Hacking Why You Should Install A9LH! (For Beginners)

[Skyshadow101]

Thank you! I just did everything on the guide, and my 3DS is set up nicely haha. Does this mean that whenever Nintendo pushes an update, I can download and update it safely into my SysNAND because the arm9loaderhax is already protecting me or something? Also, I don't think anyone in my country would want to buy a Gateway... so since I have an additional microSD card in my Gateway cart, I'll use it as extra space to store more ROMs. It should work if I use this guide here right? https://gbatemp.net/threads/tutorial-using-luma3ds-with-gateway-on-v2-a9lh.431691/

That should work, but it may be a bit outdated since it doesn't talk about 11.2. And yes, you can update safely.

 

[Skyshadow101]

#include menuhax

But yeah, side by side comparison: A9LH and Menuhax!

Wish granted, my friend.

 

[Skyshadow101]

This guide should be expanded to include comparisons to e.g. menuhax.

Otherwise it seems to be more about 'Why you shouldn't use Gateway A9LH'.

And your wish has been granted too!

 

[theosiris2]

i,m a beginner
yesterday i already install a9lh+luma3ds and gateway from here https://gbatemp.net/threads/tutorial-using-luma3ds-with-gateway-on-v2-a9lh.431691/
is it bad decision ?

i,m still not quite sure how this a9lh+luma3ds work...
will be good if someone can enlight me

thanks

 

[xdarkmario]

well put man.

 

[xdarkmario]

~Duplicate~

 

[Skyshadow101]

i,m a beginner
yesterday i already install a9lh+luma3ds and gateway from here https://gbatemp.net/threads/tutorial-using-luma3ds-with-gateway-on-v2-a9lh.431691/
is it bad decision ?

i,m still not quite sure how this a9lh+luma3ds work...
will be good if someone can enlight me

thanks

You're good on that part. I was talking about Gateway's version of A9LH, you installed the community's version. I never said that the Gateway card was bad, I said that their A9LH is bad.

What do you not understand about it? Ask a few questions and I will assist you to the best of my ability!

 

[upfromtheskies]

A9LH is better than Menuhax, but not so much for basic users who just play games and don't mess with their nand, unless they think faster boot times and playing GBA games without having to install them twice is worth an hour and a half of their time and risking a bricked system. And yes I know, it also lets them restore their nand without a hard mod, but for a basic user this would only be needed if they accidentally update their sysnand, and if they're the kind of person that might make that mistake, they should probably stay far away from A9LH installation.

 

[theosiris2]

You're good on that part. I was talking about Gateway's version of A9LH, you installed the community's version. I never said that the Gateway card was bad, I said that their A9LH is bad.

What do you not understand about it? Ask a few questions and I will assist you to the best of my ability!

thanks god...i think i,m doing wrong move.
i have many thing i don,t understand lol,but if i ask here it will out of topic

anyway very nice thread...hope many beginner like me who first afraid to install cfw will try to install a9lh

 

[Skyshadow101]

A9LH is better than Menuhax, but not so much for basic users who just play games and don't mess with their nand, unless they think faster boot times and playing GBA games without having to install them twice is worth an hour and a half of their time and risking a bricked system. And yes I know, it also lets them restore their nand without a hard mod, but for a basic user this would only be needed if they accidentally update their sysnand, and if they're the kind of person that might make that mistake, they should probably stay far away from A9LH installation.

Yes, I know. But in the long run, it would be better to just install it and be over with it. The brick rates have been reduced to near 0. Also, they get back the space that Emunand uses.

 

[QiMu]

If you came here, you're probably wondering why you should switch to Arm9LoaderHax (A9LH).

Well, my friend, your answers are going to be slapped on your face. That slap will be full of good ol' knowledge. Now let's begin.

A9LH is an exploit you can install, using a simple guide that I will link here. It allows one to boot a custom firmware easily (within milliseconds after boot) and give near full control over the system.

A couple custom firmwares that can be booted through this hack is Luma3DS by Aurora Wright, SaltFW by Shadowhand, and ShadowNAND, also by Shadowhand.

Each CFW has it's own separate pros/cons, but a guide can be found here so you can figure out which one is best for you.



If you own a Gateway, you might look into installing Gateway's version of A9LH. It isn't better than the community's A9LH under any circumstance. Here's why...

The community's A9LH is superior to Gateway's A9LH in many ways.

Like, for one, the community's A9LH has a lot more support and updates than Gateway's. Meaning that your 3DS is a whole lot safer with the community's A9LH than Gateway's. Also, we can boot Gateway's payloads, but Gateway can't boot ours. This gives the community's A9LH an advantage over Gateway's.

Another reason is that if you lose your Gateway card with Gateway's A9LH installed, your kinda screwed. It won't let you boot into Gateway Mode. With the community's A9LH, all you have to do is install it, then you are done. No extra setup required.

Another reason that the community's A9LH is better, is that you can boot most flashcarts in some way. This includes forwarders or just plain old patches. Gateway's A9LH only allows you to use your Gateway card. Only those. And if you use a DSTwo Plus, Gateway will brick your console. And it can't be recovered through a normal hardmod, it can only be recovered through a Raspberry Pi.

And another reason is that Gateway's A9LH is worse, is that YOU CAN'T UPDATE! When you update, you lose A9LH completely! This also means that you won't be able to play the latest games that require a higher version than what you have. With the community's A9LH, you can use a CFW with FIRM protection, like Luma3DS, and update normally, and you won't have to worry about losing A9LH.

Again, do not install Gateway's A9LH! Just don't!

MenuHax

If you are a current Emunand user, you might have an exploit called MenuHax installed. Although it is a slightly effective way to boot Emunand, A9LH is way better. A few reasons are...

A9LH has a 100% boot rate! Meaning no more rebooting to just get an exploit to work.

A9LH is much faster than MenuHax, a comparison can be found here.

Also, MenuHax can be lost through a system update, and if the exploit that it relies on is patched, you can't install it again until another exploit is found that can boot it.

By now, you probably know the benefits of A9LH, but you are still scared to install it. This leads me to...

How safe the guide is!

Over the months, the guide has become a whole lot safer! The brick rate has been reduced and the guide has become a lot shorter.

At one point, you had to downgrade using a homebrew app. Now, people use a ctrtransfer to downgrade, a more stable method.

OTPLess A9LH installations are now available for the New 3DS, allowing users to completely skip a part of the guide.

The guide can be done within a time span of about an hour and a half. A time span that most people have.

The guide is also still being updated with the safest and latest methods of installing A9LH! This includes the newest method, waithax. This little exploit allows you to downgrade from the 11.0 and 11.1 NATIVE_FIRM to a 10.4 one. This can be then downgraded to 9.2 with regular exploits, allowing you to install A9LH properly!


Now that is A9LH for ya! I hope I have persuaded you into wanting to install this amazing exploit!

If I have some inaccurate info/typos, please tell me what it is and the correct info so I can fix it. Also tell me if I leave out some stuff. Thanks!

Thanks a lot! I come across this A9LH while searching for a used new3ds and doesn't know anything about it. Now i want to buy that 3DS lol.

 

[Quantumcat]

Thanks a lot! I come across this A9LH while searching for a used new3ds and doesn't know anything about it. Now i want to buy that 3DS lol.

Don't pay extra for it just because it has a9lh. You can do it yourself for free now and in the latest firmware.

 

[QiMu]

Don't pay extra for it just because it has a9lh. You can do it yourself for free now and in the latest firmware.

Got it! Thanks

 

[adrifcastr]

@Skyshadow101 and where the heck is the explanation what arm9loaderhax is? I already made a similar thread.

Spoiler: CFW

Custom firmware, also known as aftermarket firmware, is an unofficial new or modified version of firmware created by third parties on devices such as video game consoles and various embedded device types to provide new features or to unlock hidden functionality. In the video game console community, the term is often written as custom firmware or simply CFW, referring to an altered version of the original system software (also known as the official firmware or simply OFW) inside a video game console such as the PlayStation Portable and Nintendo 3DS.

Custom firmware often allow homebrew applications or ROM image backups to run directly within the game console, unlike official firmware, which usually only allow signed or retailed copies of software to run. Because custom firmware is often associated with software piracy, console manufacturers such as Nintendo and Sony have put significant effort into blocking custom firmware and other third party devices and content from their game consoles.

Like its predecessor, the Nintendo DS, the modding scene of the Nintendo 3DS can involve flash cartridges (see Nintendo DS and 3DS storage devices) rather than custom firmware, but custom firmware also exists for the Nintendo 3DS (although it isn't really custom firmware per se) and is compatible with any system version with an ARM9 kernel exploit. However, using a kernel exploit on system versions 11.2 and below, users can gain the ability to run custom firmware. One example is Luma3DS, the current most widely used CFW, which allows unsigned CIA (CTR Importable Archives) files to be installed on the Nintendo 3DS devices, provides region-free features, etc.. CFWs such as RxTools and Pasta have been considered obsolete by now. Other CFWs include Corbenik CFW (with a lot more control than Luma, but not meant for newbies), ReiNAND, on which Luma3DS (previously known as AuReiNAND) is based, Cakes CFW (which is the inspiration for Corbenik) and continue to offer support for EmuNAND/RedNAND, a CFW feature that boots the system from a partition of the SD card containing a copy of the 3DS' NAND memory. These EmuNANDs can protect the 3DS system from bricking, as the usual system NAND is unaffected if the emuNAND is no longer functioning properly or is otherwise unusable. EmuNANDs can also be updated separately from the usual system NAND, making online play and Nintendo eShop access possible on outdated 3DS system versions. However, most people currently use ARM9LoaderHax, a boot-time kernel exploit that allows people to safely use SysNAND and update it, as CFWs make it protected on boot, meaning an update won't remove it.

Spoiler: Luma3DS

So above in the CFW Explanation you have more details about Luma. It is not really wrong but also not really true. Luma3DS is basically just a signature Patcher that Patches the Original Firmware. It is not a Firmware replacement at all.

Spoiler: armloaderhax (more noob friendly explanation)

1. Bootrom reads FIRM0, but due to our payload presence, the signature check will fail.
2. It will read FIRM1 on top of FIRM0, and our payload will still be after it.
3. Check its RSA signature, since it's good it will jump to its arm9loader.
4. The arm9loader will use our crafted key to decrypt the ARM9 binary as garbage, then jump to the kernel entrypoint.
5. With our key the garbage kernel entrypoint will make the cpu jump to our payload location.
6. Code execution!

View attachment 77559

Spoiler: arm9loaderhax

1. Ensure the firm0 and firm1 partitions are arranged such that the size of firm0 is greater than firm1. Both need well-signed FIRM headers so that bootrom will load them into memory.
2. Put the payload at *(firm0 + (sizeof firm0 - sizeof firm1)).
3. Find a key that, when decrypting the firm1 arm9bin, causes a jump to the payload in the size difference between firm0 and firm1.
4. Encrypt the key and place it at the second key of the secret sector (sector 0x96, offset 0x12c00).
5. Write the firm0 and firm1 to NAND.
6. Boot.
7. Bootrom9 loads up firm0 and find the SHA-256 hash mismatching because of the payload at the end of firm0.
8. Bootrom9 loads up firm1 on top of firm0, decrypts it and jumps to it.
9. arm9loader decrypts the arm9bin with the preinstalled key and jumps to it.
10. The first instruction in the arm9bin jumps to the payload.

So for short Neither ARM9LOADERHAX is a CFW it is a persistant (low-level) system exploit, nor Luma3DS is a FW Replacement, it is a Signature Patcher.

 

[Quantumcat]

@Skyshadow101 and where the heck is the explanation what arm9loaderhax is? I already made a similar thread.

You're replying to a reply from November.

 

[Skyshadow101]

@Skyshadow101 and where the heck is the explanation what arm9loaderhax is? I already made a similar thread.

I'll add that in!