Nintendo 3ds

From miki
Revision as of 21:22, 8 December 2018 by Mip (talk | contribs) (→‎Applications)
Jump to navigation Jump to search

Summary

Module New 3DS XL Blue New 3DS XL Samus
Boot B9S v1.3 (boot9strap) B9S v1.3 (boot9strap)
CFW Luma3DS v9.1 Luma3DS v9.1
Luma payload GodMode9 v1.7.1 GodMode9 v1.7.1

Both systems hacked using Plailect's 3DS guide.

Luma3DS
  • START + POWER — Go to chainloader menu (files in /luma/payloads).
  • SELECT + POWER — Go to Luma3DS config menu
  • SELECT + X + POWER — Dump the ARM11 bootrom (boot11.bin), the ARM9 bootrom (boot9.bin), and your console unique OTP (OTP.bin) to the /boot9strap/ folder on your SD card (note that this will not have any kind of prompt or message)
  • L + POWER (maybe old version) — Boot alternateNAND (emuNAND)

When booted, the following in-game commands are available:

  • L + DOWN + SELECT -- Lauch Rosalina (cheat, debug, HB launcher)

Maintenance

Update Luma3DS
  • Use LumaUpdater , or see Plailect's guide.
Update B9S
  • See Plailect's guide.
Update GodMode9
  • Download .firm file from GitHub, and install it in /luma/payloads.

History

New 3DS XL Blue
  • Original system 9.9.0-26E.
  • Install A9LH (arm9loaderhax) following Plailect's guide (see wiki history before 2018/12/08).
  • Update system to 11.0.0_33E
Some issues with HB Launcher. Fixed by updating Luma 3DS, and following Plailect's guide.
  • Update to B9S.
New 3DS XL Samus
  • System version 11.4.0-37E.
  • Installed B9S using Plailect's guide.

Links

Hack guides
The main guide to hack a 3DS and install B9S / Luma3DS.
Database
Custom firmware (CFW)
The recommended CFW in Plailect's guide.
See Usage guide in Plailect's guide here.
Can be installed as Luma3DS payload.
Old — superseded by GodMode9.
Wikis
  • 3DBrew -- a wiki dedicated to homebrew on the Nintendo 3DS.
Homebrew Launchers
 Loader as CIA for CFW.
GBAtemp.net wiki

Gateway links

Gateway flashcard
  • gateway 3ds -- Original manufacturer of the Gateway 3DS flashcard (the red and blue one)
  • gateway3ds -- an alternate site it seems, but with more detailed info

Old links

Youtube tutorials (informative, but not essential)
Including Userspace hax (for Homebrew access), ARM11 Kernel Hax, ARM9 Kernel Hax (ARM9LoaderHax)
Fake / outdated
Often has outdated information about Gateway flashcard, and promotes other cards.
Stuff
 sha256sum 5736ec8d40303b549f11c06b3811817531e17646a91ee2bb0d94afff69cf3a4e  2.1.0E(Full).zip
  • Get DevMenu / SaveDataFiler from link "[MEGA] Retail Encrypted DevApps! (Caution. These will install to NAND!)" (see guide [1])
Interesting stuff to look someday
  • free e-shop — allow to install game if you already have the title key.
  • BootCtr9, a boot manager for A9LH, including a fork of A9LH. Might help loading Gateway A9LH payload (see here for quick setup guide).

General

3DS processors
  • Arm9,
  • Arm11.
3DS variants
  • 2DS,
  • O3DS, the original 3DS (aka. Old 3DS), and
  • N3DS, the new 3DS that features among others a new StickC button.

Glossary

Sources: [2]

  • NAND
  • SysNAND refers to the original data/system information on a NAND chip embedded in the 3DS.
  • EmuNAND refers to a backup/copy/emulated version of your SysNAND that runs off the SD card.
 The best SySNAND version (i.e. System Menu version, see below) for now is 9.2.
  • SD Card
  • 3DS microSD card -- The 3DS comes bundled with an SD card (O3DS) or a microSD card (N3DS). When EmuNAND is setup, it contains two partitions.
   The EmuNAND partition, when present, is formatted via the homebrew program EmuNAND9.
   The other partition stores homebrew, custom themes, save files, eShop and .cia home menu channels. It must be formatted as FAT32, cluster size 32kB.
  • Gateway microSD card -- On system with flashcards (like Gateway or Sky3DS), there is a second microSD in the flashcard that contains ROM games (.3ds or .3dz rom images).
  • Firmware / System menu
  • System Menu -- This is the official name for "_firmware_" running in the SysNAND.
  • Custom Firmware, CFW -- A program launched by an exploit (like DS profile exploit or MenuHax) that patches the System Menu in memory, and then "jumps" back to it.

Technical

Nintendo FW History

  • 6.1.0-12 — Blue gateway card blacklisted.

How-to

Transfer file from / to microSD card via WIFI

Using Homebrew - Super ftpd II Turbo
  • For instance, connect with Midnight Commander:
cd ftp://192.168.43.242:5000/
  • Review:
  • Worked flawless over mobile hotspot tethering.
  • Some files / folder missing (in particular in root folder). No idea why.
Using Nintendo microSD application

From [3]

  • On N3DS, go to device setting, and microSD management
  • Enter user name, password, and device name.
  • On Linux, use command:
mount -t cifs //DEVICE_NAME/microSD /mnt -o user=USER_NAME,password=PASSWORD,ip=IP_ADDRESS,servern=DEVICE_NAME
Issue: very instable. Often disconnect.
  • Use pv to copy and have progress bar:
pv myfile > myfile
(OLD) Using FTP-3DS
  • From [4]
  • Errors on connect.
(OLD) Using ftBrony
  • Use homebrew application ftBRONY. It is available in the default HB launcher kit. See [5] for details.
  • To connect, launch the app to get IP and port number.
  • Start a FTP client. For instance in Midnight Commander:
cd ftp://192.168.1.33:5000/

Dump a 3DS cartridge

GodMode9
  • See GodMode9 Usage on Plailect's guide, or Citra wiki.
  • Start GodMode9 (press START + POWER).
  • Navigate to [C:] GAMECART.
  • For 3DS Game Cartridge:
  • Press (A) on [TitleID].trim.3ds to select it, then select NCSD image options…, then select Build CIA from file to produce a .cia file or Decrypt file (0:/gm9out) to produce a .3ds file.
  • For NDS Game Cartridge:
  • Press (A) on [TitleID].trim.nds to select it, then select Copy to 0:/gm9/out.
(old) DecryptWIP9
  • Had some issue with Mario Kart 7 (game crashed in the middle of a race).
(old) Uncart
  • tbc.

Dumping a Title

GodMode9
  • Start GodMode9 (press START + POWER).
  • To dump a user installed title, navigate to [A:] SYSNAND SD. To dump a system title, navigate to [A:] SYSNAND SD.
  • Hold (R)+(A) to open drive options.
  • Select Search for titles.
  • Press (A) to continue.
  • Press (A) on the .tmd file to select it, then select TMD file options..., then select Build CIA (standard) to generate a .cia file in /gm9/out on the SD card.

Convert a .3ds game into .cia game

On PC, using 3DS Simple CIA Converter
786dcbba10092cf57ae007d08ac8f916e764d93684f5e8d052a963922881740e  3DS Simple CIA Converter v4.3.rar
e8e55830a795e337a89589bf267ac815                                  3DS Simple CIA Converter v4.3.rar
  • Run from wine
  • Copy the .3ds file into the roms/ folder
  • Click the generate ncchfile stuff button
  • Copy the file to 3DS uSD root folder.
  • Launch Decrypt9. Select XORpad Generator Options and NCCH Padgen.
Ignore error about missing seeddb.bin file.
  • Back on PC, copy the .xorpad files into converter xorpad/ directory, and click Convert 3DS ROM to CIA button.
(Click FW Spoof first if FW spoofing is needed)
  • When done, copy the .cia file to 3DS uSD and import them using FBI or BigBlueMenu.
On the 3DS, using GodMode9
  • Start GodMode9 (press START + POWER).
  • Navigate to [0:] SDCARDcias, then cias folder.
  • Press (A) on the .3ds file to select it, then select NCSD image options…, then select Build CIA from file to generate a .cia file in /gm9/out on the SD card.
Other converters or guides

Installing .cia from the network

Using SocketPunch
  • On 3DS, start FBI application
  • On PC, go to location where the CIA are, then:
java -jar /smb/lacie-cloudbox/family/backup/nintendo_3ds/nintendo/cia/SocketPunch/SocketPunch_v0.3.4.jar

Backup / restore savegames

Using Checkpoint
  • Install Checkpoint with .cia file.
  • Usage is straightforward.
  • Used successfully to transfer saves between consoles for Hyrule Warrior Legends, Ocarina of Time, A Link Between Worlds...
Using JKSM
  • Reference: GitHub, gbatemp
  • Get CIA file from GitHub.
  • Note: Running MHGSV.3dsx from HomeBrew gives an error Error opening MHG's ExtData! Error opening MHG's Extra Data! Press start to exit. On CFW like Luma3DS, don't bother running the 3dsx version, but instead runs the CIA version [6].
  • JKSM can also sets play coins to any arbitrary value (max 300?).
Anti-Savegame Restore
(old) Using SaveDataFiler (Dev kit leaked from Nintendo)
  • This can be used to backup 3DS ROM / cartridge / eshop / cia games, or exchange saves between all these.
  • For 3DS ROM, select the game using Gateway but don't launch it. For cartridge, insert the cartridge first.
  • Start SaveDataFiler
To backup a savegame:
  • For ROM/cartridge, select CTR Card, or the game id for eshop / cia.
For some games (like Fantasy Life), go to extdata/ and select the correct id (Fantasy Life 00001131).
To restore a savegame:
  • Go to SD tab. For ROM/cartridge, select the file and press L+A. For eshop / cia, press R+A. For extdata/ games (like Fantasy Life), simply press A.
Caution. For card1 games (except Fantasy Life), rename the file 000400000FF40A00.sav to game id.
Caution. For card2 games, the save are stored within the game itself. So for GW rom, the save are stored in the .3ds file on the red gateway card!

A9LH

Source: https://github.com/Plailect/Guide/wiki

  • Excellent troubleshooting section (to avoid bricking)

Gateway

ON SYSNAND, DO NOT DO A FIRMWARE UPDATE WHEN IN GATEWAY MODE - DOING SO WILL DELETE A9LH AND PROBABLY BRICK THE 3DS. THE A9LH LOADER FROM GATEWAY DOES NOT HAVE THE FIRM PROTECTION THAT PREVENTS REMOVAL OF A9LH.'

The Gateway flashcart.

Status
My feature requests

Info

  • microSD card
The 3DS comes with a pre-bundled microSD card that is used to store user custom data like themes, but also pictures. We refer to it as the 3DS microSD card.
In a system with a flashcart, there is actually a second microSD card, in the flashcart itself. This is flashcart microSD card, or for gateway users, the gateway microSD card.
  • Sysnand vs emunand
Sysnand is the real nand memory on the 3DS itself, containing the original 3ds fw. Emunand is the one emulated on the 3DS microSD card.
  • Homebrew vs Gateway (flashcart) exploits
Howebrew only requires a userland exploit to launch. Gateway requires a kernel level exploit. So homebrew can run on more recent sysnand version than gateway does.
See this comment for a detailed answer.
Gateway's firmware is updated instead to run its exploit on specific sysnand versions.
...
And Gateway won't support 10.5 in the near future, as homebrew and Gateway (or other CFWs) are completely different things. Homebrew can be run with a userland exploit (some rights on the system, but nothing severe), while Gateway, rxTools, etc. need a kernel exploit (execution and manipulation rights for many parts of the console's memory, only achievable through exploits that can be run in userland mode).
  • Sysnand >9.2 support by gateway
Pending. See this comment and follow-up answers.

Tips

  • Distinguish EmuNAND and SysNAND
  • (source Gateway manual) To easily differentiate between booting from SysNAND or EmuNAND, just setup folders with initials "S Y S" for SysNAND, and "E M U" for EmuNAND.
Not that setting a theme color does not work since themes are shared by both NAND.
  • Boot back directly in SysNAND*
  • Simply go to the System Settings, and leave. LEAVING SYSTEM SETTINGS !ALWAYS! RESUME INTO SYSNAND, SO BE CAREFUL NOT TO DO ANY UPDATE THERE!

Shortcuts

  • hold 'L' when booting Gateway menu --> Go into Gateway menu.
  • In gateway menu, hold down + B to power off.
  • In GW Menu, HBL Menu: 'B' is often used to exit.
  • Hold D-PAD Down button while booting to boot into HBL (MenuHax shortcut, configured as Type1).

Reference manual

Reference software

Including the Menuhax manager

Entering the gateway menu. We follow the Gateway manual:

  • We must create a new WiFi profile, but also prevent firmware update. For this, we use custom DNS settings.
So create a new WiFi profile on the 3DS manually, with
  • SSID / Security: enter your WiFi settings
  • IP Address: Auto-obtain
  • DNS: DO NOT auto-obtain. Set primary DNS to 107.211.140.165, and secondary DNS to 107.211.140.065.
(The gateway manual refers only to 107.211.140.065. Got both addresses from here.)
Run a Connection Test to make sure the WiFi settings are correct.
  • Go to Home Menu Settings, and select Change Theme. Select a random theme (like red), and back to Default.
This is to make sure the required files are created for the MenuHax to work.
  • Power off the 3DS, and move the 3DS internal microSD to the PC, then:
  • HBL Starter Pack -- Extract starter.zip to microSD root folder
  • GW Firmware -- Copy latest Launcher.dat to microSD root folder
  • GW Firmware -- Extract GW_3DSX.zip to microSD root folder (will create a /3ds/GW folder).
The microSD root folder should look as follows:
3ds/
    CHMM2/
    ctr-httpwn/
    ftbrony/
    GW/                                <---
        GW.3dsx
        GW.smdh
    hans/
    install/
    menuhax_manager/
    mgba/
    prboom/
    qtm/
    scrtool/
    eshop.smdh
    eshop.xml
    ironhax.smdh
    ironhax.xml
    sploit_installer_oot3dhax.smdh
    sploit_installer_oot3dhax.xml
Nintendo 3DS/
boot.3dsx
Launcher.dat                           <---
webkithax_tmp.bin
  • !!! ISSUE ON 9.9.0-26E !!!
We get the following message:
The Internet Browser cannot be used at this time. Please try again later or in a different network environment.
Solution from https://yls8.mtheall.com/3dsbrowserhax.php:
  • Go to browser, and close all opened pages. The browser should display the empty URL bar (with text Enter a URL or search item).
  • Back to HOME menu, set date/time to 2000/01/01 00:00 (that exact day and year, i.e. year two thousand)
  • Go to browser, and quickly click the setting button (bottom left) and select Settings. Then click Clear All Save Data.
  • Then either scan the QR code using the camera or open the browser, and enter the auto browserhax URL.
  • On launch, the browser will welcome you again. Select your favorite search engine, and then browserhax should start normally.
Don't move back to HOME menu after going to the browser. Also, steps above must be repeated when date reaches January 2. So better install a more permanent hax.
  • In HBL menu, select and start menuhax_manager v2.2. In order:
  • Select Configure/check haxx trigger button. I choose Type 1 with 'L' key.
  • Select Install.
  • Select Configure menuhax main-screen image.
  • Reboot, and press 'L' to go into HBL menu using the menuhax trigger.
  • CANNOT go into Gateway menu
  • Downgrade to 9.2 (see above)
  • Still CANNOT go into Gateway menu
  • --> From the forum, I have to redo the firmware downgrade again. So tried again (had to try 4x). Indeed one file was updated.
  • Now, finally, CAN start the Gateway menu from HBL!

Updating the RED Card

  • Start HBL, and start the Gateway menu
  • Select 'BOOT GATEWAY MODE', press A. Press A again to proceed to update, and press START to confirm. Wait a minute for update to complete.

Backing up the SysNAND

  • In the Gateway menu, select "BACKUP SYSTEM NAND", press A then START to start.
  • When done, move the internal microsd to PC, and move the file NAND.BIN to a safe location (for later restore if needed).

EmuNAND Setup

  • !!! THIS WILL DELETE EVERYTHING ON INTERNAL MICROSD !!! So backup all data first.
  • In the Gateway menu (Don't forget to press L when booting from HBL because RED card is now setup), select "FORMAT EMUNAND".
  • Setup again HBL and MenuHax as usual (since the microSD has been formatted).

Install ROM on the Gateway microSD

  • Format the gateway microSD card in ExFat format (done in Windows 7)
  • Copy the *.3ds file in the microSD root folder.
  • Rename the *.3dz file to enable online play (only if game backup was done from the same 3DS console).

Update to latest System Menu in EmuNAND

  • Done it via the System Settings menu (NOT via eShop, since gbatemp FAQ reports that doing so would actually update the SysNAND).

Restore the extdata backup:

  • See https://3dbrew.org/wiki/Extdata for reference info (extdata identifier)
  • Copied back 00000227 (Mii Maker)
  • copied back 00000228 (Streetpass Mii Plaza)
  • Copied back 0000022d (Face Raiders)
  • Note: had to boot browserHax 3x before could get successfully into EmuNAND.

Install bluecardfix.cia (or similar):

  • Boot into GW Menu using BrowserHax -> HBL -> hold 'L' key and select GW Menu.
  • Follow the GW Manual, but after importing mset_eur.cia, also import bluecardfix.cia (to enable back the Blue GW card).
  • IT WORKS! Don't forget to:
   * Remove DevMenu.3ds for the Red GW (or rename it). To avoid innocent hands to mess with it.

Install OoTHax on Zelda OoT Game

  • Copied the file AQEP.sav (for EUR) to 3DS uSD.
  • Boot into GW menu, insert Zelda OoT cartridge, and select Restore Game Save.
  • Check that hax works: boot Zelda OoT, select 1st save (it's normal it save title exceeds the box), and then press 'A' (Check/Voir) to go to GW Menu.

EmuNAND

Unlinking EmuNAND and SysNAND

By default, EmuNAND uses the same NNID as SysNAND, and hence all system menu settings are shared (like theme selection). To prevent this, NANDs must be unlinked.

Some guides to do that:

  • On this page suggest to format the SysNAND without any 3DS uSD card inserted.

DS / DSi game support

DS / DSi game support
  • Can boot in EmuNAND (default) or SysNAND (with nag screen, NOT RECOMMENDED because firmware update can brick your device)
  • on EmuNAND, either in GATEWAY mode or CLASSIC mode.
  • DSi ware, DS card, acekard2i DOES NOT work in gateway mode.
  • With A9HL, Classic mode is obsolete since it is better to boot in SysNAND directly and boot acekard2i from there.

Install GW on Luma 3DS

See https://gbatemp.net/threads/tutorial-using-luma3ds-with-gateway-on-v2-a9lh.431691/

First attempt (on Sys 11.0.0_33E)
  • Without emunand. GW not booting after dragon logo. According to post above, this would be because the old EMUNand was not completely deleted.
Second attempt (on Sys 11.0.0_33E)
  • Using GW w/o EMUNand is dangerous because there is no FIRM0/FIRM1 protection. So a FW update can brick the console and/or remove A9LH, locking us to the newest firmware. So we'll create again a new EMUNand.
  • Use recent EMUNand9 to create a new EMUNand.
  • At boot, press Down to trigger GW, then R to trigger GW Red Card Update.
  • Wait for the Red Card Update to complete
  • Reboot... press Down, and Voila! we are in GW mode!

Games

  • Look on 3dsdb.com for the releasename of a given game (for instance New.Super.Mario.Bros.2.EUR.3DS-CONTRAST for _New Super Mario Bros 2_).
  • Search the releasename on Google.
  • Download.

History - games:

History - website:

  • http://www.nds-passion.xyz -- Requires subscription, but quality links and little nags (many different possibilities for download).

Homebrew

Install

On A9LH system:

  • Use CFW like Luma 3DS.
  • Install HW starter kit on 3DS uSD
  • Install HB Launcher as CIA (use FBI to install).
  • Start the HB Launcher to go to HB menu (first launch requires internet access to dowload the hax payload).

Applications

List of current applications:

Checkpoint To save / restore savegames.
Anemone3DS A theme and boot splash manager for the Nintendo 3DS console.
GodMode9 multipurpose tool which can do NAND and cartridge function. See GodMode9 Usage page in Plailect's guide.
FBI To install .cia files. Homebrew version of Nintendo DevMenu.

List of old applications (no longer used, superseded by better applications above):

DECRYPT9 Best use the WIP version. Superseded by GodMode9.
EMUNAND9 Best tool to format and adminstrate EmuNAND. Better than using Gateway's tool.

CIA

  • CIA is the format used to install software (games, tools) on the 3DS device uSD card.
  • Legit CIA software are usually installed via eShop.
  • Alternatively they can be installed using a CIA installer and a .cia file.

List of CIA installer:

  • DevMenu
From Nintendo dev kit. Install it using FBI injected in H&S app.
  • FBI
Open-source. Can be safely injected in Nintendo's Health&Safety app on system menu, even on unpatched (non-rooted) device.
  • BigBlueMenu
Another CIA installer.
FBI - network transfer
  • Use falconpunch:
python FalconPunch.py hblauncher_loader.cia
  • There is also a GUI alternatives: SocketPunch_0.3.4.zip

CFW

CFW, or Custom Firmware are modified Firmware for the 3DS that uses the Official firmware as a base. It allows to use applications that aren’t allowed by Nintendo, and among other play game backups.

Recent:

Luma 3DS
  • Was called AuReiNand before, a fork of ReiNand from AuroraWright.
  • List of features:
  • Disable firmware checks (allows to use patched firmware like TWL_FIRM patch to use acekard2i).
  • Remove some nintendo restrictions (like region lock)
  • Start (ie. chainload) ARM9 homebrew applications (like DECRYPT9, EMUNAND9...)

Old:

Reinand
  • A old CFW by Reisyukaku.

Security flaws

Acekard2i

Thanks to latest CFW like Luma3DS (which disables N3DS blacklist), Acekard2i flashcard works out-of-the-box provided they have the latest firmware. Here we give the procedure to update the flashcard.

Links
Update
  • Download the udpate:
fdf49f11bdeb42e9fd9355ef42317f8a6436a8735b2f5cd40007b1e0ff00de37  18392-AceKard_2_v4.23_menu.zip
d3f2c724d656e2584f3e15a0ae27348a9842a6bf17ad1706629d93445696cc0d  ak2ifw_update_dsi-v1.41.7z
b5b0fccf2536bf46915817b381ddaae4fdf705ed8deb7ecbd1d9611feb6312d8  ak2ifw_update_dsi-v1.42_3ds-v2.0.7z    (fast start as usual)
9c80186547e6cd8d1ccb0aa4cfdafe9b6186e832e83f302e50f067622c895645  ak2ifw_update_dsi-v1.43_3ds-v3.0.7z    (not tested. Possibly slower start)
891f3d59781bf530ae33fb506abc0bbacd4915218d1422c42c7f4e96d0bddd78  ak2ifw_update_dsi-v1.44_3ds-v4.3.7z    (but very slow start)
  • Use the official Acekard menu v4.23 to update (remove everything else on the card).
  • On N3DS, to get the best boot performance, it is recommended to use update dsi v1.42, and use the patched TWL_FIRM to bypass black list check.
Perso, I did first upgrade with v1.41 (with Alex Rider icon), then the latest (with horse icon).
More troubleshooting

Troubleshoot

Fragmentation error

  • Fragmentation error: If a fragmentation error is shown, you need to fix it on your PC with -
GW3DS.EXE FIX DRIVELETTER:

3DS freezes at boot / sleep wake-up w/ Acekard 2i inserted

When inserting Acekard 2i into 3DS, the HOME menu freezes. But still, we get black screen freeze at wake-up from sleep mode. Even though the suspended game is a 3DS (CIA) games. Only solution in that case is to remove the cartridge and hard reset by pressing power button. →See Enable Acekard 2i / GW Blue card.

3D not working on system menu (GW EmuNAND)

Solution: Close the lid and open it back.

Can't open FAT32 partition

Can't open FAT32 partition on 3DS uSD with EmuNAND

On Linux, use instead an SD adapter to read the uSD card.

Can't open exfat partition

On Linux, install the exfat FUSE package (! unstable it seems).