Hi,
This tutorial will help you to play legit cias (and only legit cias) without a 3ds flashcart.


I With PBT-CFW (Sysnand):

1. Start the cfw and install the legit(s) cia(s).
2. Backup your sd content.
3. Get the gateway launcher.dat, put it on your sd card, go to the gateway menu and select "format emunand"
4. Update the created emunand, for that you can use :
- rxTools (compatible with go gateway app)
- or the mt-card launcher.dat : https://gbatemp.net/threads/tutorial-4-5-sysnand-4-5-cfw-9-4-emunand-without-gateway.378721/ (part1, you don't need to do the steps 3 and 5 again). It works with the DS Exploit, but it's buggy on 9.5 (doesn't work anymore since the 9.6 update).
5. Restore your sd-card contents.
6. Start the updated emunand with rxTools, and enjoy.

If you want to add new legit cias after that :
1. Install them on your sysnand
2 . Backup your sysnand's ticket.db with rxTools then inject it in the emunand.

II With Palantine CFW (RedNAND):

1. Download this pack : http://jheberg.net/captcha/3ds-dualnand-v05-3/
2. Start the cfw and install the legit(s) cia(s).
3. Backup your sd content.
4. Go to the 3ds-dualnand_v0.5 folder and run 'Extract emuNAND 1.bat' as admin.
5. Then run 'Inject emuNAND 1.bat' as admin.
6. Finally run 'Inject RedNAND 2.bat' as admin. Be careful, this will format your sd card without your confirmation.
7. Restore your sd-card contents and replace your current boot.bin with the one in the 3ds-dualnand_v0.5.
8. You have now two emunands on your sd card : a normal emunand you can use with rxTools and the cfw redNAND. Use rxTools to update the first one.
9. Start the updated emunand with rxTools, and enjoy.


If you want to add new legit cias after that :

1. Install them with the cfw
2. Connect your SD Card to your PC
3. Go to the 3ds-dualnand_v0.5 folder and run 'Extract emuNAND 2.bat' as admin.
3. Run 'Inject emuNAND 1.bat' as admin.
4. Re-update your emunand with rxTools

Or

1. Install them with the cfw
2. Connect your SD Card to your PC
3. Backup your rxTools emunand with emunand tool
3. Go to the 3ds-dualnand_v0.5 folder and run 'Extract emuNAND 2.bat' as admin.
3. Run 'Inject emuNAND 1.bat' as admin.
4. Dump your emunand's (which is the cfw rednand at this point) ticket.db with rxTools.
5. Restore your rxTools emunand with emunand Tool
6. Inject the ticket.db to your emunand with rxTools.

 

[narutonic]

IT'S A PRE INSTALLED GAME. BUNDLED GAME .
Preinstalled by Nintendo on console bundle.

You can install it with pbt and play it on sysnand.

 

[weatMod]

IT'S A PRE INSTALLED GAME. BUNDLED GAME .
Preinstalled by Nintendo.

ok so you mean it's a dump of a preinstalled game from another console then?
and it will work ona different console than the one it was preinstalled on

but i still dont understand why game that was preinstalled by nintendo would be different than a game ,say a game that has a cart version that was bought and installed through the eshop
you are saying that preinstalled games have or use a different ticketing system than a cia bought from the eshop?

what happens if someone deletes a preinstalled game then reinstalls it again through the eshop then?
it uses another ticketing system and if you dump it after you re download it it's no good for this?

what is preventing other game CIA that are not preinstalled and just bought from the eshop from working on CFW?
we can do it with games that don't need 7.x encryption right? so what is the difference?

 

[narutonic]

We can says the ticket of that pre installed game is generic.
And yes the ticket is different than a game bought from the Eshop.

I don't know if when we deleted a pre installed game and download it after will change something

All game(eshop etc) will work on CFW(Game with 7.X encryption not included)
We cant transform a non legit cia in a legit cia

A legit CIA can be launch from the sysnand.(but before you habe to install it with PBT cfw)

 

[weatMod]

We can says the ticket of that pre installed game is generic.
And yes the ticket is different than a game bought from the Eshop.

I don't know if when we deleted a pre installed game and download it after will change something

All game(eshop etc) will work on CFW(Game with 7.X encryption not included)
We cant transform a non legit game in a legit game

yes that is what i am wondering has anyone figured out why we can't change normal games to this format?

and so these have to be 1st installed to sysnand with PBT
then you can backup sysnand after you install it
create a new sysnand backup on another SD, then format it to emunand

then just use emunand tool to inject the backup sysnand with the installed game into the other formatted emunand partition and then it will run from emunand?

 

[narutonic]

I think it's impossible to do something like that.

Yep good deduction.

 

[NeoSlyde]

We just need that f*cking ticket.db from pokemon Rosa and we can create pokemon Rosa legit cia
Maintenon ta geulle

 

[narutonic]

We just need that f*cking ticket.db from pokemon Rosa and we can create pokemon Rosa legit cia
Maintenon ta geulle

Pourquoi tant de violence ?
Je cherche désespérément quelqu'un avec une 2DS avec un jeu pokemon pré installé...

 

[NeoSlyde]

Pourquoi tant de violence ?
Je cherche désespérément quelqu'un avec une 2DS avec un jeu pokemon pré installé...

Moi aussi

 

[laharl22]

Moi aussi need pokemon avec mon emunand rxtool

 

[NeoSlyde]

Bordel le j'ai trouvé un mec qui avait le bundle 2ds pokemon Rosa mais il a Maj :'(

 

[narutonic]

Non , putain cette rage !
Il reste un moyen c'est de faire un Transfert de données.

 

[dela]

Guys write in English:-)

 

[NeoSlyde]

Guys write in English:-)

Ok mamamia

 

[dela]

For me there is no problem, i studied french at school, but being in an international forum, i dont think everybody know french.
However you spell "mamma mia" not "mamamia"

 

[vastrolorde]

very bad tutorials.

Just use Rxtool with the PBT cfw.

Launch the PBT cfw with L
Install the devmenu
Press the button Power and back to the home menu
Wrap the gift launch the DEVmenu
Install the game

When finished turn off your console
Plug you'r sd card on you'r PC and do a backup .
Put the gateway launcher on it and set up a emunand.

Replace the backup of your sd on the card
Put the slot0x25KeyX.bin on your SD Card (be sure you replace the "0" by the 7.0 key (on the giovanify site)
launch RxTool with the following Qr Code

Launch RxMode.
Go in system setting and normally you will see RX-E(munand)
And update .

THe console will restart in SysNand.
Rescan the Qr Code launch Rx Mode and you will be in emunand 9.5 without bug , with my working SSB.

i have a question regarding rxtools, i have palantine cfw emunand and 4.2 sysnand and rxtools installed on my 3ds sd card, but everytime i go into RX mode and when i checked settings i always see RX-S means sysnand right? so how am i able to boot it on emunand aka: RX-E. hope someone could help. Thank's in advance guys!

 

[cearp]

ok so you mean it's a dump of a preinstalled game from another console then?
and it will work ona different console than the one it was preinstalled on

but i still dont understand why game that was preinstalled by nintendo would be different than a game ,say a game that has a cart version that was bought and installed through the eshop
you are saying that preinstalled games have or use a different ticketing system than a cia bought from the eshop?

what happens if someone deletes a preinstalled game then reinstalls it again through the eshop then?
it uses another ticketing system and if you dump it after you re download it it's no good for this?

what is preventing other game CIA that are not preinstalled and just bought from the eshop from working on CFW?
we can do it with games that don't need 7.x encryption right? so what is the difference?

it doesn't use a different ticketing 'system'.
if you delete your preinstalled game, and redownload it from the eshop... nothing happens, why do you ask? it does not use a different ticketing system.

the reason we cannot play any warez without stuff like gw is because the signature does not match up...
but for the universal 'legit' CIA that is built in the correct way (like with my tool FunkyCIA) - the signature does match up.

yes that is what i am wondering has anyone figured out why we can't change normal games to this format?

and so these have to be 1st installed to sysnand with PBT
then you can backup sysnand after you install it
create a new sysnand backup on another SD, then format it to emunand

then just use emunand tool to inject the backup sysnand with the installed game into the other formatted emunand partition and then it will run from emunand?

we cannot 'figure out' anything, the only thing to 'figure out' is the digital signature key nintendo uses to sign content. if we had that we can do anything basically, we can make homebrew look like legit files, it would run without the need to patching the system, etc etc.

if you have any questions about this just ask

 

[dela]

The palantine cfw has the partition allocated to another address than the gateway, rxtools works with emunand gateway (but even that should mtcard) then look for the partition gateway.

 

[narutonic]

it doesn't use a different ticketing 'system'.
if you delete your preinstalled game, and redownload it from the eshop... nothing happens, why do you ask? it does not use a different ticketing system.

the reason we cannot play any warez without stuff like gw is because the signature does not match up...
but for the universal 'legit' CIA that is built in the correct way (like with my tool FunkyCIA) - the signature does match up.




we cannot 'figure out' anything, the only thing to 'figure out' is the digital signature key nintendo uses to sign content. if we had that we can do anything basically, we can make homebrew look like legit files, it would run without the need to patching the system, etc etc.

if you have any questions about this just ask

Thanks for the reply it's seems i misunderstanding a lot of things ...

i back studi english.

 

[weatMod]

it doesn't use a different ticketing 'system'.
if you delete your preinstalled game, and redownload it from the eshop... nothing happens, why do you ask? it does not use a different ticketing system.

the reason we cannot play any warez without stuff like gw is because the signature does not match up...
but for the universal 'legit' CIA that is built in the correct way (like with my tool FunkyCIA) - the signature does match up.




we cannot 'figure out' anything, the only thing to 'figure out' is the digital signature key nintendo uses to sign content. if we had that we can do anything basically, we can make homebrew look like legit files, it would run without the need to patching the system, etc etc.

if you have any questions about this just ask

wait you are not making any sense you just said

"but for the universal 'legit' CIA that is built in the correct way (like with my tool FunkyCIA) - the signature does match up."

seems like you are saying your tools can sign any CIA and make it legit even eshop CIA

"we cannot 'figure out' anything, the only thing to 'figure out' is the digital signature key nintendo uses to sign content. if we had that we can do anything basically, we can make homebrew look like legit files, it would run without the need to patching the system, etc etc.
"
now seems like you are saying it can't, which one is it?
what i am asking is how is a preinstalled CIA different from a eshop CIA?
and why would nintendo make the preinstalled ones "legit" or "universally signed" whatever those terms even mean
and not make the ehop CIA's work the same way?
seems like eshop CIA's have a ticket that locks the game to your console with a ticket and GW and palantine can bypass the ticket checks , but on CFW no 7.x encryption checks can be bypassed
and that preinstalled CIA's dont have any ticket and are not locked to a specific console
buy why would nintendo do that, use tickets for one an dot for the other,or sign the 2 types differently?

 

[cearp]

wait you are not making any sense you just said
"but for the universal 'legit' CIA that is built in the correct way (like with my tool FunkyCIA) - the signature does match up."
seems like you are saying your tools can sign any CIA and make it legit even eshop CIA

i'm making sense, you are just thinking about it too much.
i never said FunkyCIA signs anything. it can only make the 'legit' universal CIA if you have a preinstalled game. (like i said before)

"we cannot 'figure out' anything, the only thing to 'figure out' is the digital signature key nintendo uses to sign content. if we had that we can do anything basically, we can make homebrew look like legit files, it would run without the need to patching the system, etc etc.
"
now seems like you are saying it can't, which one is it?

i don't really understand the question, don't think about what it 'seems' i am saying, really, i'm not trying to confuse you!

what i am asking is how is a preinstalled CIA different from a eshop CIA?
and why would nintendo make the preinstalled ones "legit" or "universally signed" whatever those terms even mean
and not make the ehop CIA's work the same way?
seems like eshop CIA's have a ticket that locks the game to your console with a ticket and GW and palantine can bypass the ticket checks , but on CFW no 7.x encryption checks can be bypassed
and that preinstalled CIA's dont have any ticket and are not locked to a specific console
buy why would nintendo do that, use tickets for one an dot for the other,or sign the 2 types differently?

the preinstalled CIA has a ticket that is for every console.
when you buy an eshop game the ticket is only for your console.
both have tickets, both are signed the same way.