Hacking Why the 3DS can't be downgraded on 11.4 "For Dummies" (A simple explanation for the rest of us)

[Quantumcat]

Nice thread. Very informative. Now I have a question. Currently I'm on 11.0 with arm9loaderhax+luma. Previously I was on rxtools with emunand 11.0 and sysnand 9.2. I switched to this setup cause I heard it was better. Not sure why though. With this set up, isn't my sysnand technically on 11.0? Is that safe? And would updating to 11.1 f*** me up?

Yes, your sysNAND is on 11.0, and yes, it's safe to update.

From the guide:

Update your 3DS by going to System Settings, then "Other Settings", then going all the way to the right and using "System Update"

• Yes this is safe, stop asking about it.

From the 11.1.0-34 announcement thread:

CFW working:

• a9lh - luma3ds cakes and all the other major ones.
• emunand cfw
• Dsiware firm downgrading
• Hardmod firm downgrading
• NTR cfw

 

[Swiftloke]

Nice thread. Very informative. Now I have a question. Currently I'm on 11.0 with arm9loaderhax+luma. Previously I was on rxtools with emunand 11.0 and sysnand 9.2. I switched to this setup cause I heard it was better. Not sure why though. With this set up, isn't my sysnand technically on 11.0? Is that safe? And would updating to 11.1 f*** me up?

Yes, and even the though the cat in the glasses is right, let's talk why.
With arm9loaderhax, arm9 is taken over before the console starts. This means that we have control over the OS, and if it tries to do anything we don't like, we can just stop it. Just like Nintendo used to do to us. Ironic, eh?
With this is mind, what we do is set up a program that sets FIRM0 and FIRM1 (where arm9loaderhax resides) to be read-only. This means that arm9loaderhax is protected, and there's nothing Nintendo can do about it since our code controls the console, and any code they attempt to change that with we can just block.

 

[ElYubiYubi]

So why instead of looking a way to downgrade. Why not just a way to install CFW on 11.0?

 

[Quantumcat]

So why instead of looking a way to downgrade. Why not just a way to install CFW on 11.0?

That would be the exact same thing....... Did you read the post?

The future [what could be done for 11.0]
Well, put simply, to downgrade on 11.0 without hardmod or DSiwarehax, we need an arm9 exploit. Without being able to tell arm9 to not use the list, there's no way to downgrade via normal software. And if we have an arm9 exploit, there would be no reason to downgrade to 9.2 from 11.0.

 

[ElYubiYubi]

That would be the exact same thing....... Did you read the post?

Yes. All CFW requires a Downgrade to 9.2. Why not just find another way?

 

[Quantumcat]

Yes. All CFW requires a Downgrade to 9.2. Why not just find another way?

Um........ Downgrading to 9.2 from 11.x requires an arm9 exploit. CFW requires an arm9 exploit. This post explains that we do not have an arm9 exploit above 9.2. When there is a publicly available arm9 exploit we will hear about it. There is no "other way".

Edit: to address your reply specifically, no, all CFW does not require a downgrade to 9.2. It requires an arm9 exploit, and 9.2 is the maximum version where there exists a public one.

 

[Deleted member 333767]

I don't understand why people would link this thread to noobs who ask about 11.0 downgrades.... They won't read the rules, so why would they read a long technical write up?

The only thing that 11.0 owners should be linked to is ebay/amazon/aliexpress/gumtree/craigslist, because thats the only way they're ever going to own a hackable 3DS.

 

[Swiftloke]

I don't understand why people would link this thread to noobs who ask about 11.0 downgrades.... They won't read the rules, so why would they read a long technical write up?

The only thing that 11.0 owners should be linked to is ebay/amazon/aliexpress/gumtree/craigslist, because thats the only way they're ever going to own a hackable 3DS.

Though you have a point, no one reads the terms of service.

 

[lolboy]

Thanks! Learned something on my way to work.

 

[ederenzi78]

Very good explanation. I have one more question.
When I was on 10.5FW I could do a NAND dump before attempting the dowgrade to 9.2. But my question is:

In order to do the NAND dump, an ARM9 exploit was used? And if it is so, why bother downgrading to 9.2 ? If if not, what kind of exploit was used?

Thanks

 

[Quantumcat]

Very good explanation. I have one more question.
When I was on 10.5FW I could do a NAND dump before attempting the dowgrade to 9.2. But my question is:

In order to do the NAND dump, an ARM9 exploit was used? And if it is so, why bother downgrading to 9.2 ? If if not, what kind of exploit was used?

Thanks

You can't backup your NAND on 10.5 unless you have a hardmod.

 

[gnmmarechal]

You can't backup your NAND on 10.5 unless you have a hardmod.

Or DSiWareHax.

 

[annson24]

So a9lh takes control over arm9 before the console starts? So basically if we currently have a9lh installed, even if we update our console to v11.1 we still have arm9 exploit, right? Cool. Please make another thread regarding this secret store and its deal with FIRM0, FIRM1, and OTP. I think I just wanna stop doing my job and go home to study all this, it's really interesting.

 

[Quantumcat]

So a9lh takes control over arm9 before the console starts? So basically if we currently have a9lh installed, even if we update our console to v11.1 we still have arm9 exploit, right? Cool. Please make another thread regarding this secret store and its deal with FIRM0, FIRM1, and OTP. I think I just wanna stop doing my job and go home to study all this, it's really interesting.

Read https://gbatemp.net/threads/arm9loader-technical-details-and-discussion.408537/

 

[annson24]

Read https://gbatemp.net/threads/arm9loader-technical-details-and-discussion.408537/

Thank you cat in glasses. Been reading it for a while no, my brain can't actually handle too much info in such a short period. Will continue tomorrow haha.

Sent from my SM-N930F using Tapatalk

 

[Sophia19]

Hey. I think this is very useful but didn't help me much. I don't understand all these words (NAND.. blah blah) these kind of words should be explained.

Gesendet von meinem SM-N910F mit Tapatalk

 

[Swiftloke]

Hey. I think this is very useful but didn't help me much. I don't understand all these words (NAND.. blah blah) these kind of words should be explained.

Gesendet von meinem SM-N910F mit Tapatalk

I'd had this idea in the back of my head for a while now, but you stating this is what spurred me to finally write it.
http://gbatemp.net/threads/a-glossary-of-3ds-hacking-terms.443726/#post-6719279
OP updated to reflect this.

 

[testing123]

So about Cubic Ninja, why can't its exploit be used on 11.0.0?

 

[ADS3500]

So about Cubic Ninja, why can't its exploit be used on 11.0.0?

Ninjhax was recently fixed for 11.x, but the reason why it was broken before is because the exploit connected to the internet to download the payload. Nintendo realized that the game didn't use internet, so they blocked internet access for the game. The new method uses 15 QR codes and each QR code contains part of the payload, so it's pretty much impossible for Nintendo to patch it now.

 

[testing123]

Ninjhax was recently fixed for 11.x, but the reason why it was broken before is because the exploit connected to the internet to download the payload. Nintendo realized that the game didn't use internet, so they blocked internet access for the game. The new method uses 15 QR codes and each QR code contains part of the payload, so it's pretty much impossible for Nintendo to patch it now.

Thanks for the reply. So are you saying that a system on 11.0.0 does NOT need to be downgraded to get Ninjhax working?