Hacking [How-to] Spoof firmware (to access eShop and more) on New 3DS and Old 3DS

[vipernig]

Hi all. I am using this method to system transfer from 9.2-20U O3DS to a 9.8-25U and it doesn't want to work. The spoof runs fine but when I get to select the Target 3ds which is my 9.8 N3DS i get the message: an error has occured --> A local wireless error has occured. Canceling transfer. Please try again.

I don't know what to do.

 

[ccfman2004]

Hi all. I am using this method to system transfer from 9.2-20U O3DS to a 9.8-25U and it doesn't want to work. The spoof runs fine but when I get to select the Target 3ds which is my 9.8 N3DS i get the message: an error has occured --> A local wireless error has occured. Canceling transfer. Please try again.

I don't know what to do.

You can't do a transfer between 9.2 and 9.8 as 9.6+ uses a new encryption.

 

[andrew weeks]

then let´s wait until smealum´s birthday

 

[Ronhero]

Just make 9.8 rx emunand and then transfer

 

[vipernig]

You can't do a transfer between 9.2 and 9.8 as 9.6+ uses a new encryption.

Damnnit.... So I have to do an emunand transfer? So my best option is to create emunand. Update that to 9.8. Then do a system transfer. Then format everything on the O3DS. So now my O3DS would be completely clean with 9.2 intact ready to be sold (as an example).

Thanks Ronhero, will look into Rx emunand

 

[AquaX101]

Is it safe to system transfer software from a dsi to a 3ds?

 

[Ronhero]

Damnnit.... So I have to do an emunand transfer? So my best option is to create emunand. Update that to 9.8. Then do a system transfer. Then format everything on the O3DS. So now my O3DS would be completely clean with 9.2 intact ready to be sold (as an example).

Thanks Ronhero, will look into Rx emunand

Yeah just make sure you don't have any unassigned cia files and you boot in clean rx mode

I have also had success with o3ds on 9.3+ doing a system transfer to emunand on another 3ds then use that for system transfer to a n3ds

 

[urherenow]

You can't do a transfer between 9.2 and 9.8 as 9.6+ uses a new encryption.

Makes no sense at all. Everything that transfers is decrypted first. Otherwise it wouldn't work because of the per-console key.

Not to mention that an old3ds doesn't use the new 9.6 crypto than an N3ds uses.

 

[ccfman2004]

Makes no sense at all. Everything that transfers is decrypted first. Otherwise it wouldn't work because of the per-console key.

Not to mention that an old3ds doesn't use the new 9.6 crypto than an N3ds uses.

There is a certain compatibility to do system transfers:

9.0-9.5
9.6-9.8

You can't do a system transfer between these two groups only inside the same group.

 

[BenoitRen]

To updated your o3ds to 9.2, first use 3DNUS to download an exploitable internet browser. Title ID 0004003000009402 (if your 3DS is USA region), Version 4096. Pack as CIA. Put it in the root of your SD card

Then put Cubic Ninja rom on your sky3ds and install the QR Code exploit for your system version (Input your exact system version).

Then, with the ninjhax homebrew launcher, run FBI (link) (extract the 3ds folder to the root of your sd card) and install the CIA you downloaded earlier. Something like 0004003000009402.cia. The install mode should be set to "NAND" I believe.

From there, you can use a cartridge (New revision of Smash bros. for USA) or you can load the ROM into the sky3ds and it should still ask you to update.

Using this method without a Sky3DS but with retail cartridges wiped the browser on my system.

 

[samiam144]

Using this method without a Sky3DS but with retail cartridges wiped the browser on my system.

Whew that was an old post lol.

Your install of the browser probably failed, or you installed it to SD instead of NAND.

Anyways, with FBI 1.4.2 there is no need to even delete the browser first, FBI will just overwrite it. All you have to do is try installing again to NAND, there is no reason it wouldn't work.

 

[BenoitRen]

I did let FBI overwrite it, and I did try installing it again, but it immediately gave an error aboud an invalid argument. I made sure each time that I was installing to NAND. After that I was unable to launch Ninjhax again, leaving me with zero entry points. Full story

 

[samiam144]

I did let FBI overwrite it, and I did try installing it again, but it immediately gave an error aboud an invalid argument. I made sure each time that I was installing to NAND. After that I was unable to launch Ninjhax again, leaving me with zero entry points. Full story

Sorry man, bad luck :/ The purpose of trying to get the exploitable browser to install first (before updating) is so that you still have an en entry point when you update to 9.2
Should have stayed at 4.3 until you can confirm that your web browser was working..

 

[BenoitRen]

I hear you, but in my case it wouldn't have made a difference, because I don't own a 3DS-compatible DS flash card.

 

[samiam144]

I hear you, but in my case it wouldn't have made a difference, because I don't own a 3DS-compatible DS flash card.

Ah I see. Back when I wrote that post, you could only install the mset exploit through either the ds flashcard or a code.bin through the spider exploit (which wouldn't work for you). But FBI now supports installing mset on its own (since about 2 weeks now), you could have used that when you were back on 4.3.

And selecting the ninjhax QR code for 9.2.0-10E doesn't work for you either huh..

 

[kingaz]

I'm on O3DS, firmware 9.2 . I have not updated or anything. I have been accessing the eshop using this exploit, and on Wednesday, I was able to use the exploit to download a demo.

However, after using the exploit, when I tried signing into the eshop, it still prompted me to update my system (which I obviously declined).

What's going on?

Update: Never mind. I tried it again, and bam, it was working. That was really weird.

 

[thaikhoa]

I see, I do have a 9.2.0-10U system.

Is there any way to run that code with my version of the browser?

If not, is it possible to update just my browser? I have a Gateway and Cubic Ninja if that helps.

Edit: Can I just enter GW Mode without Emunand and install the "0004003000009402" Title ID (Browser 20) via FBI?

Downgrade the current fw to 4.x using Gateway launcher. Update to 8.1 using retail gamecard. It will be 8.1.0-8. Format emunand then update emunand to 8.1.0-19 using BBM. Use Emunand tool 1.0.3 to extract emunand, rename to NAND.bin. Restore Nand backing using GW launcher. Your sysnand will be 8.1.0-19. There is no chace to get brick. I did test a lot, other fw version will let to a brick when doing that trick but 8.1.

 

[jonthedit]

This still works for 9.2.0-20U 3DS [old] correct?
I can use this to spoof eshop access and download a game update?
Smash 1.0.8 was downloaded, but load times seem like its broken.

 

[michyprima]

New 3DS -> update to 9.2
O3ds -> manually transfer saves/data from emunand to sysnand
n3ds -> patch and start system transfer
o3ds -> system transfer from sysnand
n3ds -> make new emunand & update to 9.5

I'm trying to import my o3ds ctcert using a modified version of pasta. I found the ctcert residing at those two addresses:
0x01FFB804
0x08096C40

The format they are stored in is different, but both can be found in the o3ds (iirc addresses are a little different for o3ds but who cares)

When I overwrite at the first address, it sticks but when I overwrite the second address and a firmlaunch is performed, the changes get reverted.

Any clue how I can get around this?

(And yes, with only the first patch eshop does not work)

 

[Asia81]

I thought that this thread is dead since Free Multi Patcher.
I'm wrong ?