Hacking [GUIDE] Upgrading 8.1.0-0J to 9.2.0-20J

[Ronhero]

Anyone here good at making android apps? I'm thinking it be easier and safer to distribute

 

[Bug_Checker_]

I should be releasing it soon, I successfully updated 8.1 emu to 9.1. I am looking for a private server to host that isn't my work server

Once on 9.1 there is no difference between 9.1 and 9.2. All available entry points available on 9.2 are the same on 9.1

Even though yellows8 missed the JPN region(for New3ds 9.2.0-20j), old3ds and New3ds(USA[E] and EUR P ) had changes only to Home Menu and CVer files.
It is reasonable to assume that JPN only had changes to theses files,also.

Sources:
http://3dbrew.org/wiki/9.2.0-20
http://yls8.mtheall.com/ninupdates/reports.php?date=10-29-14_08-05-02&sys=ctr
http://yls8.mtheall.com/ninupdates/reports.php?date=10-29-14_08-05-02&sys=ktr

 

[Ronhero]

Even though yellows8 missed the JPN region(for New3ds 9.2.0-20j), old3ds and New3ds(USA[E] and EUR P ) had changes only to Home Menu and CVer files.
It is reasonable to assume that JPN only had changes to theses files,also.

Sources:
http://3dbrew.org/wiki/9.2.0-20
http://yls8.mtheall.com/ninupdates/reports.php?date=10-29-14_08-05-02&sys=ctr
http://yls8.mtheall.com/ninupdates/reports.php?date=10-29-14_08-05-02&sys=ktr

Yea well if anyone is really that anal about it you can always update to 9.2 if you know were to find the cia. Personality I see no point when you're just going to update emunand to 9.5 or region swap

 

[TheShadowRunner]

It's not being anal, if indeed you found a method to update to 9.1, plz just go the extra step to 9.2.
Didn't my link help?
While you don't see the point, N clearly did otherwise they wouldn't have bothered releasing 9.2.
Again even if it's the slightest change, might as well go for it.

 

[Ronhero]

It's not being anal, if indeed you found a method to update to 9.1, plz just go the extra step to 9.2.
Didn't my link help?
While you don't see the point, N clearly did otherwise they wouldn't have bothered releasing 9.2.
Again even if it's the slightest change, might as well go for it.

It would just take me a lot of editing to get the xml file working, what you're saying is that everyone in the US with 9.0 firmware should update to 9.2 for "additional security features" it just seems silly. Plus with emunand do you really need to update? I'll send you the XML if you want to edit it but the idea is 8.1 is a wash and anything between 9.0-9.2 is identic enough that they share the same entry points and in reality that's all that really matters

 

[cultopi]

It's not being anal, if indeed you found a method to update to 9.1, plz just go the extra step to 9.2.
Didn't my link help?
While you don't see the point, N clearly did otherwise they wouldn't have bothered releasing 9.2.
Again even if it's the slightest change, might as well go for it.

People who got 9.0U didn't even care to update to 9.2U. 9.1J is good enough, they can use entry points in 9.1J to update to 9.2J if they want. If 9.2J has higher security than 9.1J, i would choose to stay at 9.1J incase more entry points come out.

 

[Ronhero]

People who got 9.0U didn't even care to update to 9.2U. 9.1J is good enough, they can use entry points in 9.1J to update to 9.2J if they want.

Ha beat you by 3 seconds

 

[Bug_Checker_]

I will edit this post later(sometime in the not too distance future)
http://gbatemp.net/threads/guide-upgrading-8-1-0-0j-to-9-2-0-20j.384960/page-20#post-5813409

What I was trying to say earlier was almost everything necessary to upgrade a launch day New3DS JPN version happened in 9.0.0-20j.

Only Home Menu and CVer (just 2 files) each changed together in 9.1.0-20j and 9.2.0-20j. Literally, that is all. Nothing else did. You would most likely not miss out on anything significant if you just did 9.0.0-20j.

 

[Ronhero]

I will edit this post later(sometime in the not to distance future)
http://gbatemp.net/threads/guide-upgrading-8-1-0-0j-to-9-2-0-20j.384960/page-20#post-5813409

What I was trying to say earlier was almost everything necessary to upgrade a launch day New3DS JPN version happened in 9.0.0-20j.

Only Home Menu and CVer (just 2 files) each changed together in 9.1.0-20j and 9.2.0-20j. Literally, that is all. Nothing else did. You would most likely not miss out on anything significant if you just did 9.0.0-20j.

Exactly my point, plus emunand is what you will be using anyways so it really doesn't matter

 

[dark_samus3]

Exactly my point, plus emunand is what you will be using anyways so it really doesn't matter

The main point of doing 9.1 is for theme support for J since this was only added in 9.1 for them... However I do see the point of "if they want to do it then just update with sysupdater"

 

[Ronhero]

The main point of doing 9.1 is for theme support for J since this was only added in 9.1 for them... However I do see the point of "if they want to do it then just update with sysupdater"

Are you sure? 8.1 had themes but no public payload, 9.0 was a JPN addition I thought and had no problems

 

[dark_samus3]

Are you sure? 8.1 had themes but no public payload, 9.0 was a JPN addition I thought and had no problems

9.0 was the first version to have themes for everywhere except Japan which was 9.1 afaik

 

[Tokiopop]

9.0 was the first version to have themes for everywhere except Japan which was 9.1 afaik

8.1j has themes

 

[dark_samus3]

8.1j has themes

Huh weird

 

[Ronhero]

Huh weird

The problem with 8.1 is the lack of a public payload

 

[enarky]

Any news on the update situation? All I'm reading on the last few pages that there's "a new method that works", but has anyone actually successfully updated his 8.1.0-0J N3DS to 9.x?

 

[Syphurith]

Current public tools that important for 8.x: GW, NTR(CubicNinja, Ninjahax 1.1b) or even themehax for N3ds.

Spoiler: Analyze?

Problem
1.GW would involve firmlaunch, so if update sysnand with GW and sysupdator -- BRRRICK. Luckily, that is recoverable.
2.yifan_lu used a customized update server to do this before, however the old server is down. No pratical way to rebuild the whole. (yes just those sh*t SOAP)

Ways
As collected update methods from 8.1 to 9.2
1.Grab enough CIA to rebuild a customized server. Use NTR to change the link and update. The ever succeeded way.
2.Use Sysupdator, this requires no firmlaunch. However It might need to launch Ninjahax 1.1b to run any CFW first.
So Use gw to install browser set SKY for ninjahax 1.1b and launch old pasta to use sysupdator. Sounds most possibility.
3.Use Cart. However the update package is incomplete, and no 9.0-9.2 games for JPN region.
4.NEW- Customized cart update partition, requires sig-patch. So it seems no sense.
5.NEW- Use some certain DownloadPlay games that can pass the update package contained inside the 3DS/CCI, update others. Not sure if the other would accept such CFA, but it should accept the plain_text cup_list and properly signed CIAs, If only contents get transferred.
6.NEW- Possible via NAND injection, however they must have xorpad of FAT16. So not much useful.
0.EmuNAND to NAND. you must mind the gap between these two NANDs, i doubt if there is any offset differences. Tended to work for other situations before.

Spoiler: HardMod+GW

Note, if your would like to take the risk and preform a EmuNAND to NAND. You would need GW and Hardmod.
Cause this is really risky, i do ask you to have a HardMod and valid NAND dumps first before ever think of trying this.

Routine A1 - Preparation
1.Dump NAND, several times with hard-moded one to get a correct one. (For example, dump 10 times, and 8 of them have the exact CRC32+MD5 checksum. So you can just flash this one back if needed).
2.And dump NAND through GW. Compare the two files, oh maybe you've already know the difference if you are good at finding things on web.
3.Format EmuNAND with GW, and extract it out with EmuNandTool. Compare this with the GW NAND dump.

Routine A2 - Preparation, alternative
1.Dump NAND, i suggest you do this at least for 10 times. And you can pick out a valid one after collecting all those checksums of CRC or MD5.
2.Dump NAND with GW. Format the EmuNAND.
3.Use MultiNandCreator by @DarkMatterCore. Inject the valid NAND dump into EmuNAND Partition.

Routine B - Update EmuNAND
4.Get a package of all those update CIAs from that iso site, i personally suggest you to use 9.2.0-20. And store those into SD, with BigBlueMenu CIA. Place devMenu.3ds to GW.
5.Use GW to launch EmuNAND, with "ARROW-UP" hold until it launched. Enables update.
6.Use GW devmenu.3ds to Install BigBlueMenu CIA into EmuNAND. Then launch it.
7.Use BBM to install the whole folder of CIAs of the update package. Yes, L+R+A.
8.DON'T press Home!. After installed all those, just hold POWER to shut it down.
9.Launch the GW EmuNAND again, to have it fully initialized. Then power off.

Routine C1 - To flash it back
10.Dump EmuNAND. Checking the offset, fix the EmuNAND image to HardMod Dump format if needed.
11.Ensure you have a valid HardMod NAND Dump first. Flash the modified EmuNAND binary back to System.

Routine C2 - To flash it back, alternative.
10.Dump EmuNAND. Checking the offset, fix the EmuNAND image to GW SoftDump format if needed. Save it as NAND.bin and place it to SD root.
11.Launch GW Menu. Hold "ARROW-UP" when enter the last option (Downgrade). And, yes "DownGrade".

Routine D - Checks
12.Now, power on the console, to see if the 9.x is ready for you. Keep your original NAND HardMod dump.
13.If it failed, you can flash the original HardMod Dump back to restore it. That's why you must have HardMod now

Indeed i would like to see someone build the customized server again and release the tools needed. I already have all those CDN files for 9.2.0-20J from update CIAs, however i know nothing about how to build the SOAP correctly. If you need to have all those CDN files you can get the update package from that iso site, and search for the "Encrypted System Update CDN CIA Unpacker". The thing mentioned above is really risky and i don't want to see anyone brick the one he own. So if custom server can be built they can safely use NTR to modify the link and upgrade, without GW.

 

[Ronhero]

Your methods won't work; there are no public 8.x payloads. The soap server does work because ntr doesn't use firmlaunch.

You can hoast the server yourself like I did on your local server or wait till I can find the time and resources to hoast it.

Personally I would like someone with some programming skills to make an android app since it be easier

 

[uyjulian]

Question: do you need to unblock nintendo update servers in order to use this update method? I keep on getting error and I don't want to accidentally update somebody's 3DS.
This is what I put in the NTR debugger:

write(0x15E424, tuple(map(ord, "http://192.168.2.2:8000/ss.php\0")), pid=0x25)
write(0x15E0EC, tuple(map(ord, "http://192.168.2.2:8000/GASR.xml\0")), pid=0x25)
write(0x15E463, tuple(map(ord, "http://192.168.2.2:8000/GASR.xml\0")), pid=0x25)

Update process seems to hit GetSystemTitleHash, then error appear on the n3ds:

<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><GetSystemTitleHashResponse xmlns="urn:nus.wsapi.broadon.com"><Version>$Version</Version><DeviceId>$DeviceID</DeviceId><MessageId>$MessageID</MessageId><TimeStamp>$TimeStamp</TimeStamp><ErrorCode>0</ErrorCode><TitleHash>7E745F7B67D553BEA847859404790C94</TitleHash></GetSystemTitleHashResponse></soapenv:Body></soapenv:Envelope>

(yes, $variables were replaced with identifying information)

The archive below contains every file I'm using, except the update files extracted with UnpackCdnCia (those are copyrighted..)

 

[Ronhero]

You just need to rewite the xml files to point at your server not nus