Hacking [Tutorial] Installing Clean CIAs with 4.5 CFW

Chaldron

GBATemp's Official Attorney
OP
Member
Joined
Mar 29, 2013
Messages
434
Trophies
0
Location
`Murica
XP
429
Country
United States
Note: Some users have reported that updated the emuNAND created in this guide causes the sysNAND to be updated. Others have reported success with the same process. Tread carefully, and know that neither I nor any developer of the tools used in this guide are responsible for what happens.


Requirements

  • SD Card (preferably blank, if not make sure to take a full backup)
  • A PC with an SD card reader
  • A 4.5 or lower 3DS with mset already installed using Gateway's Installer file.
Software Download Links:
  • Dev Menu CIA (Look for either BigBlueBox CIA or GovanifY’s CFW. Google is your friend, the file name will be either BigBlueBox.cia or DevMenu_2x.cia)
  • Palantine CFW
  • PBT CFW
  • Network Scanner
  • Gateway Launcher.dat
  • rxTools + firmware.bin (cdn_firm.exe in the folder) + slot0x25KeyX.bin (Google)
  1. First off, make sure the CIAs you have planned to install using this method are clean. Clean means that the CIA has been ripped from a 3DS bundle. These CIAs are clearly marked on the sites that you download them on. If you have doubts if a CIA is clean, it is likely not.
  2. Format your SD card. It should be completely blank. Make sure to take a backup if you were using it for something else.
  3. In the "SD Card" folder from Palantine's CFW, you will find files such as Launcher.dat. Copy all of these onto the SD Card.
  4. Now, copy the boot.bin from PBT-CFW. There should already be a boot.bin from Palantine's CFW - delete this one and make sure you are running PBT CFW.
  5. Put the SD into the 3DS. Start the system, and let it create software management information. Now power down the system, and put the SD back into your computer.
  6. Now, in your SD card, there should be a Nintendo 3DS folder. Open it, and open the folder inside that. There should be another, so open that too. You should see a exdata folder.
  7. Make a new folder (not inside the exdata folder, but in the same directory as it) called “dbs”. Go into the folder and make a blank text file, named “title.db” or “import.db”. Doesn’t matter which.
  8. Put the SD back into the 3DS.
  9. Now, navigate to Settings --> Other --> Profile. WHILE HOLDING THE L BUTTON, tap DS Profile. The screen should be a DARK blue on the top. As with regular CFW, the bottom screen should ideally flash white for a moment and then load the CFW. If it doesn't, hold power to reboot the system and repeat step 9. Make sure to hold L.
  10. Now, once you’ve gotten into PBT-CFW, you’ll need your 3DS’ IP Address. You can use the tool you downloaded earlier (the network scanner) to find the devices from Nintendo. Note the IP. (usually looks like 192.168.1.1xx).
  11. Copy the DevMenu CIA you downloaded earlier into the Palantine CFW folder with run.bat.
  12. Edit the run.bat file in the Palantine CFW folder. Replace the DevMenu_2x.cia part with the name of your CIA, and the IPTOMODIFY with your IP.
  13. Code:
    installcia IPTOMODIFY 1 DevMenu_2x.cia
  14. Code:
    installcia 192.168.1.155 1 DevMenu_2x.cia
  15. Now execute the run.bat by double clicking it. It should return a result code of 0. If it doesn't, repeat steps 5-14. If it fails to connect, make sure the IP is correct and the 3DS is connected to the internet.
  16. You should now have DevMenu installed onto the 3DS. Without powering off the system, remove the SD and put it into your computer. Copy the clean CIAs you wish to install.
  17. Insert the SD back into the system, and go into Dev Menu. Install CIAs as normal.
  18. Once the CIAs have been installed, power off the system. Remove the SD, and insert it into your computer.
  19. Backup the Nintendo 3DS folder.
  20. Now, delete the Launcher.dat. Copy over the Gateway Launcher.dat. Insert the SD into the system.
  21. Use the DS Profile exploit like earlier to boot into Gateway. Use the "Format EmuNAND function". Your SD will be wiped.
  22. Once that is done, power off the system. Remove the SD and delete Launcher.dat from your computer. Copy the rxTools.dat file, plus firmware.bin, plus the KeyX file. Also copy back the Nintendo 3DS folder.
  23. Navigate to the rxTools thread linked above on your computer, and place the SD back into the system. Power on, and press L or R to be taken to the camera.
  24. Tap the QR button and scan the code in the thread. Let it take you to the site. rxTools will load.
  25. Boot into rxMode.
  26. Go into Settings. Ensure it says RX-E 4.x. If it says something else, power off and try steps 23 onward again.
  27. This is the dangerous part. Update the emuNAND in System Settings. Some users have reported success and others have updated their sysNAND. Personally, I have found that if you had the update nag on your 4.5 sysNAND, you will end up updating sysNAND. In that case, power off the system, remove the SD, and follow the steps in this thread. Note that this may not solve the issue, and you might end up with an updated sysNAND.
  28. At this point, you should have a 4.5 sysNAND and an emuNAND bootable at version 9.6, with the CIAs installed. Boot into it, and launch every game once. Open the eShop and check downloaded software just for good measure. I personally did not do this step, but it is recommended.
  29. Now, get another SD Card. This could be the SD you used to make another emuNAND. However, it won't work if this SD has the emuNAND unlinked from your sysNAND. If they're unlinked, you cannot merge these two emuNANDs. You will have to stick with 1 SD for the emuNAND we just made, and one with the one you already had.
  30. If your NANDs were linked, you can redownload the legit CIAs from the eShop on your emuNAND. Or, you can format emuNAND again like before and redownload them.
If there are any issues with the guide, please inform me. However, these steps should be relatively safe except for the update part, which is a mixed bag. Check the rxTools thread to see the reports on updating sysNAND accidentally.
 

zero2exe

Well-Known Member
Member
Joined
Jun 23, 2012
Messages
331
Trophies
0
XP
426
Country
Chile
Regarding this:
"This is the dangerous part. Update the emuNAND in System Settings. Some users have reported success and others have updated their sysNAND. Personally, I have found that if you had the update nag on your 4.5 sysNAND, you will end up updating sysNAND. In that case, power off the system, remove the SD, and follow the steps in this thread.Note that this may not solve the issue, and you might end up with an updated sysNAND"

Now that you mention the update nag part it actually makes sense, since the reported cases so far have been when updating from 4.X and the downgrade packs from gateway come with an update nag already iirc.

Also a question:
If I already have a 9.6 emunand setup should I just go through the whole guide with the other SD card and after the games appear on my re-download list just swap the cards and download them with my original emunand?
 

Chaldron

GBATemp's Official Attorney
OP
Member
Joined
Mar 29, 2013
Messages
434
Trophies
0
Location
`Murica
XP
429
Country
United States
clean just means that the signature is valid, it doesn't necessarily have to be a preinstalled game


Really? I thought that any CIA that was a bundle is cleanly signed (as in any 3DS can run it) where as regularly ripped CIAs are not like that.
 
  • Like
Reactions: Margen67

Chaldron

GBATemp's Official Attorney
OP
Member
Joined
Mar 29, 2013
Messages
434
Trophies
0
Location
`Murica
XP
429
Country
United States
Regarding this:
"This is the dangerous part. Update the emuNAND in System Settings. Some users have reported success and others have updated their sysNAND. Personally, I have found that if you had the update nag on your 4.5 sysNAND, you will end up updating sysNAND. In that case, power off the system, remove the SD, and follow the steps in this thread.Note that this may not solve the issue, and you might end up with an updated sysNAND"

Now that you mention the update nag part it actually makes sense, since the reported cases so far have been when updating from 4.X and the downgrade packs from gateway come with an update nag already iirc.

Also a question:
If I already have a 9.6 emunand setup should I just go through the whole guide with the other SD card and after the games appear on my re-download list just swap the cards and download them with my original emunand?


I don't think the DG packs come with the nag, but I believe I downloaded the update on accident.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,721
Trophies
2
XP
8,471
Country
Tuvalu
Really? I thought that any CIA that was a bundle is cleanly signed (as in any 3DS can run it) where as regularly ripped CIAs are not like that.
sure, made properly using a real ticket, like how funkycia will let you, you can make clean cias from anything.
but at the moment the only stuff that we can install is stuff with a blank console id, which leaves us with preinstalled content and system content
 
  • Like
Reactions: Margen67

toto621

Well-Known Member
Member
Joined
Jan 19, 2015
Messages
384
Trophies
0
XP
1,426
Country
Belgium
I may be wrong but using only Gateway mode (without EmuNAND) and BBM is not enough to install a clean CIA ?

I've done this for Flashcard TimeWarp (on 9.0 N3DS XL) and it worked without issues so I assume it will be the same with legit CIAs.

I know you are talking about 4.x firmware but after CIAs installation just create EmuNAND with gateway menu (when gateway team will support firmware 9.6) or with RxTool (OG3DS/2DS only for now), no ?
 

Chaldron

GBATemp's Official Attorney
OP
Member
Joined
Mar 29, 2013
Messages
434
Trophies
0
Location
`Murica
XP
429
Country
United States
sure, made properly using a real ticket, like how funkycia will let you, you can make clean cias from anything.
but at the moment the only stuff that we can install is stuff with a blank console id, which leaves us with preinstalled content and system content


Ah, I see. That's what i meant - CIAs that we can install. Thanks for the clarification.
 
  • Like
Reactions: cearp

Chaldron

GBATemp's Official Attorney
OP
Member
Joined
Mar 29, 2013
Messages
434
Trophies
0
Location
`Murica
XP
429
Country
United States
I may be wrong but using only Gateway mode (without EmuNAND) and BBM is not enough to install a clean CIA ?

I've done this for Flashcard TimeWarp (on 9.0 N3DS XL) and it worked without issues so I assume it will be the same with legit CIAs.

I know you are talking about 4.x firmware but after CIAs installation just create EmuNAND with gateway menu (when gateway team will support firmware 9.6) or with RxTool (OG3DS/2DS only for now), no ?


Create the emuNAND with Gateway, boot it with rxTools.
 
  • Like
Reactions: Margen67

Misiel

Well-Known Member
Newcomer
Joined
Dec 11, 2013
Messages
60
Trophies
0
Age
30
XP
150
Country
Mexico
i have palantine cfw in my 3ds before but this time im getting "failed to connec" error
also after the pbt cfw boots it resets itself after some seconds
 

dandymanz

Well-Known Member
Member
Joined
Dec 5, 2014
Messages
182
Trophies
0
Age
42
XP
227
Country
Senegal
What I mean is why using Palpatine CFW, PTB CFW and Network Scanner while obviously only Gateway Mode (without emuNAND) + BBM is enough (unless I'm missing something important)

It is actually a very big hassle to get PBT running fine on a 4.5 3DS/XL. I remember trying to figure out the steps above when i first started out, without this tutorial and been stuck at the installcia step for almost a day because it just refuses to install the bigbluemenu for me even though the IP was correct.
Anyway, if you already have a Gateway, then there is no need to follow this tutorial.
But for people who are unwilling to fork out money to buy a Gateway or Retail cart.Then this might help you get a few games onto your 3DS to play.

i have palantine cfw in my 3ds before but this time im getting "failed to connec" error
also after the pbt cfw boots it resets itself after some seconds

PBT and Giovanify's cfw have always been very unstable from my experience. Even if you boot it up successfully, it can still hang midway when you're playing a game. For me, i feel its much better to just have PBT setup together with bigbluemenu and then install in whatever legit CIA's are available. And switch to play those from Sysnand after a restart.
 

pontum

Active Member
Newcomer
Joined
Mar 16, 2015
Messages
28
Trophies
0
Age
35
XP
80
Country
Quick question. If I install a game this way, then link a NNID, are the games now tied to the NNID? I ask because at step 28 the games run but they don't show up in the eshop.
 

toto621

Well-Known Member
Member
Joined
Jan 19, 2015
Messages
384
Trophies
0
XP
1,426
Country
Belgium
Quick question. If I install a game this way, then link a NNID, are the games now tied to the NNID? I ask because at step 28 the games run but they don't show up in the eshop.
Maybe Nintendo found a way to detect and forbid re-download of thoses "legit" CIAs. Just guessing...
 

pontum

Active Member
Newcomer
Joined
Mar 16, 2015
Messages
28
Trophies
0
Age
35
XP
80
Country
Maybe Nintendo found a way to detect and forbid re-download of thoses "legit" CIAs. Just guessing...
OK, I tried again, it doesn't show up in downloaded software, but if I search for the software manually, it says re-download, but greyed out. If I delete the software, the re-download button can be clicked, and then it shows up in downloaded software.
 
  • Like
Reactions: Margen67

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @salazarcosplay, Morning