1. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Hi guys, I'm still wondering what's with my downgraded 2ds unit. A little situation first: I downgraded it using TuxSH downgrader with the corresponding 9.2.0-20E full update set. The downgrade was done from 10.3.0-28E. An emunand of the downgraded system was made, and then updated to 10.3.0-28E. Downgrade-check homebrew says sysnand it's ok so NATIVE_FIRM appears to be running in the desired version but still I don't think everything is allright.

    Main issue appears to be coming in two fronts, all in emunand:
    1. There seems impossible for apps to gain kernel execution in Homebrew Launcher. Injected apps in Health and Safety are gaining kernel execution fine.
    2. My DS mode flashcart makes a blackscreen to death. Every. Single. Time.

    The two issues are not happening in sysnand.

    So I've decided to dwelve in the inner halls of my nand and I came back with detailed info of whats going in there, hoping a 2ds user with a native (no downgraded) 9.2 firm can compare nands with me.

    Code:
    Title UID   Version     Category   Product Code
    00002703   0     System     0107builder
    00001a03   0     System     0107builder
    00001b03   0     System     0107builder
    00001c03   0     System     0107builder
    00001d03   0     System     0107builder
    00001e03   0     System     0107builder
    00001f03   0     System     0107builder
    00002103   0     System     0107builder
    00002203   0     System     0107builder
    00002303   0     System     0107builder
    00002403   0     System     0107builder
    00001803   0     System     0107builder
    00002903   0     System     0107builder
    00002a03   0     System     0107builder
    00002c03   0     System     0107builder
    00002e03   0     System     0107builder
    00002f03   0     System     0107builder
    00003103   0     System     0107builder
    00003203   0     System     0107builder
    00003303   0     System     0107builder
    00008003   0     System     0107builder
    00001503   0     System     0107builder
    00001703   0     System     0107builder
    00001f02   2000     System     0328builder
    00002002   800     System     0328builder
    00001b02   800     System     0328builder
    00002a02   800     System     0328builder
    00002302   c00     System     0328builder
    00002d03   1400     System     0417builder
    00001a02   1400     System     0430builder
    00002102   800     System     0430builder
    00001e02   c04     System     0609builder
    00002202   2403     System     0609builder
    00002402   2000     System     0710builder
    00001802   1c00     System     0710builder
    00003702   1400     System     0710builder
    00002d02   2800     System     0710builder
    00003202   2000     System     0710builder
    00002802   1801     System     0716builder
    00004002   1801     System     0812builder
    00002602   2800     System     0828builder
    00002702   1400     System     0828builder
    00002e02   1c00     System     0828builder
    00003102   1400     System     0828builder
    00003802   1800     System     0828builder
    00008002   3800     System     0828builder
    00001502   2000     System     0828builder
    00001602   2400     System     0828builder
    00003302   2000     System     0828builder
    00002f02   1c00     System     0828builder
    00001c02   2800     System     0828builder
    00002902   3000     System     0828builder
    00001d02   2400     System     0828builder
    00001702   3002     System     0908builder
    00002b02   1c01     System     0908builder
    00003402   2c02     System     0908builder
    00003502   1803     System     0908builder
    00002c02   2809     System     0922builder

    Code:
    Title UID   Version     Category   Product Code
    00014302   400     System     (N/A)
    00014202   400     System     (N/A)
    00014102   400     System     (N/A)
    00014002   0     System     (N/A)
    00011d02   0     System     (N/A)
    00011c02   0     System     (N/A)
    00011b02   0     System     (N/A)
    00011802   0     System     (N/A)
    00011702   0     System     (N/A)
    00011502   0     System     (N/A)
    00011302   0     System     (N/A)
    00011202   0     System     (N/A)
    00010602   2     System     (N/A)
    00010202   0     System     (N/A)
    00015102   800     System     (N/A)
    00010402   1002     System     (N/A)
    00013102   1400     System     (N/A)
    00012102   2404     System     (N/A)

    Code:
    Title UID   Version     Category   Product Code
    00018202   802     System     (N/A)
    00010702   1000     System     (N/A)
    00010002   0     System     (N/A)
    00010802   0     System     (N/A)
    00018102   401     System     (N/A)
    00019002   402     System     (N/A)
    00018002   c06     System     (N/A)

    Code:
    Title UID   Version     Category   Product Code
    484e4841   2c00     TWL     (N/A)
    484e4c41   0     TWL     0

    Code:
    Title UID   Version     Category   Product Code
    00017102   2420     System     (N/A)
    00016102   140     System     (N/A)
    00010502   3800     System     (N/A)
    00010302   1800     System     (N/A)

    Code:
    HA3P
    HAAP
    HACP
    HADA
    HAEP
    HAFP
    HAGA
    HAHP
    HARP
    HASP
    HBRP
    HCBP
    HCCP
    HCHP
    HCRP
    HCSP
    HDLP
    HEDP
    HEEA (00040030 0000c502)
    HEEA (00040030 0000c503)
    HEPP
    HESP
    HFRP
    HGMP
    HGRP
    HKYP (00040030 0000d002)
    HKYP (00040030 0000d003)
    HMAP
    HMCP
    HMEP
    HMKP
    HMMP
    HMSP
    HMVP
    HSHP

    Code:
    CTAP (00040138 00000002)
    CTAP (00040138 00000003)
    CTAP (00040138 00000102)
    CTAP (00040010 00025000)
    CTAP (00040030 00008a03)
    CTAP (00040030 00008a02)

    Code:
    dlplay (00048005 484e4441) 400 TWL
    DS INTERNET (00048005 42383841) 800 TWL

    You can help either checking each title with yours by using FBI in delete title mode with destination NAND (Don't erase anything!) and checking the list, or already knowing/detecting a problem in the nand. Any help is apreciated.

    Could be better to run standart sysUpdater downgrade to 9.2 in sysnand? What could be causing my emunand issues?

    I would like to get it something as close as a no downgraded system as possible.

    Thanks in advance.
     
    Last edited by Urbanshadow, Jan 13, 2016
  2. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    I'm checking my things right now with this. Please let me know if you find anything.
     
  3. Spaqin

    Spaqin GBAtemp Regular
    Member

    Joined:
    Feb 17, 2015
    Messages:
    123
    Country:
    Poland
    Uhh, yeah. You're running an updated version of the system in the emunand, obviously, they won't have kernel access in HBL. Because it's updated, and exploits used there - patched. Apps not injected, but installed w/ FBI/BBM/whatever (which you can inject) should have no problems.

    Known emuNAND issue - DS games don't work.
     
  4. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Thing is, FBI 3dsx did not work in emunand 9.2 being that the main reason why I updated the emunand. So something is definetly wrong there. (please don't go into the dbs fbi problem). Error found is the same on 9.2 and 10.3 emunand.

    DS Mode flascarts run just fine on my n3ds 9.5 emunand.
     
    Last edited by Urbanshadow, Jan 13, 2016
  5. MassExplosion213

    Member

    Joined:
    Feb 15, 2015
    Messages:
    1,464
    Country:
    United States
    It's because emunand is launched with 9.6 NATIVE_FIRM.
     
    Deleted User likes this.
  6. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Ok. Is this 9.6 native_firm the one residing in the firmware.bin of the cfw or exists in the nand itself? Should I do anything to sysnand then?
     
    Last edited by Urbanshadow, Jan 13, 2016
  7. MassExplosion213

    Member

    Joined:
    Feb 15, 2015
    Messages:
    1,464
    Country:
    United States
    It's in the firmware.bin. unless you use cakes, there's nothing you can do to get hb to get kernel. 9.6 fixed the original memchunkhax, which most of them use. ( Well, memchunkhax was patched in 9.3, but you get the point.)
     
  8. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Thing is i'm using cakes all time. Can I fix this then?
     
  9. Aroth

    Aroth GBAtemp Addict
    Member

    Joined:
    Apr 14, 2015
    Messages:
    2,066
    Country:
    United States
    @Urbanshadow

    The info you posted in your OP, is that from your emunand or sysnand?

    Asking because if its your emunand then all of those "Known Useless 10.3 titles for 9.2:" titles should be there. If its your sysnand then its a slightly different story (though most of them should still be there near as I can tell)

    edit:

    A cursory inspection of the installed versions of certain titles suggests that it is your sysnand, but I will wait for a confirmation before continuing
     
    Last edited by Aroth, Jan 13, 2016
  10. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    It's sysnand of course. It's no use I went that down into emunand. If you need any more info (like CTR titles versions and id's) or think there's some mistake copying just say it.
     
  11. Aroth

    Aroth GBAtemp Addict
    Member

    Joined:
    Apr 14, 2015
    Messages:
    2,066
    Country:
    United States
    I think you covered all the needed info in your OP. That was masterfully written dude.

    I can tell you what the following titles are, and most are not useless and need to be there even on 9.2 for things to work right)

    00048005 484E4441 - Download Play application for DS mode, present since 2.0.0 and never updated.
    00048005 484E4841 - DS Cart Whitelist, last updated in 7.0.0 (unless you installed bluecardfix.cia, in which case that overwrote this.
    00040130 00001A02 - DSP system-module (required for some sound stuff)
    00040130 00001B02 - GPIO system-module (required for something im sure, sounds graphics or maybe sound related)
    00040130 00004002 - Old3DS nfc system-module (added with 9.3, not present on 9.2 and below)
    00040030 00009E02 - USA amiibo Settings (included with 9.3, not present on 9.2 and below, also how in the hell did you end up with this on a EUR system?)
    00040030 00009502 - JPN amiibo settings (introduced with 9.3, not present beforehand. Again, how did you get this??)
    0004001B 00019002 - Fangate_updater (no idea what this is, but it appears to have been introduced in 9.3)
    0004009B 00010402 - Not sure what this is, but it has been present since 2.0.0, so I would leave it.
    0004001B 00010802 - No idea, but it was introduced in 6.3.0 so I would leave it alone.
    00040030 0000B902 - EUR amiibo Settings (introduced in 9.3 so feel free to purge it from sysnand)

    To summarize the following were all introduced with 9.3 and can PROBABLY be safely purged from your 9.2 sysnand (do not remove them from your emunand)

    00040030000B902
    000400300009502
    000400300009E02
    000401300004002
    0004001B0019002

    The quick glance I took at your other titles showed at least one that did not get downgraded when you went from 10.3 to 9.2, so I will probably need to thoroughly go over them all to find which ones need downgrading and which ones need to be deleted. To make matters worse, the ones needing downgrading will likely need to be pulled from multiple sources.

    BTW, this is the very reason N3DS users have so many semi-bricks and random glitches after downgrading. The 9.2 SOAP reply didn't include entries for titles updated between 2.x and 8.x but not updated on 9.0 because those titles were already present on the system from the factory. Basically Nintendo culled them from N3DS SOAP replies to save on bandwidth (why have the system download titles that EVERY unit already has, makes sense)
     
    Last edited by Aroth, Jan 13, 2016
  12. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Thanks! Mastering bbcode takes a while!

    It's ok to use FBI in sysnand (with pasta) and remove one by one? Should I expect any boot problems afterwards?

    Now I'm worried.
    Will my o3ds on native 9.2 work for that? I could perhaps dump some titles from it with decrypt9 and replace the 2ds ones with them?

    Oh and the titles that state "Not Found" are not in my system (I have just the eur amiibo settings). The "useless" titles where borrowed from a source code.

    Update: Just deleted 00040030000B902 and 0004001B0019002. Sysnand boots ok. Waiting for instructions.
     
    Last edited by Urbanshadow, Jan 13, 2016
  13. Aroth

    Aroth GBAtemp Addict
    Member

    Joined:
    Apr 14, 2015
    Messages:
    2,066
    Country:
    United States
    You will have to use FBI to do it, probably in a mode without Firmlaunch active (think pasta/dev mode for rxTools). I can't be 100% certain but since the titles I listed are all related to amiibo or nfc (which was introduced in 9.3), you SHOULD be fine. The usual disclaimers and warnings about fucking with sysnand apply. Make sure you have a clean backup (obviously you do) and preferably a hard-mod or the ability to get one.

    If you have an O3DS on 9.2 then you actually should just be able to compare the nands and any titles on the 2DS 9.2 nand that are not present on the O3DS 9.2 nand can likely be safely deleted (usual disclaimer, etc.), assuming that both systems are the same region. Finding the ones that should be there but didn't get downgraded properly is a bit harder.

    Essentially you will need compare the installed version of each title installed with the 9.0 SOAP reply and see if the installed version is higher than the version listed on the reply. If it is, then you need to download the most recent version (as of 9.0/9.2) and install it, probably using sysupdater. Since you got far enough to use CFW, you can PROBABLY use the official version of sysupdater to handle this, but I make no promises.

    Use this SOAP reply to compare versions:
    http://yls8.mtheall.com/ninupdates/titlelist.php?date=10-06-14_08-25-03&sys=ctr&reg=P&soap=1

    This is obviously a 9.0 reply and you are comparing against 9.2, but that is ok. The 9.2 reply was bugged and didn't get generated properly for any region but JPN, so it can't be used. However, there are only two titles updated in 9.2 so if you keep that in mind the reply is still good. The first title is CVer (000400DB00017102) , which I can confirm is the 9.2 version (you can too because it shows up as 9.2 in system settings). The other is the HomeMenu (0004003000009802), which oddly enough I do not see in your list of titles, so I'm not sure whats up there. I can tell you the version you see should be between 2C08 (9.0) and 3412 (9.3).

    Also keep in mind that the title version listed in your post is in hexadecimal, the versions on the SOAP reply are in decimal. It's a straight conversion, nothing funny.
     
  14. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    That is because is detected as CTR-N-HMMP and I did not post the titleid's from them. I do have 0004003000009802 and the reported version is 3000, which is indeed between 2C08 and 3412. I'll start the soap version comparison now, it will take a while.
     
  15. Aroth

    Aroth GBAtemp Addict
    Member

    Joined:
    Apr 14, 2015
    Messages:
    2,066
    Country:
    United States
    That's great. It means you can effectively just compare to the 9.0 SOAP and ignore CVer and the Home Menu.
     
  16. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Perhaps I overlook something, but after the first pass every title looks like its in the correct version. (Except the two ones you mentioned). What was the title not properly downgraded you saw? Perhaps there's more titles than needed? They really looked fine to me.
     
    Last edited by Urbanshadow, Jan 13, 2016
  17. Aroth

    Aroth GBAtemp Addict
    Member

    Joined:
    Apr 14, 2015
    Messages:
    2,066
    Country:
    United States
    I misread it I think. I was looking at the DS Cart Whitelist and noticed it was the latest version, and for some reason thought it had been updated in 9.7 so I assumed it must not have gotten downgraded. Needless to say the last update to that title was in 7.0.

    Sounds like if you delete the titles I mentioned originally you should be good. Still have no idea how you ended up with the USA and JPN versions of the amiibo settings application.
     
  18. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    No, don't had those titles in my system ever. I just stepped into that list on the net (that I have already removed) and checked every title on it.

    I deleted 00040030000B902 and 0004001B0019002. Sysnand boots ok. Thank you very much for your help. Now I plan to move on onto the native_firm thing on emunand. Not sure what to do, though.
     
  19. Aroth

    Aroth GBAtemp Addict
    Member

    Joined:
    Apr 14, 2015
    Messages:
    2,066
    Country:
    United States
    You can probably remove 000401300004002 (o3ds nfc sytem-module) as well since it was introduced with 9.3 and didn't exist on 9.2 systems.
     
  20. Urbanshadow

    OP Urbanshadow GBAtemp Maniac
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,490
    Country:
    Ok, did it and sysnand works. Any help on the emunand issues?
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Dissecting, downgraded, Witchhunt]