Homebrew Did anyone find out why... (Downgrade softbrick)

  • Thread starter Thread starter pofer
  • Start date Start date
  • Views Views 2,863
  • Replies Replies 23

pofer

Well-Known Member
Member
Joined
Jan 4, 2016
Messages
362
Reaction score
113
Trophies
0
Location
Somewhere around the corner
XP
351
Country
United States
Did anyone find out why some people always softbricked their consoles while downgrading without formatting first ?


As some of us experienced it , while downgrading everything seemed to install just fine using sysupdate but you always ended up with a softbrick no matter what you tried

In my case I had 5 softbricks (using 3 different entry points) before I finally was able to downgrade it

And it all was fixed by formatting the console ! I had mine downgrade on the first try after doing it

So did anyone find out why some people were experiencing that ? I know it's not too common but it's worth the try to know why it happened
 
Some people reported including me that when you already installed a Legit CIA using memchunkhax2 FBI, after downgrading you will be meet with a softbrick. After formatting, it fixes the softbrick. Some people suggest that FBI corrupts enough the ticket so that you will be able to install Legit CIA making the system softbrick
 
I downgraded two consoles,both with legit CIA installed and no softbrick. (O3DSes XL,10.3,one with the first sysUpdater with a N3DS brick probability over 9000,and the another with SafeSysUpdater)
 
Downgraded two O3DSs which had legal CIAs on them, but all installs were through NASA. No softbricks.
 
this might not mean anything, but after accidentally bricking a console messing with movable.sed, I found out this file in NAND also deals with encryption with some files in the NAND (not just SD files). this gets changed when you format or transfer, which could be connected to why formatting fixes soft-bricks if a console has been getting them.

https://3dbrew.org/wiki/Nand/private/movable.sed
 
Last edited by ihaveahax,
this might not mean anything, but after accidentally bricking a console messing with movable.sed, I found out this file in NAND also deals with encryption with some files in the NAND (not just SD files). this gets changed when you format or transfer, which could be connected to why formatting fixes soft-bricks if a console has been getting them.

https://3dbrew.org/wiki/Nand/private/movable.sed
Interesting. Do you know what actually happens to the file when you format the NAND? This is an interesting quote from that 3dbrew page:

Movable.sed always exists on retail and development units(written to NAND at the factory), however if reading this file fails(svcBreak would be executed if the file-readcode-path return value is 0xC8804464) the system will fall-back to using a console-unique keyY already in memory

I wonder whether it's the use of the fall-back key which allows the downgrade to succeed, and if deleting Movable.sed is sufficient to cause this to happen. If so, could sysupdater have an option to remove Movable.sed?
 
Interesting. Do you know what actually happens to the file when you format the NAND?
not really...all I know is that it's changed at format/transfer.
I wonder whether it's the use of the fall-back key which allows the downgrade to succeed, and if deleting Movable.sed is sufficient to cause this to happen. If so, could sysupdater have an option to remove Movable.sed?
what we did was try moving movable.sed from one console to another. neither of us did our research, and so this caused a hard brick that can only be fixed by restoring a NAND dump (which we have, thankfully). the backlight wouldn't even turn on.

I suppose you could try making an emunand backup, then delete it somehow (dump emunand and use xorpads? or dump pre-decrypted?) and see what happens.
 
not really...all I know is that it's changed at format/transfer.

what we did was try moving movable.sed from one console to another. this caused a hard brick that can only be fixed by restoring a NAND dump (which we have, thankfully). the backlight wouldn't even turn on.

I suppose you could try making an emunand backup, then delete it somehow (dump emunand and use xorpads? or dump pre-decrypted?) and see what happens.
Is it possible to delete files from sysnand? I've got a hard mod now so I can try this safely... though I don't know how to test the effects even if the 3DS boots, since I've got a clean 9.2 sysnand so would presumably be able to downgrade from 10.3 cleanly even if I updated.
 
Is it possible to delete files from sysnand? I've got a hard mod now so I can try this safely... though I don't know how to test the effects even if the 3DS boots, since I've got a clean 9.2 sysnand so would presumably be able to downgrade from 10.3 cleanly even if I updated.
if you have a NAND dump, you can generate an xorpad using Decrypt9 (XORpad Generator Options -> CTRNAND Padgen). then use this xorpad with 3DSFAT16tool.

Decrypt9 can also dump NAND partitions already decrypted (SysNAND/EmuNAND Options -> Partition Dump... -> Dump CTRNAND Partition), though I haven't tested it myself. you'll probably need to add ".iso" to the end or something to easily mount it on OSX.

(oh and don't be silly like me and overwrite your NAND dump trying to use a xorpad)
 
if you have a NAND dump, you can generate an xorpad using Decrypt9 (XORpad Generator Options -> CTRNAND Padgen). then use this xorpad with 3DSFAT16tool.

Decrypt9 can also dump NAND partitions already decrypted (SysNAND/EmuNAND Options -> Partition Dump... -> Dump CTRNAND Partition), though I haven't tested it myself. you'll probably need to add ".iso" to the end or something to easily mount it on OSX.

(oh and don't be silly like me and overwrite your NAND dump trying to use a xorpad)
Can you do it on the device directly? Modifying and rewriting a NAND dump is clearly not going to be an option for potential downgraders, but I'm wondering whether there's a way of doing it in software the way sysupdater or NASA do it. In other words, use one of these tools to remove or overwrite movable.sed before initiating the downgrade. Again, this is all predicated on the assumption that it will even make a difference, let alone that removing the file won't brick the console...
 
Can you do it on the device directly? Modifying and rewriting a NAND dump is clearly not going to be an option for potential downgraders, but I'm wondering whether there's a way of doing it in software the way sysupdater or NASA do it. In other words, use one of these tools to remove or overwrite movable.sed before initiating the downgrade. Again, this is all predicated on the assumption that it will even make a difference, let alone that removing the file won't brick the console...
overwriting movable.sed is probably a bad idea since it deals with SD encryption, so most people don't want to lose their digital saves and stuff. also this could be totally wrong but I think you would need direct NAND access to arbitrarily delete any file in it (like movable.sed), and that requires an ARM9 kexploit.
 
Last edited by ihaveahax,
overwriting movable.sed is probably a bad idea since it deals with SD encryption, so most people don't want to lose their digital saves and stuff. also this could be totally wrong but I think you would need direct NAND access to arbitrarily delete any file in it (like movable.sed), and that requires an ARM9 kexploit.
Ahh, catch 22 then. Ahh well, it was a nice idea. TBH I think anyone who wants kernel access that badly would be better off getting a hardmod installed. It's not expensive to get someone else to do it, and it means your NAND is safe forever ;)
 
Ahh, catch 22 then. Ahh well, it was a nice idea. TBH I think anyone who wants kernel access that badly would be better off getting a hardmod installed. It's not expensive to get someone else to do it, and it means your NAND is safe forever ;)
kind of expensive for us to get a hard mod in the US, and I don't think we trust our soldering skills to do it ourselves. but we're doing it anyway since we have to.

I'm interested in seeing what Gateway is going to bring in terms of downgrading. in my experience, if the console came with 9.6+, or was formatted/transferred to some time after being updated to 9.6, then it won't soft-brick when downgrading.
 
When I downgraded my 9.5 O3DS, I'd installed a legit CIA beforehand and it downgraded at first try, so I believe legit CIAs aren't an issue. I used that very unstable first build of FBI to downgrade.
 
hi! i had six legit cia games installed on my n3ds xl 10.3.0-28 before downgrading. everything worked well after a good number of tries. i used safesysupdater. hopefully that helps!
 

Site & Scene News

Popular threads in this forum