Hacking Downgraded emuNAND

D

dubbz82

Well-Known Member
Member
Level 7
Joined
Feb 2, 2014
Messages
1,572
Trophies
0
Age
41
XP
1,215
Country
United States
I k
ichichfly said:
well in there 2.0 b2 there was one check that triggered the brick code in the firm code also there is a way to trigger that brick code in the menu in 2.1 (it is now better obfuscated in 2.1). There are also checks in the firm in 2.1 but I don't know where it ends as it is better obfuscated but I think it end up in the brick install.

add Better safe than sorry
Click to expand...


If it did check NAND checksums, every time a new update came out, EmuNAND would break...
 
ichichfly

ichichfly

Well-Known Member
Member
Level 7
Joined
Sep 23, 2009
Messages
619
Trophies
1
XP
1,076
Country
Gambia, The
dubbz82 said:
I k


If it did check NAND checksums, every time a new update came out, EmuNAND would break...
Click to expand...
Well I have no idea why but a part of the checksum was in an array that depends on data that gets loaded from the NAND it is not much but well it looks like that one part is always the same currently I don't know if it stay the same in Data before 4.X also some patches break when the plates are not found (using any other menu Version).

also the NATIVE_FIRM is always loaded form the Launcher.dat
 
D

dubbz82

Well-Known Member
Member
Level 7
Joined
Feb 2, 2014
Messages
1,572
Trophies
0
Age
41
XP
1,215
Country
United States
My guess is still worst case scenario, the emuNAND breaks...either way though, it should be an interesting experiment :)
 
Bond697

Bond697

Dies, died, will die.
Member
Level 4
Joined
Jun 7, 2009
Messages
350
Trophies
0
Age
39
Location
CT
XP
464
Country
United States
ichichfly said:
well in there 2.0 b2 there was one check that triggered the brick code in the firm code also there is a way to trigger that brick code in the menu in 2.1 (it is now better obfuscated in 2.1). There are also checks in the firm in 2.1 but I don't know where it ends as it is better obfuscated but I think it end up in the brick install.

add Better safe than sorry
Click to expand...


where in their firm code/patches/payloads is there brick code? an address is fine. we found it in the launcher, but i don't recall seeing it in their supplied firm0.
 
Apache Thunder

Apache Thunder

I have cameras in your head!
Member
Level 17
Joined
Oct 7, 2007
Messages
4,434
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,813
Country
United States
Does the mmset exploit even exist in the old 1.1 firmware? Some exploits show up as a result of a firmware update, and not necessarily something that crops up on a launch console at release. :P

There's two stages to the current exploit I believe. Even if the msett exploit exists in 1.1, the ROP chain exploit used later to load custom code might not work in that old a firmware. You'd basically be back at square one and have to search for a new exploit all over again. You're better off updating to 4.5 using a retail cart that requires it.

The current 4.5 exploit gives us pretty much all access to the console. Having an older firmware wouldn't give you more unless there's an exploit in the non-rewritable bootrom area (the area that probably stores the private encryption key). But even then, if a method is found to get that key, it could probably be done from 4.5 or newer exploit anyways... :P
 
L

loco365

Well-Known Member
OP
Member
Level 12
Joined
Sep 1, 2010
Messages
5,457
Trophies
0
XP
2,927
Apache Thunder said:
Does the mmset exploit even exist in the old 1.1 firmware? Some exploits show up as a result of a firmware update, and not necessarily something that crops up on a launch console at release. :P

There's two stages to the current exploit I believe. Even if the msett exploit exists in 1.1, the ROP chain exploit used later to load custom code might not work in that old a firmware. You'd basically be back at square one and have to search for a new exploit all over again. You're better off updating to 4.5 using a retail cart that requires it.

The current 4.5 exploit gives us pretty much all access to the console. Having an older firmware wouldn't give you more unless there's an exploit in the non-rewritable bootrom area (the area that probably stores the private encryption key). But even then, if a method is found to get that key, it could probably be done from 4.5 or newer exploit anyways... :P
Click to expand...

I know that it probably won't work on 1.1. I plan to back up 1.1 and upgrade to 4.X, then install an emuNAND with 1.1.
 
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,343
Trophies
4
Location
Space
XP
13,927
Country
Norway
Team Fail said:
So I managed to score a 1.1.0 3DS on Kijiji the other day, and I'm going to be paying for it next week. I'm thinking on doing the SD NAND mod to back up the 1.1 NAND so I can downgrade to it whenever, however, I'd like to try doing something different as a workaround, if that's possible. What I'd like to do, is set up an emuNAND, then take the emuNAND that the Gateway launcher made (That would have 4.X), and replace it with the 1.1 NAND (Mostly for the OK GO video) I made manually.

Has anyone tried this, and would something like this work properly? Or would the emuNAND break catastrophically?
Click to expand...
I don't think anyone has tried it, but it's plausible. I doubt anyone has even thought to try it, as it's not terribly useful.
Some things will definitely be broken, and the emuNAND may not work at all. Gateway's patches most definitely won't work but if you can do without the things those enable (and it doesn't completely break the firmware when they are not working) then it could work for your purposes.

As you would have a hardware NAND dumping setup anyway recovering from a brick caused by Gateway's code like ichfly explained would only be an inconvenience.

But the question is, why? Why would you go through all tha trouble just to watch a video that you can watch right now without any of that hassle? The video's not that great that it's worth keeping and watching over and over.
 
L

loco365

Well-Known Member
OP
Member
Level 12
Joined
Sep 1, 2010
Messages
5,457
Trophies
0
XP
2,927
The Real Jdbye said:
I don't think anyone has tried it, but it's plausible. I doubt anyone has even thought to try it, as it's not terribly useful.
Some things will definitely be broken, and the emuNAND may not work at all. Gateway's patches most definitely won't work but if you can do without the things those enable (and it doesn't completely break the firmware when they are not working) then it could work for your purposes.

As you would have a hardware NAND dumping setup anyway recovering from a brick caused by Gateway's code like ichfly explained would only be an inconvenience.

But the question is, why? Why would you go through all tha trouble just to watch a video that you can watch right now without any of that hassle? The video's not that great that it's worth keeping and watching over and over.
Click to expand...

Well, it'd probably be more than just the video, since from there, I can use any firmware for various flashcards as well.
 
  • Like
Reactions: JayRo
L

loco365

Well-Known Member
OP
Member
Level 12
Joined
Sep 1, 2010
Messages
5,457
Trophies
0
XP
2,927
Well, I guess with all the hassle that is setting up this emuNAND, I'm just going to stick to keeping an emunand of 4.1. I just picked up the 3DS and I've so far updated it to 2.2U, I don't have any 4.X games besides Animal Crossing, which has 4.5 and won't work with my AK2i.
 
Z

zhdarkstar

Well-Known Member
Member
Level 5
Joined
Jan 30, 2008
Messages
573
Trophies
1
XP
566
Country
United States
Team Fail said:
Well, I guess with all the hassle that is setting up this emuNAND, I'm just going to stick to keeping an emunand of 4.1. I just picked up the 3DS and I've so far updated it to 2.2U, I don't have any 4.X games besides Animal Crossing, which has 4.5 and won't work with my AK2i.
Click to expand...

I just checked http://3ds.essh.co/ and found a bunch of games that come with 4.1 on them. If you don't have any of those games, then you can go to your local used game store and use a little social engineering to get your 2.2 3DS updated if they have any of the games on the list. All you gotta do is ask them if you could test the cartridge out to make sure that it works properly. Insert cart, update to 4.1, hand cart back to clerk with excuse that you didn't want the game after all.
 
L

loco365

Well-Known Member
OP
Member
Level 12
Joined
Sep 1, 2010
Messages
5,457
Trophies
0
XP
2,927
zhdarkstar said:
I just checked http://3ds.essh.co/ and found a bunch of games that come with 4.1 on them. If you don't have any of those games, then you can go to your local used game store and use a little social engineering to get your 2.2 3DS updated if they have any of the games on the list. All you gotta do is ask them if you could test the cartridge out to make sure that it works properly. Insert cart, update to 4.1, hand cart back to clerk with excuse that you didn't want the game after all.
Click to expand...
I have friends that have 4.1 games, so I'll probably bug them tomorrow.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    Nah just eat floor crumbs
  • HiradeGirl @ HiradeGirl:
    Juan's floor crumbs were always rat fur
     +1
  • BigOnYa @ BigOnYa:
    Change from real cheese, to government cheese, you'll save some money.
     +1
  • K3Nv2 @ K3Nv2:
    Gotta get that government cheese one new laptop a year
     +1
  • K3Nv2 @ K3Nv2:
    Fucking Biden making us pay full internet prices
     +1
  • BigOnYa @ BigOnYa:
    Of course there is always, OnlyFans, or a GoFundMe, to raise some money.
  • HiradeGirl @ HiradeGirl:
    @BigOnYa are you on OnlyFans?
  • K3Nv2 @ K3Nv2:
    He gets his ramming funds from onlyfans
  • BigOnYa @ BigOnYa:
    Yea but my total income is negative, lol
  • HiradeGirl @ HiradeGirl:
    I would pay for watching someone eat food from the floor.
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, stop spending the videos' budget on food
  • BigOnYa @ BigOnYa:
    No I've never even been to the site(honestly) but have heard of it
  • K3Nv2 @ K3Nv2:
    I'm half way at my savings for a new move
  • BigOnYa @ BigOnYa:
    Like a karate move? The flying dragon is cool.
  • HiradeGirl @ HiradeGirl:
    @BigOnYa if you've never been to the site how do you know about its contents?
  • Xdqwerty @ Xdqwerty:
    Can he do a shoryuken?
  • Xdqwerty @ Xdqwerty:
    @HiradeGirl, cuz of people mentioning it everywhere
     +1
  • HiradeGirl @ HiradeGirl:
    Someone here introduced me to it. Not gonna say who.
  • BigOnYa @ BigOnYa:
    Everybody knows what that site about, and you can't read normal news anymore without hearing about it
  • HiradeGirl @ HiradeGirl:
    But it's degrading and disgusting.
  • Xdqwerty @ Xdqwerty:
    @HiradeGirl, was it Juan?
  • HiradeGirl @ HiradeGirl:
    Juan who?
  • BigOnYa @ BigOnYa:
    Its just seductive pics right? I mean they don't show nudity, do they?
  • Xdqwerty @ Xdqwerty:
    @HiradeGirl, you know who is juan
  • ZeroT21 @ ZeroT21:
    isn't onlyfans just another creepy site of fake AI generated ''women''?
    ZeroT21 @ ZeroT21: isn't onlyfans just another creepy site of fake AI generated ''women''?