Arm9loaderhax cold boot CFW on sysnand

Discussion in '3DS - Flashcards & Custom Firmwares' started by mashers, Feb 20, 2016.

  1. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,154
    Jun 10, 2015
    Kongo Jungle
    Hi all

    I apologise if this has been discussed elsewhere or if there is a better place to post it, but some of the A9LH threads are really long now so I'm not sure whether what I'm asking has already been answered, and a search didn't turn up an answer. Basically I've got arm9loaderhax installed on my n3DS and I'm using the ReiNand emunand payload to boot my emunand from SD card. I'm wondering whether it is possible to replace the payload with one which will boot sysnand with sig checks patched, so it will be like running emunand but from sysnand. I don't care about safety as I have a hard mod.

    Thanks in advance!
     
    peteruk likes this.


  2. Vappy

    Vappy GBAtemp Advanced Maniac

    Member
    1,507
    1,154
    May 23, 2012
  3. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,154
    Jun 10, 2015
    Kongo Jungle
    Thank you! So it looks like I have to copy over the modified payload and ReiNand files, and create /rei/updatedsysnand to make ReiNand boot sysnand, right?

    If I do this, can I still update to 10.5 since A9LH is taking care of patching out checks, or would sysnand need to remain on 9.2?
     
  4. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    It will be safe to update to 10.5 (Her mod now has a patch which blocks updating NATIVE_FIRM, so your A9LH will stay intact). Just note that doing so leaves you without a way to run ARM9 homebrew like EmuNAND9 and Decrypt9 unless you make a 9.0-9.2 emuNAND (and then boot into it with 9.0 FIRM), for now (A9LH could be expanded to allow it from userland, in theory). If you're concerned, make a sysNAND backup if you don't have a recent one.
     
    peteruk likes this.
  5. peteruk

    peteruk GBAtemp Maniac

    Member
    1,399
    638
    Jun 26, 2015
    I feel this could lead (hopefully) to one of @mashers excellent tutorial guides at some point in the future :)
     
  6. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,154
    Jun 10, 2015
    Kongo Jungle
    Great, thanks! I'm going to give it a try with a new SD card to check I can cold boot sysnand Rei from A9LH. Thanks again guys!

    — Posts automatically merged - Please don't double post! —

    Heh, thanks mate :) Not sure a tutorial is truly needed, though migrating from emunand back to sysnand might be tricky.
     
    impulseADH and peteruk like this.
  7. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    You could extract all of the emuNAND partitions except for FIRM0 and FIRM1 using Decrypt9 and then just inject them to sysNAND directly.
     
    Aurora Wright likes this.
  8. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    10.5 sysNAND has its advantages though (no more double-installing GBA and DSi stuff!).
     
    impulseADH likes this.
  9. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    Couldn't a patch be written for emuNAND's TWL_FIRM/AGB_FIRM to correct that?
     
    peteruk likes this.
  10. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    DSi games access NAND directly in their code, so no. AGB_FIRM is possible but no one did that yet :D
     
    daxtsu likes this.
  11. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    Huh, so they don't have to go through any sort of security layer? I wonder if Myria's (I think it was hers) idea of using TWL_FIRM to inject ARM9Loaderhax (or something similar) could work then, given an OTP dump..but that's for another topic. :P
     
  12. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    It does, it was tested already.
     
  13. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    Which part, Myria's idea?
     
  14. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    Yeah. However that will only work until Nintendo makes system titles require higher FIRMs.
     
    daxtsu likes this.
  15. mashers
    OP

    mashers Stubborn ape

    Member
    3,837
    5,154
    Jun 10, 2015
    Kongo Jungle
    Ok, so here's what I'm thinking:

    1. Re-flash sysnand to remove A9LH
    2. Run Decrypt9 and dump the emunand partitions
    3. Inject the emunand partitions into sysnand (does decrypt9 do this?)
    4. Copy the contents of the emunand Nintendo 3DS folder to sysnand Nintendo 3DS folder
    5. Reinstall A9LH using the modified ReiNand files and payload to boot Rei to sysnand on cold boot

    Does that sound about right?
     
    peteruk likes this.
  16. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    If you leave out the FIRM0 and FIRM1 partitions (dump CTRNAND, TWLNAND, etc individually from emuNAND, don't make one large dump), you should be able to cut out just about all of those steps altogether. I could be wrong, but the sector A9LH lives in won't be affected by restoring emuNAND partitions unless you mess with the FIRM partitions.

    If you really want to do all of that though, it should be fine, yeah. Disregard then, see Aurora's answer.
     
    Last edited by daxtsu, Feb 20, 2016
    peteruk likes this.
  17. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    1-2-3 will bring you an updated system with no way of reinstalling A9LH. You have to just setup ReiNand now and do the things you mentioned (you can use Decrypt9 if you boot SysNAND with 9.0 FIRM with L+R, until you turn the updatedsysnand flag on).
     
  18. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,540
    3,929
    Jun 9, 2007
    Antarctica
    Will restoring CTRNAND, etc., to sysNAND, while ignoring FIRM0 and FIRM1 from emuNAND still cause him to be unable to use A9LH? I thought I read somewhere that it's okay to do that as long as the FIRM partitions are left out.
     
  19. DeathChaos25

    DeathChaos25 Unmei wo kaeru!

    Member
    1,301
    667
    Oct 21, 2015
    Wait so, if I hardmod my 3DS and install Arm9loaderHax this means I can use CFW on sysNAND in the latest FW and completely get rid of emuNAND?

    The point of emuNAND is twofold in that it allows you to have CFW access on lates FW which can't be done on sysNAND, while also being able to interact with the NAND easier, hardmod takes care of 2nd issue, but 1st issue still requires emuNAND.
     
  20. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    He said "Re-flash sysnand to remove A9LH". If he does that and then restore a 10.5 CTRNAND from emuNAND, he'll brick (as you can't use a 10.5 CTRNAND with 9.0 FIRM). If he flashes a whole emuNAND into sysNAND, he'll be on 10.5 and have no way to get back.

    Correct.
     
    daxtsu likes this.