Another, kinda-dumb firmware glitch that may downgrade

Discussion in '3DS - Homebrew Development and Emulators' started by Knucklesfan, Sep 25, 2016.

  1. Knucklesfan
    OP

    Knucklesfan GBAtemp Regular

    Member
    134
    58
    Sep 11, 2016
    United States
    now, I read up on this, and I learned that on your 3DS, there is an emergency backup on your system. Nintendo warns you to plug in your 3DS to a wall so that it doesn't die and corrupt the files. But, doesn't that mean that the backup will load if it is corrupted? So all you would have to do to revert back to whatever firmware you're from is to take out the battery, plug in your system, and then get the installing started, and then unplug. that will imedetly shut down the system, corrupt the files, and then the backup can do it's job. If your lucky, the backup would be a previous firmware, and you can do whatever you want with that firmware. just a theory that I don't think nintendo can stop.
     
  2. WeedZ

    WeedZ Possibly an Enlightened Being

    Member
    GBAtemp Patron
    WeedZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,976
    5,930
    Jan 13, 2015
    United States
    The State of Denial
    You go ahead and try that
     
  3. Knucklesfan
    OP

    Knucklesfan GBAtemp Regular

    Member
    134
    58
    Sep 11, 2016
    United States
    Ok, I will, I'm just worried that I'll get stuck on the 11.1 train, and I don't want to do THAT. (even though I have stickerhax lol)
     
  4. CitizenSnips

    CitizenSnips a seldom-used crab named Lucky

    Member
    630
    547
    Mar 10, 2015
    United States
    I think you would just break your device tbh
     
  5. zoogie

    zoogie simple pimp tool

    Member
    6,573
    8,463
    Nov 30, 2014
    United States
    The "emergency backup" you're referring to is safe firm and safe "X" titles and is just enough to boot your corrupted system in a usable enough state to download and install the most current firmware pack from NUS. FIRM1 is an identical backup to FIRM0 and wont help either.
     
    Last edited by zoogie, Sep 25, 2016
  6. TheCyberQuake

    TheCyberQuake Certified Geek

    Member
    3,441
    2,291
    Dec 2, 2014
    United States
    Las Vegas, Nevada
    That's just not how it works OP. If it were that easy we would already be using it as a method.
    @zoogie covered the details correctly so I won't repeat it.
     
    Tomy Sakazaki likes this.
  7. Knucklesfan
    OP

    Knucklesfan GBAtemp Regular

    Member
    134
    58
    Sep 11, 2016
    United States
    Hold the phone: Did you just say "Download and install the most current firmware pack, right? So what if we took that link, using our wifi network, and rerouted it to a different download server, with the 9.2 firmware, looking like its 11.1. Thus forth, downloading the incorrect firmware version, to the system.
     
  8. SomeGamer

    SomeGamer GBAtemp Guru

    Member
    5,804
    2,773
    Dec 19, 2014
    Hungary
    Wouldn't work, we couldn't sign the CIAs, let alone spoof the SSL connection.
     
    DrCrygor07 likes this.
  9. Zidapi

    Zidapi GBAtemp Psycho!

    Member
    3,045
    1,826
    Dec 1, 2002
    No.
     
    Tomato Hentai, gnmmarechal and Wojton like this.
  10. TheCyberQuake

    TheCyberQuake Certified Geek

    Member
    3,441
    2,291
    Dec 2, 2014
    United States
    Las Vegas, Nevada
    Again if it were that easy we would already be doing it. You aren't the first one to say something like that. It just doesn't work like that, Ninty has safety measures in place to stop that from happening
     
    Tomy Sakazaki likes this.
  11. Joom

    Joom  ❤❤❤

    Member
    4,290
    2,948
    Jan 8, 2016
    United States
    There's a way to host your own update server. Plailect's old guide covered it, but this still wouldn't work.
     
    Last edited by Joom, Sep 25, 2016
  12. WeedZ

    WeedZ Possibly an Enlightened Being

    Member
    GBAtemp Patron
    WeedZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,976
    5,930
    Jan 13, 2015
    United States
    The State of Denial
    I just thought of something else. Your talking about using the backup to restore an older fw version right? So let's say the backup did contain a full fw install. And let's say you accidentally updated from 9.2 to 11.1. You would have to wait for a new fw update in order to start the update process. And let's say pulling the power did work and it restored a full fw backup. Wouldn't that backup just be 11.1 being the last fw you were on?
     
  13. PabloMK7

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,827
    1,137
    Feb 21, 2014
    Spain
    Yoshi's Island
    • Already answered, but anyway...
      1st: The "backup" you are talking about is the SAFE mode, it can only launch a limited OS to enter system settings and prompt you to update. And exploit would need to be found there, since SAFE titles almost never update (iirc) and may have exploits fixed outside SAFE mode (memchunkhax). The problem is you can't do anything other than press A to update your system.

      2nd: Nintendo servers are hosted with SSL. If the 3ds checks that the ssl is wrong it'll stop the connection. (Youtube app didn't use it that's why tubehax was possible). But assuming that you manage to spoof the ssl:

      3rd: The 3ds can't install a title if the one present in the system is a newer version. Trying to install 9.2 (lets assume ver 45) titles on 11.1 (lets assume ver 90) won't work because 45 < 90.
     
    Last edited by PabloMK7, Sep 26, 2016
    Gaming796 likes this.
  14. PabloMK7
    This message by PabloMK7 has been removed from public view by raulpica, Sep 29, 2016, Reason: Dupe -rp.
    Sep 26, 2016
  15. Clydefrosch

    Clydefrosch GBAtemp Psycho!

    Member
    4,144
    1,195
    Jan 2, 2009
    Gambia, The
    but its not a full backup. its just enough of a fix to connect to the official servers to download the latest firmware.
     
  16. PabloMK7

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,827
    1,137
    Feb 21, 2014
    Spain
    Yoshi's Island
    I'm just wondering, you can actually get to the wifi configuration menu. Maybe an exploit can be found there, like using wrong SSID or corrupted data packets. If it's true that SAFE titles may have exploits fixed in normal mode, then it might be useful...
    (Also will nintendo be able to update SAFE titles? They cannot risk destroying the purpose of it, never update them to prevent update corruptions)
     
    Last edited by PabloMK7, Sep 26, 2016
    mironicurse and neim81094 like this.
  17. WeedZ

    WeedZ Possibly an Enlightened Being

    Member
    GBAtemp Patron
    WeedZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,976
    5,930
    Jan 13, 2015
    United States
    The State of Denial
     
  18. SomeGamer

    SomeGamer GBAtemp Guru

    Member
    5,804
    2,773
    Dec 19, 2014
    Hungary
    AFAIK that required NTR and all it did is update to a specific version.
     
  19. Knucklesfan
    OP

    Knucklesfan GBAtemp Regular

    Member
    134
    58
    Sep 11, 2016
    United States
    That does sound reasonable. I think that if we are able to find an exploit in there, we can prompt the downgrade session. Also, if you think about it, if it loads into SAFE, we can might be able to access the 3ds files, and replace the file that specifies the SSL, thus forth allowing us to gain access to override the files, and boosh. Downgrade away.
     
  20. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    1,512
    815
    Feb 2, 2014
    United States
    Oh no...not another one of these threads.
     
    civickm, natanelho, Lilligant and 3 others like this.
  21. Knucklesfan
    OP

    Knucklesfan GBAtemp Regular

    Member
    134
    58
    Sep 11, 2016
    United States
    Hey, I actually thought this one out, and this has a chance, if you think more into it
     
  22. godofwrath

    godofwrath GBAtemp Fan

    Member
    380
    194
    Sep 30, 2007
    it wouldn't work on 11.0+ since they added a firm version check, so if you could somehow manage to get it to boot into the recovered safe firm (which is not a backup of an older firm, it's more like safemode with a guest account on windows is probably a better way to describe it?) then somehow spoof an update server for the 11+ fw, the 3ds itself would reject anything less than 11+. It's just all not possible right now... Publically... Maybe we'll see a way around it nearer E.O.L, but I think people are probably gonna hold off on releasing anything astounding in that field any time soon.

    Though, I've basically just reiterated what zoogie said. It was a nice thought, but it's just not gonna happen right now.:)