : The only process arm9 ever runs in 3DS mode. This is what actually does all the security checks.

    : A special part of a file that says that someone made this file and approves of it. In the 3DS scene, the signatures are always made by Nintendo. arm9 checks signatures of... (almost) everything installable, meaning taking it over is required to do anything fun.

    : The NAND that's actually stored on a chip inside the 3DS. With A9LH, it's possible to update this to the latest version and not lose CFW.

    Virtual Console (VC) Inject
    : A method of playing old games by injecting a ROM into Nintendo's official emulator (dubbed "Virtual Console") and replacing it with your own.

    Have I missed anything? Let me know! :)
    Last edited by Swiftloke, Jan 14, 2017

    FTRBND waifu

    Apr 3, 2016
    Saint Kitts and Nevis
    _____________ Dex: Complete
    We really need this pinned
    The_Smash_N00b, 'Don and MadMageKefka like this.
  3. MadMageKefka

    MadMageKefka GBAtemp Maniac

    Apr 28, 2016
    United States
    World of ruin
    Daaaamn @Swiftloke , You're really on a roll with the noob help. Nice post man! What about adding NTR CFW to the list? I see you have NTR_FIRM, but not NTR CFW or BootNTR.

    EDIT: Also, what about a space between each term? Or a bulleted list maybe. Not a big issue but slightly hard to read with everything so close.
    Last edited by MadMageKefka, Oct 2, 2016
    The_Smash_N00b and 'Don like this.
  4. 'Don

    'Don Man in a Box

    Dec 31, 2015
    Good thread! Maybe you could also explain what an exploit is?

    Edit: doesnt CIA mean "CTR importable archive"?
    Last edited by 'Don, Oct 2, 2016
    CrispyCola likes this.
  5. Kyouken

    Kyouken Repairer of the Breach

    Oct 31, 2015
    United States
    Thanks for this, Swiftloke. I've always wondered why the system restarts after exiting System Settings.
    The_Smash_N00b likes this.