[3DS][News][03/11/2017]: 1 Month Since Nintendo Killed 3DS Downgrading - Are we any closer to Exploiting 11.3? "What Can I Do on non-CFW 11.3?"


I've been flooded with comments over on Youtube,
 wondering if 3DS Ethusiasts have come any closer to finding Exploits, in the new 
11.3 System Menu Update, from Nintendo. 

I have gathered all the info I know currently up to the date in the Blog Title. (May 11th 2017)
It might not be exactly what you want to hear but go ahead and read on to learn of the progress.


How Nintendo 3DS Update [11.3.0-36] Effects Non-CFW Devices

- Released on February 7th, 2017
- Not a Forced Update

- Console Functions without Updating*
- *Can't access normal eShop without Updating

- Blocked Downgrading to Other Firmwares (11.2 or below)

- Temporarily Blocked Homebrew(see below)

- If you had Homebrew Launcher CIA not working*
-*Payloads for HBL are blocked go get the new ones: http://smealum.github.io/3ds/
-*Need to use SoundHax to get HBL to work on 11.3, get Soundhax here: Soundhax.com

- Latest Version of CHMM2 should work to Install Themes, go to 3ds.themes to get some
- Emulators still work when launched from HBL, o3ds and 2ds run some slowly
- A Few Save Managers work; Head over to 3dsbrew.org to checkout homebrew programs


Things that don't work yet on [non-CFW 3DS]


- Downgrading to 11.2*
- Downgrading to any Firmware*

- Using Hardmods to Downgrade to 11.2 or any firmware

- Doing CRTTransfer to 2.1.0*
- Doing Console Transfers to other Firmware*

- Installing FBI or Maki FBI
- Installing Freeshop
- Installing Tickets for Free Games
- Installing CIAs Legit or Non-Legit
- Installing LUMA3DS Custom Firmware**
- Installing arm9loaderhax**

*Why can't we Downgrade? or Factory Reset the 3DS? or CTRTransfer down to 2.1? 


When a console is updated to [11.3.0-36], its NATIVE_firm is overwritten so that it needs the 11.3 Firmware to Launch the System Menu. 
Downgrading would likely result in a Brick if you got that far.


**What's going to be the next Exploit for Installing CFW + FBI + A9LH?


The Next big thing we are waiting for in then 3DS Homebrew Community is called;

"SIGHAX" or "SAFESIGNATUREHAXINSTALLER"

What is SigHax and what will it theoretically allow us to do?

By itself, sighax cannot do anything, but when we access the bootROM we will, in theory, be able to write any software to the 3DS by basically giving us the Keys, to "Unlock" the 3DS lock it places on bootROM, 5 nano seconds after launching it. We could essentially write any signature we need to sign software onto the 3DS. 

- This means no more Downgrading to install CFW
- Near Impossible to Brick
- Will Install super quickly on CFW Devices without Hardmod, Boot HBL and Hit Install
- Replaces arm9loaderhax rendering it uneeded
- Can't Be Patched by future Nintendo Updates
- Install any Firmware directly with NAND Access(Hardmod)
- Decrypt NAND dumps and SD Cards on the PC


What is the BootROM though?

I can't explain the exact workings as I don't understand them fully but here's a comparison to Arm9Loader from /r/3dshacks /u/Valliantstorme -

"The BootROM is the very first piece of code to be run on the system at bootup. Its job is to:


  1. Turn on the various parts of the 3DS 
  2. Make sure the secret encryption keys are set up in the hardware key scrambler 
  3. Verify that the Firmware isn't corrupted or overwritten in any way (It's not foolproof, but you couldn't realistically fool it without knowing exactly how it works) 
  4. And finally, make sure the Firmware can't access the secret keys, or any other sensitive data, after it finishes doing all of the above stuff. 
After it does all of that, it loads the Firmware. Once it loads the firmware, Arm9Loader takes over (and Arm9Loader can't touch the bootROM any more, since the BootROM isn't readable any more).

Arm9Loader then does this:
  1. Decrypts the firmware using a separate key (Arm9Loader itself is stored in plaintext [not encrypted], hence why it was hacked so "quickly", as you only need a NAND backup to see how it works) 
  2. Launches the decrypted firmware. This is where Arm9LoaderHax happens, very far after the bootROM has locked itself from being read. 
  3. Anything after that still can't read the protected BootROM, and there's no way to unlock it. 
We currently can't "unlock" the bootROM after it's launched, since it's physically locked with hardware, Just like you can't "un-fire" a gun, you can't "unlock" the bootROM "

Hedgeberg & Greg the 2DS are working hard to dump the BootROM using the Boot9 Method discovered in 2015 by "derrek"

As of February 21st Hedgeberg was Close!

It's apparently already been dumped before by "derrek", but isn't being released due to him not wanting to release Nintendo's Intellectual Property & face Legal repercussions. 

If he waits until someone else dumps it, they won't have to worry so much about letting it leak as it could have been "Anyone" at that point.



Sorry again to those that updated to 11.3 by accident.
I hope some good news relating to SigHax will be released soon, 
you'll hear about it here first when it does!

IF YOU FOUND THIS INFO USEFUL THINK ABOUT SUPPORTING THE CHANNEL BY SUBSCRIBING https://www.youtube.com/c/GameInCanada

⏬IF YOU'RE FEELING WILD! DONATE TO HELP US GROW! ⏬

Comments