Hacking N3ds 10.3 EMUNAND testing

[Aroth]

Gateway loads firm in much the same way, only unlike CFWs, they pack the firm into their launcher. (it's obfuscated and encrypted of coarse). Hence why you can't link directly to Gateway's launcher on GBATemp due to the files containing Nintendo files.

So my suspicion about their firm being altered with a spoofed kernel version might be accurate then? I originally figured it was a patch being applied like removing the signature checks, but now I am wondering if it isnt the firmware binary itself that is being altered.

Also, uessing they pack both firms in since N3DS and O3DS use different ones.

 

[TR_mahmutpek]

Any news?

 

[Aroth]

Any news?

Nearest we can tell, OP got EXTREMELY lucky with something. Likely his downgrade doing something funny in my opinion. Either way it doesn't appear to be something that is easily replicated.

My suspicion turned out to be a bust so no luck there either.

 

[Zidapi]

AFAIK the only way to bypass the cart encryptation is with Gateway mode.
Is there a way to repack/spoof a 3DS file?

Not true, attempted this earlier, it threw up and error and kicked me back to sysNAND.

Attempted what?

Attempted to load a clean, unmodified ROM (no spoofing etc) that required a 9.6+ Firmware (10.1 to be specific) on a 9.5 emuNAND in Gateway Mode.

It was implied by you and others that this game (and DBZ/Triforce Heroes) would run in Gateway Mode.

Sorry, I didn't address this earlier with everything that was going on. It may still be relevant to what you're looking into.

 

[Aroth]

Attempted to load a clean, unmodified ROM (no spoofing etc) that required a 9.6+ Firmware (10.1 to be specific) on a 9.5 emuNAND in Gateway Mode.

It was implied by you and others that this game (and DBZ/Triforce Heroes) would run in Gateway Mode.

Sorry, I didn't address this earlier with everything that was going on. It may still be relevant to what you're looking into.

Just to clarify, you loaded a .3ds file of a game that requires 10.1? And it kicked you back to sysnand?

Because to my knowledge no game has shipped yet with 10.1 on the cart. The most recent releases have 9.9.

 

[Asia81]

The picture proof nothing, in this case I can also show mine:

 

[Ninoh-FOX]

I'm in too

 

[Asia81]

So now the fake is spotted, could a mod lock the thread?

 

[Zidapi]

Just to clarify, you loaded a .3ds file of a game that requires 10.1? And it kicked you back to sysnand?

Because to my knowledge no game has shipped yet with 10.1 on the cart. The most recent releases have 9.9.

The retail release of Pokemon Rumble World comes with 10.1 on board.
Currently only available in Japan, an EU release is due this month, no idea about a US release.

It is in full English if your system is, or when forcing the language.

Perhaps this is a unique case?

 

[Aroth]

So now the fake is spotted, could a mod lock the thread?

Problem is its not exactly a fake. He did upload a video showing him entering rxMode emunand with a N3DS and loading a retail cart with 9.6+ on it. That should not work. Even with an update cver to bypass the cartridge update, the game should have hung on the 3ds logo.

--------------------- MERGED ---------------------------

The retail release of Pokemon Rumble World comes with 10.1 on board.
Currently only available in Japan, an EU release is due this month, no idea about a US release.

It is in full English if your system is, or when forcing the language.

Perhaps this is a unique case?

Maybe? I would suggest trying it with a game from the same region. It is also possible that Pokemon Rumble World has something weird going on.

Also for reference, I can load clean rips of my own copy of Tri Force Heroes with GW 9.5 with no issues so.

 

[Toiry921]

Alright another quick update but within my system settings to set up an Internet connection on Emunand and checked NNID settings to see if it's linked to anything I look at my version and this time it's 10.3 without the RxTools prefix
Sidenote: if you aren't gonna be productive and just call it fake and say it's staged then GTFO
Edit:Went to check on internet settings again but now a dupe of my Connection 1 Appeared over the one I just set up
Edit 2: Went back to NNID settings and NNID was unlinked this time and when exited I reached back to my 9.2 what appears to be sysnand
Edit 3: Took another test at the NNID settings was able to log in on emunand then when exited I was brought to the Ver. 10.3.0-28U, Not entirely sure what this is or why it is 10.3

 

[Aroth]

Alright another quick update but within my system settings to set up an Internet connection on Emunand and checked NNID settings to see if it's linked to anything I look at my version and this time it's 10.3 without the RxTools prefix
Sidenote: if you aren't gonna be productive and just call it fake and say it's staged then GTFO
Edit:Went to check on internet settings again but now a dupe of my Connection 1 Appeared over the one I just set up
Edit 2: Went back to NNID settings and NNID was unlinked this time and when exited I reached back to my 9.2 what appears to be sysnand
Edit 3: Took another test at the NNID settings was able to log in on emunand then when exited I was brought to the Ver. 10.3.0-28U, Not entirely sure what this is or why it is 10.3

I do remember reading that one of the nightlies for rxTools had a bug where the RX version string would occasionally be missing. No idea if that means it would read "Ver. 10.3.0-28U" or just "10.3.0-28U", but it sounds like maybe something similar is happening?

Btw, could you link the tutorial you used to set up rxtools after you completed your downgrade?

 

[likearls]

DBZ does not require 9.6+ kernel.
I extracted exheader and comfirmed required kernel version.Also I converted dbz rom to cia without spoof fw and I can play it.

 

[Aroth]

DBZ does not require 9.6+ kernel.
I extracted exheader and comfirmed required kernel version.Also I converted dbz rom to cia without spoof fw and I can play it.

What is the hex value it uses? 3102?

 

[likearls]

What is the hex value it uses? 3102?

2802

 

[Aroth]

2802

And you extracted that from a .3ds file you backed up from your own cart?

Do me a favor, what is the titleid and/or unique identifier for your copy?

 

[likearls]

And you extracted that from a .3ds file you backed up from your own cart?

Do me a favor, what is the titleid and/or unique identifier for your copy?

Sorry,it is not back up from my own cart.
My 3ds is jp region.DBZ of jp region require 9.4 firm according to 3dsdb.com.So I downloaded eu ver DBZ.
Title id and serial are 0004000000169600 and CTR-BDVP.

 

[Aroth]

Sorry,it is not back up from my own cart.
My 3ds is jp region.DBZ of jp region require 9.4 firm according to 3dsdb.com.So I downloaded eu ver DBZ.
Title id and serial are 0004000000169600 and CTR-BDVP.

and the EU version was the one you extracted the exheader from that had the 2802 flag?

 

[likearls]

and the EU version was the one you extracted the exheader from that had the 2802 flag?

Yes.

 

[Aroth]

Yes.

That's really odd. Almost wonder if the .3ds you downloaded was fw spoofed and not marked as such. 2d02 is 8.1, so 2802 is really low. Like 6.x low.

edit:

Its kernel version 2.40, which was included with 7.2

For reference, it breaks down like this:

YY XX, where XX is the the major version and YY is the minor version of the kernel itself, converted from decimal to hex.

So the most recent kernel (2.50) becomes 0x02 and 0x32, or 3202. Following this, 2802 becomes 0x02 and 0x28, or 2.40