Homebrew [Theory] Possible method to downgrade from 11.0 without hardmod/DSiWare

[metroid maniac]

It used to be possible to downgrade with arm11 kernel exploits, but it's not anymore. In the 11.0 update, Nintendo added a list that's stored in arm9 that prevents files from a lower firmware from being installed, and the only way around the list is by exploiting the arm9 kernel which would make downgrading pointless. You can read more about it here: https://gbatemp.net/threads/why-the...simple-explanation-for-the-rest-of-us.441373/

That's a much cheaper and dirtier fix than I anticipated.
Rather than actually fix the ARM11 kernel exploit, Nintendo just hardcoded a blacklist of titles that may not be installed.
I guess then that legit CIAs can be installed on 11.0/11.1?

 

[el_gonz87]

ARM11 kernel exploit is how current downgrades to 9.2 work.

I also thought briefly about other ways of exploiting DSiWare - Petit Computer is similar to Smile BASIC and has QR scanning. It seems exploitable from that, but the real hackers would need to get on that.

Didn't 11.0 patch it so that the ARM11 update has to cross-check with a list that's part of ARM9? So downgrades from 11.0 need ARM9 access, which would nullify the reason for even downgrading.

 

[ADS3500]

That's a much cheaper and dirtier fix than I anticipated.
Rather than actually fix the ARM11 kernel exploit, Nintendo just hardcoded a blacklist of titles that may not be installed.
I guess then that legit CIAs can be installed on 11.0/11.1?

Signed CIAs can't be installed on 11.x because there isn't a public arm11 kernel exploit on 11.x. The main reason why one hasn't been released is because it isn't possible to downgrade with them anymore, so people are probably saving them to release with an arm9 kernel exploit.

 

[metroid maniac]

Signed CIAs can't be installed on 11.x because there isn't a public arm11 kernel exploit on 11.x. The main reason why one hasn't been released is because it isn't possible to downgrade with them anymore, so people are probably saving them to release with an arm9 kernel exploit.

I guess that the blacklist was added in addition to patching the exploit then.

 

[TuxSH]

The idea wouldn't work for another reason: Nintendo uses HTTPS for fetching the latest updates (for eshop too), thus preventing cheap tricks like DNS redirection.

 

[Aletron9000]

to downgrade to 9.2 from 11.0 without a hardmod or dsiware downgrade, an arm9 exploit is needed not just arm11.

BTW, I think someone already found an arm11 exploit on 11.1, but it is useless because we need arm9 to bypass the minimum version list

edit: ninja'd

 

[Swiftloke]

Ugh not this again.
The 3DS won't just install an older update, especially not with this method. On older versions, we have to delete system titles because the arm9 will prevent installing older versions of existing files. (But not titles that don't exist. Downgraders would delete a title then install the older version of it, and since updates are Legit CIAs it's fine with it.) Since the update server will never delete older titles, this isn't going to work.
It especially won't work on 11.0, due to the minimum version check. Even if the server deleted titles, the arm9 would still prevent the installation.
Changing the version that appears on the title would break the signature, and it would be a non-Legit CIA (which needs an arm9 exploit).

I would also like to know how does 3DS updates work

http://yifan.lu/2015/03/23/nintendo-3ds-system-updater/

what if we could do a FrankinFirm that has 1.10 Firm but every thing else as a 9.2 files

The sysmodules (9.2 files in your scenario) would break the console, as NATIVE_FIRM expects a minimum version for sysmodules, currently the 9.6 version.

That's a much cheaper and dirtier fix than I anticipated.
Rather than actually fix the ARM11 kernel exploit, Nintendo just hardcoded a blacklist of titles that may not be installed.
I guess then that legit CIAs can be installed on 11.0/11.1?

Sure, as long as you have an arm11 kernel exploit.

 

[gnmmarechal]

ARM11 kernel exploit is how current downgrades to 9.2 work.

I also thought briefly about other ways of exploiting DSiWare - Petit Computer is similar to Smile BASIC and has QR scanning. It seems exploitable from that, but the real hackers would need to get on that.

As I've stated before, 11.0 introduced a title version list that can only be bypassed with an ARM9 kernel exploit.

 

[Giodude]

Well what if you're on say 6.2, and you wanted to update to 9.2, could this be used? I have arm9loaderhax but it's an interesting thought

 

[dpad_5678]

With all the new patches/checks 11.0 introduced, it's not even worth it anymore to try to find a traditional downgrade. At least not now.

For most people chances are that you have a CFW / CFW'able system and/or the money and/or skills to get a hard mod.

 

[Deleted User]

I've been thinking about this thing:
3DS takes files for upgrade from internet, right?
If we redirect the search to a custom site (such as tubehax) we can made that 3DS believes that the downgrade files (9.2/10.7) are 11.1.0-34 files
Is this possible?
(Sorry for my English, I'm Italian )

Not possible due to native_firm being changed around and updated by Nintendo which blocks out the ability to downgrade hardmodlessly without bricking.

 

[swabbo]

xD

 

[Deleted User]

No

 

[hacksn5s4]

another ways to find an exploit in a dsiware game that does not require a hacked save

 

[C0mm4nd_]

What about a miihax as primary ARM11 Userland exploit? It uses QR Codes (like 90% of primary hax)
*Edit* Dumb idea :\

 

[gallymimu]

This reminds me of when a 4 year old has an "IDEA"

 

[p1ngpong]

There are many threads like this already so closed.