Hacking Could "Downgrade Play" be possible?

I pwned U! · Dec 31, 2014

I have a friend who did not receive the news in time about not updating past 9.2.0. He is currently at 9.4.0.

After reading these threads about Download Play updates and installing older system title .cia files with spoofed versions to SysNAND not causing failed signature checks and allowing a 3DS to boot up properly, it made me wonder, could a ROM rebuilt with a 9.2.0 update (spoofed as one with higher versions of the titles with patched exploits using a program such as 3DNUS) and a local multiplayer mode allow me to downgrade his 3DS over Download Play with a spoofed "update?" Or would changing the update partition (even with properly signed firmware) change the game's signature and prevent his 3DS from detecting the game and/or installing the "update?"

If someone with NAND hardmods and more than one 3DS could test this out, that would be very helpful!

NyaakoXD · Dec 31, 2014

Welp, nothing he can do about it now. If he had a 3DS with a USB hardmod and backed up his NAND before updating to 9.4, then he might be able to flash it back to the previous firmware he was on.
Best bet is to get another 3DS that is on a lower firmware.

ground · Dec 31, 2014

well actually it is funny that you mention it. I don't expect it to work, but i don't know why not?

Kelton2 said:
Because, you know, we totally have the 3DS signing key.

what is a signing key? never heard of it, but you can rexor roms if that is what you mean. (or do you mean the signatures, which you can create yourself....)
or do you mean this:
https://gbatemp.net/threads/3ds-hack-we-hacked-it.339271/page-87#post-4508875

Jayro · Dec 31, 2014

The firmware is 3DS specific, so unless he had a backup of his NAND, there's nothing he can do but get another 3DS on 9.0-9.2

Thomas12345 · Dec 31, 2014

ur friend should just buy a Sky3ds, it works on all firmwares to date

insidestraight · Dec 31, 2014

Kelton2 said:
But no homebrew.

i'm sure he gives a damn about that...

TimeMuffin · Dec 31, 2014

I pwned U! said:
I have a friend who did not receive the news in time about not updating past 9.2.0. He is currently at 9.4.0.

After reading these threads about Download Play updates and installing older system title .cia files with spoofed versions to SysNAND not causing failed signature checks and allowing a 3DS to boot up properly, it made me wonder, could a ROM rebuilt with a 9.2.0 update (spoofed as one with higher versions of the titles with patched exploits using a program such as 3DNUS) and a local multiplayer mode allow me to downgrade his 3DS over Download Play with a spoofed "update?" Or would changing the update partition (even with properly signed firmware) change the game's signature and prevent his 3DS from detecting the game and/or installing the "update?"

If someone with NAND hardmods and more than one 3DS could test this out, that would be very helpful!

Only 3 things your friend can do now.

1) Get a Sky3DS
2) Swap out motherboards from one on ebay
3) Wait for Gateway to support higher firmware but that might be a while if ever.

ground · Dec 31, 2014

Kelton2 said:
To sign content (you know, signature verification...)

hmm i don't think that is how it works..... you can grab signatures from other games and hey still would be valid.

codedfox · Dec 31, 2014

Kelton2 said:
But no homebrew.

Not that it helps your friend but Homebrew with sky3ds works up to v9.2.0-20U through an exploit

NCDyson · Dec 31, 2014

ground said:
hmm i don't think that is how it works..... you can grab signatures from other games and hey still would be valid.

Uh, no, that is how it works. It's the whole reason you can't run devmenu, homebrew or hacked roms on sky3ds without an exploitable game. The signatures tell the system that the data is legit and that it's okay to execute the code. If you change the data, the key becomes invalid, and the console refuses to run the code.

ground · Dec 31, 2014

NCDyson said:
Uh, no, that is how it works. It's the whole reason you can't run devmenu, homebrew or hacked roms on sky3ds without an exploitable game. The signatures tell the system that the data is legit and that it's okay to execute the code. If you change the data, the key becomes invalid, and the console refuses to run the code.

Yeah i got that, but what i meant is that signatures can be created by ourself, we are also able to modify content in roms and run it.

example:
With the old gw fw we were able to modify rom contents and run it, but gw didn't patch the signature patch. So it technically it should be possible to add some own .cia's to an rom i think. The reason devmenu didn't work was because it was signed for developers 3ds's i thought .

Jasin · Dec 31, 2014

You can create your own signature but the 3DS will know it isn't a valid nintendo signature and reject it. If it was that easy. Someone could take over googles SSL cert.

But if you do that an go to https://www.google.com your browser will tell you it's not valid. Gateway might not care about the sig. But nintendo's firmware updater does.

Hacking Could "Downgrade Play" be possible?

I am pleased to beat you!

( ͡° ͜ʖ ͡°)

Well-Known Member

MediCat USB Dev

Well-Known Member

Active Member

Well-Known Member

Well-Known Member

Well-Known Member

Hello Boys...

Well-Known Member

Active Member

Similar threads

Popular threads in this forum