Hacking 11.0.0-33 : The Aftermath

[DHall243]

Does this mean we can't get the OTP anymore?

No, it just means you can't downgrade your sysnand from vanilla 11.0

 

[nyder]

No, it just means you can't downgrade your sysnand

okay, sweet, because I still want to do the A9 crap on my 2DS & N3DS, just been slow to start because I don't want to mess anything up. Thanks for the reply.

 

[DHall243]

okay, sweet, because I still want to do the A9 crap on my 2DS & N3DS, just been slow to start because I don't want to mess anything up. Thanks for the reply.

Just an added step, me and another have successfully downgrade from 11.0 to 2.1 using @Plailect guide, but we both have had to update our emunand to 11.0, insert the firmware.bin from part 5 into the luma folder and proceed to downgrade to 2.1, everything else i tried failed.

 

[Plailect]

Just an added step, me and another have successfully downgrade from 11.0 to 2.1 using @Plailect guide, but we both have had to update our emunand to 11.0, insert the firmware.bin from part 5 into the luma folder and proceed to downgrade to 2.1, everything else i tried failed.

Did you maybe have a modified twl firm that the update removed?

 

[naivegirl2411]

Arm9LH users with updated sysnand would be able to flash their nand backup to go to a lower (probably vanilla) FW right? Or would titles from FW 11.0.0-33 be present in the system and complicate things? I know that old versions of FBI injected into H&S seems to be causing problems in FW 11.0.0-33

 

[DHall243]

Did you maybe have a modified twl firm that the update removed?

I didn't, mine was box stock, not sure about the other guy.

 

[MichiS97]

About svcBackdoor11, I'm using an older build of CakesFW on my A9LH modded system, why can I use BootNTR without any problems if that's supposed to be broken?

 

[Salamencizer]

will not let us install a system title of a lower version than in the list,

That is bad
Does this mean that even if we have CFW access, we won't be able to downgrade from 11.0 or higher??

 

[TuxSH]

9:08 PM <@yellows8> Plailect: anyway, smash is not mentioned on the v11.0 page at all.
9:15 PM <Plailect> I just wrote what tux said tbh
9:15 PM <Plailect> he linked that and said it was patched; I didn't really look at it
9:16 PM <@yellows8> what page was it?
9:17 PM <Plailect> the memory management page
9:21 PM <@yellows8> versionlist update is just some JPN title(not hax related).
9:22 PM <Plailect> oh
9:22 PM <Plailect> probably should have verified that...
9:22 PM <Plailect> my mistake then, I'll edit

Oh sorry. I asked and didn't get an answer, so I assumed it was a "yes".

 

[daxtsu]

About svcBackdoor11, I'm using an older build of CakesFW on my A9LH modded system, why can I use BootNTR without any problems if that's supposed to be broken?

Because you're probably using a firmware.bin from 10.4 or below. Cakes doesn't load FIRM from NAND yet IIRC.

 

[DHall243]

That is bad
Does this mean that even if we have CFW access, we won't be able to downgrade from 11.0 or higher??

Not on sysnand, me and someone else done it successfully on emunand

From the another thread

If your luma3ds
Update Emunand to 11.0, eject the sd, put a lower firmware.bin in the luma/ folder, reboot emunand, open plaisys and it will work. I just done it about 3 hours ago.

It worked!
You're awesome!

Solution for mine:
Update to fw 11.
Copy firmware for ntr from part 5 arm9 to luma/ folder.

Error appears at
12288 -> 02049

 

[nl255]

That is bad
Does this mean that even if we have CFW access, we won't be able to downgrade from 11.0 or higher??

You can still downgrade if you are using the NTR firmware.bin which is the 10.2 firm. In the future cfw will probably patch the version checks just like it brings back svcBackdoor now (assuming you are on the latest commit of Luma).

 

[DatakadjrBkajsbr]

Arm9LH users with updated sysnand would be able to flash their nand backup to go to a lower (probably vanilla) FW right? Or would titles from FW 11.0.0-33 be present in the system and complicate things? I know that old versions of FBI injected into H&S seems to be causing problems in FW 11.0.0-33

Anyone know the answer?

 

[DHall243]

Anyone know the answer?

I don't see why not, remember with CFW/A9LH you have complete control over your system. If you can downgrade from 11.0 to x.x on a cfw emunand there shouldn't be any reason you couldnt flash a nand with a CFW/A9LH system.

 

[Urbanshadow]

I don't see why not, remember with CFW/A9LH you have complete control over your system. If you can downgrade from 11.0 to x.x on a cfw emunand there shouldn't be any reason you couldnt flash a nand with a CFW/A9LH system.

Chill.

What you did is to force luma to use a 10.4 firm in a 11.0 nand, succesfully bypassing hardcoded title list and svcbackdoor removal.

With a 11.0 firm, even if you patched it for emunand and are using the svcbackdoor reimplementation on luma3ds a9lh version, downgrade will fail because of the hardcoded title list.

You could force luma3ds to run 10.4 firm on sysnand, and the downgrade will work. Still you need luma3ds running, and that is not currently possible in vanilla 11.0 software.

 

[driverdis]

I have a feeling that the next update whenever that comes out will block hardmod 10.2/10.4 firm injection via 11.0 FIRM requirements for essential titles like the system menu and will also add auto updating like the Wii U to catch people off guard.

 

[UsualNoise]

I'm not positive, but I don't think they'll ever release auto-updating on the 3DS if only because a battery dying in the middle would potentially cause a bunch of bricked consoles. Maybe if they have a battery life check? But still, it's dangerous.

 

[TuxSH]

I have a feeling that the next update whenever that comes out will block hardmod 10.2/10.4 firm injection via 11.0 FIRM requirements for essential titles like the system menu and will also add auto updating like the Wii U to catch people off guard.

"Off guard"... I wouldn't say so

 

[motezazer]

"New security checks in kernel heaps were added which makes "svchax" require extremely precise timing and trickery to execute, breaking it (possibly permanently) unless a fix is implemented"
Trickery, perhaps, but it's unrelated with timing.
We will be able to run svchax again if two conditions are reunited:
-the system always take the same time to boot, so running svcGetSystemTick at boot gives always the same result (or with very little variation), leading to a static MAC key (or to a few ones) for memchunkheaders
-there is some way to control 0x18 continuous bytes in kernel memory (current SlabHeap objects doesn't allow that afaik)

 

[chaosrunner]

when did dr.dre make a new album