Okay, before anyone tells me this isn't possible and didn't happen, listen to this: I bought a N3DS XL running on sysnand 9.0 and installed gateway emunand on it. I installed a bunch of CIA files and even a custom Jibanyan theme! (Unlinked NANDs of course) Everything was going awesome, but then the regular N3DS exploit came out, so I decided to gift the N3DS XL to my little sister. At this point I had emunand still installed on the 3DS XL SD card when I gave it to her. I then formatted sysnand and cleaned up the system, making it look as new as possible to gift it to her. This is where it gets real. She opens up the N3DS XL and sets it up like normal. Then the homescreen shows up. The Jibanyan JPN only theme is still installed on a US N3DS XL SysNAND. My first though was "Wait. What? THAT SHOULDN'T BE POSSIBLE. How did EmuNAND cross over to SysNAND!?" She was excited because she loves Yokai Watch, so I figured it was a plus. Then came the next step : We updated SysNAND to 9.6 and the Jibanyan JPN theme was still there. BUT SYSNAND DOESN'T LET EXPLOITS RUN? ESPECIALLY NOT UNSIGNED CODE? This is where I'm stuck at... HOW DID THIS HAPPEN!? Sad part now is that she saved the theme under theme manager, then tried to load it and it spit back the error of "Cannot load theme". So as of right now, Jibanyan is dead, but his custom theme still shows up under saved themes. Can anyone chime in on how this is even possible, and if there's any way to force the saved theme to load? tl;dr: Custom JPN theme that was installed on unlinked EmuNAND, was somehow installed on US SysNAND, then SysNAND was updated to 9.6, and the theme was still there. How did this happen? Here's a picture for what I'm talking about: Bumping for any response! I really want to know what happened here.
But I entered the shop and even downloaded demos. The theme was still there. It only went away when she tried to load it up as a saved theme.
This probably has something to do with the theme cache. It is currently loaded into the cache and thus will continue to work without checks. Pretty sure this is why you can have custom themes on sysNAND through NINJHAX.
Maybe because they don't plan on using it for anything but retail carts? Makes all the sense in the world to me.
I've been noticing, that if you format emuNAND to unlink the NANDs, every new emuNAND you make (and format) has the exact same ID (Thus will inherit the other's extdata, including themes). So, if you format emuNAND, and then format sysNAND, you will have the same ID and extdata foler on the SD card, thus they will be linked again.
That actually explains a lot! Essentially you could totally get a custom theme like that on the newest FW. I mean, you wouldn't be able to change it, but still! Only bummer now is if there's any way to recover it....
It seems that custom themes are stored in the Nintendo 3DS folder as I removed all of Ninjhax and the theme still works on my N3DS in sysNAND.
So in other words unique firmware IDs are not generated randomly but deterministically? Reformatting either one or the other will have them go through the same new IDs in the same order?
