Hacking Outdated emuNANDs, the eShop, and spoofed version numbers.

[Wowfunhappy]

Let me say right of the bat that this is just a theory, and I know that theories have a bad reputation around here for being misguided and wrong. This may well apply to my theory as well, but I would like to know whether or not it does. I've been mulling it over for the past half hour, and I don't personally see any flaws.

The eShop does not work on outdated firmwares, and EmuNAND cannot be updated past 9.5 on the New 3DS. As a result, making the eShop work within emuNAND on a New 3DS is impossible.

How does the eShop know what firmware we're on? From what I understand, it looks at the version number of every installed system title, and checks to see if any of them are out of date. Updating only certain titles is not enough—all of them must be updated in order for the eShop to work.

However, we can install titles with spoofed version numbers. Yes, this breaks signature checks, but we don't care about signature checks, because we're in emuNAND!

Let's say that we're running emuNAND 9.0-E. We can use Yellows8's awesome System Update Reports to get a list of every title that has been updated between 9.0 and 9.6. We can then download the 9.0 versions of these titles, and create CIAs with modified version numbers, to make it look like they've been updated, even though they have not been. Afterwards, all of these CIAs can be installed to emuNAND. In theory, I don't see any reason why this shouldn't satisfy the eShop.

I'm aware that there are simpler methods for making the eShop work on outdated firmwares, but none of them public. I am personally interested in this because it would make it much easier to fix the eShop on region-changed systems, although I know it would be useful for other reasons as well.

...would this work?

 

[Adeka]

Why do you need access to the eshop?

 

[Kylecito]

I had read somewhere that someone had tried this and it still refused to connect to the eShop.

 

[Wowfunhappy]

I had read somewhere that someone had tried this and it still refused to connect to the eShop.

That sucks if true, although I wonder why.

 

[sonic2756]

I'm on 9.5 emuNAND, so I'll test when I get home. Can someone link me the tool to spoof title versions along with the 9.6 updated titles?

 

[Stoned]

search 3dnus

 

[Wowfunhappy]

I'm not sure if there is a tool to spoof title versions, I just know that it's doable, since that's how cearp created flashcarttimewarp.

As Stoned said, you can find what titles have been updated between given version numbers via Yellows8's System Update Reports.

 

[Stoned]

Example. Spoofed Browwser works whit rx 9.6 Emunand. Installed whit PBT-CFW

I Use not Flashcard

 

[Wowfunhappy]

For what it's worth, it occurred to me that you may also need to actually update Cver, the title that controls the version number displayed in system settings. No idea if the eShop checks that as well, but it seems plausible.

 

[Stoned]

I Dont no Sorry

 

[Zidapi]

"Spoofing" the version numbers of system titles breaks them and will cause a brick.

The flashcart whitelist is an exception to the rule, spoofing its version breaks it causing the system to fall back to an older version.

System titles don't work this way, if the current version is broken it just fails causing a brick.

At least this is my understanding of the situation, I welcome any corrections.

 

[Wowfunhappy]

"Spoofing" the version numbers of system titles breaks them and will cause a brick.

It breaks the signature checks, yes, and would brick sysNAND as a result.

But we're in emuNAND! Signature checks shouldn't matter.

 

[Ra1d]

It breaks the signature checks, yes, and would brick sysNAND as a result.

But we're in emuNAND! Signature checks shouldn't matter.

Well I just tried for the heck of it downloading a new "System Settings" version present in 9.6 to my 9.5 emuNAND, and it wouldn't load, it doesn't break emuNAND itself, but when you tap settings, it's just an infinite loading screen.

 

[Wowfunhappy]

Well I just tried for the heck of it downloading a new "System Settings" version present in 9.6 to my 9.5 emuNAND, and it wouldn't load, it doesn't break emuNAND itself, but when you tap settings, it's just an infinite loading screen.

This is not what I'm suggesting. Imagine if you installed every 9.6 CIA in your 9.5 emuNAND. You'd essentially just be upgrading to 9.6. It wouldn't solve anything.

What I'm suggesting is, download the 9.5 versions of those CIAs which have changed between 9.5 and 9.6, and spoof the version numbers of those 9.5 CIAs to make it look like they have been updated to 9.6, even though they haven't been.

 

[Ra1d]

This is not what I'm suggesting. Imagine if you installed every 9.6 CIA in your 9.5 emuNAND. You'd essentially just be upgrading to 9.6. It wouldn't solve anything.

What I'm suggesting is, download the 9.5 versions of those CIAs which have changed between 9.5 and 9.6, and spoof the version numbers of those 9.5 CIAs to make it look like they have been updated to 9.6, even though they haven't been.

The only problem is, how do you spoof them ?

 

[Wowfunhappy]

The only problem is, how do you spoof them ?

I don't know, I just know that Cearp has done it successfully.

...cearp, want to chime in here?

 

[sonic2756]

Just need a way to spoof title versions now, i'm almost positive someone posted a way.

EDIT: 3DNUS does just what I need. I'll work on this and report back. Gotta finish reinstalling windows

 

[Wowfunhappy]

Just need a way to spoof title versions now, i'm almost positive someone posted a way.

EDIT: 3DNUS does just what I need. I'll work on this and report back. Gotta finish reinstalling windows

Don't suppose you got anywhere?

 

[sonic2756]

Don't suppose you got anywhere?

Haven't even started. I'll post updates when I can.

 

[plasma]

I could theoretically do this, but depends on how many titles I would have to spoof.
Got any idea how many? and spoof them to what?