From WikiTemp, the GBAtemp wiki
Revision as of 17:22, 9 December 2013 by Cyan (talk | contribs) (My 3DS System version is bellow 4.5.0, how can I update it?)

This page will list frequently asked questions about the 3DS hacking using flashcarts like Gateway 3DS or R4i Gold 3DS Deluxe.

If you have a question, put it at the end of the page, or ask on GBATemp's forum (will add a thread link here later).

If you have an answer or can help provide better answers and informations than the currently listed one, please edit this page to help other users.

If you found a new question in the forum and know the answer, put it in the corresponding section.


Contents

Glossary

NAND

You will find a lot of terms to talk about the NAND. There are in fact only two type.

1. The NAND is the chipset located in your 3DS and containing all the data/memory/program/etc.

This chipset is referred to as NAND, System NAND, SysNAND, Physical NAND, PhyNAND, Real NAND, 3DS NAND, Console NAND, etc.


2. There is a possibility to make a copy of this memory and store it outside of the console (usually on SD card).

This copy can be used by the console, and it's often called and Emulated NAND, as the console use it as if it was the real one. All access to the console memory is redirected to the SD card. You are then using your copy located on your SD card as NAND, and everything you are doing is in fact happening on your SD card instead of your System NAND.

This NAND copy located on SD card is referred to as Emulated NAND, EmuNAND, Redirected NAND, RedNAND.


Firmware / System Menu

Users often use "Firmware" to talk about the version of their console or Flashcart, but it's not the correct name.

Like for Wii and WiiU, the 3DS use a System Menu version. If you speak about the 3DS, please use "System version" instead of Firmware in this FAQ.

If you speak about the Flashcart's Launcher.dat, it's not a firmware either. It's a program launched by the DS profile exploit. The firmware would be what's inside the flashcart's chipset. But a lot of users call the Launcher.dat the "Firmware" so I used that word in the FAQ. If it's better to use another word, feel free to replace it.

Exploit

How does it work ?

This hack exploits two different vulnerabilities in the 3DS system menu.

The first one consists in altering the DS profile (by using a compatible DS flashcart and running a DS homebrew), to exploit the DS NVRAM vulnerability and get access to "User mode".

The second one grants access to the 3DS "kernel mode" by launching the DS profile in the 3DS Settings. When the DS profile is launched, it use a vulnerability to gets Kernel access and loads a Launcher.dat file located on the SD card.


Nintendo patched the second vulnerability in System version 5.0.0, so access to "kernel mode" is not possible anymore with this exploit. Although the first vulnerability (installing a modified DS profile) still works, it can't be used to get kernel access.

Discussion thread : .... (find the thread with ROP explanation)

3dbrew....

Console

Is it working in all consoles and regions?

Consoles from all regions are compatible with this exploit, and works on all 3DS consoles (Original and XL/LL). You need a 3DS with a System version from 4.1.0 to 4.5.0 to use this exploit. If your 3DS System version is 5.0.0 or newer, it will not work. The 2DS is manufactured with a System version higher than 4.5.0 so it will not work.


Is it a softmod or hardmod?

This hack is currently based on both. The exploit itself is done in software (It runs by launching programs on the console), but requires a Flashcart to install the DS exploit and another Flashcart to play 3DS ROMs.

You don't need to open your console or solder a modchip to play 3DS Roms, but it's possible to do physical modifications if you want to backup/restore your NAND. See this FAQ's NAND section for more informations.

Flashcarts

How many 3DS Flashcart exist?


All three products are bundled with both a DS mode flashcart and a 3DS mode flashcart.


Why are there two flashcarts?

The DS mode flashcart is used to run a DS Homebrew which will replace the DS profile informations. The modified DS profile is then used to exploit a vulnerability in 3DS mode, access Kernel mode and patch the 3DS system.

The 3DS mode flashcart is used to play 3DS Game ROMs.


Can I use my own DS mode Flashcart?

Yes.

If you already have a DS mode flashcart working with your 3DS, you can use it to run the DS homebrew. Just put the installer.nds file on your MicroSD and launch it from your usual method of booting DS homebrew.


Can I use the DS Mode flashcart bundled with 3DS Flashcart to run DS homebrew/games?

Yes.

The bundled DS Mode flashcart is a regular card working with 3DS firmware 4.5.0 (or newer, depending which product you buy).

  • Gateway: This is a r4i gold 3DS clone, using a hacked Wood firmware.
  • R4i Gold 3DS Deluxe: This is an official R4i Gold 3DS, with the official Wood Firmware.
  • 3DS Link: This card and R4i Gold 3DS Deluxe are the same product.


Do 3DS Flashcarts work with all consoles?

The 3DS flashcarts are region free and works on all existing 3DS consoles (Original and XL/LL). It doesn't work on 2DS due to bundled system version at manufacturing time.


Do 3DS Flashcarts work on all 3DS System version?

The exploit currently used to get access to the 3DS Kernel works only on System version 4.1.0 to 4.5.0.


My 3DS System version is bellow 4.5.0, how can I update it?

The current exploit is working with 3DS System Menu version 4.1.0 to 4.5.0 but it's recommended to update to 4.5.0 if you want to use EmuNAND, as some users reported problems when using EmuNAND with System NAND on version 4.1.0. There are currently no report with System NAND on 4.3.0


There are two different methods to update your System NAND:

  1. Using an original game cartridge bundled with System update 4.5.0 (for example Luigi's Mansion 2 has 4.5.0-5).
  2. Using a game's ROM bundled with System update 4.5.0 and with Gateway v1.0 (which doesn't prevent the System version checking).


You can check this website to find which System version is present in a game's update partition.

Note: The ROM method is not possible with R4i Gold 3DS Deluxe / 3DS Link flashcarts as their initial release (v2.0) prevent the game from checking the required firmware.

My console's firmware is above 4.5.0, what can I do? Is it possible to downgrade?

Downgrading is possible only if you have a backup of your NAND chipset created before updating. You can't restore another console's NAND backup.

If you have a NAND backup of your console and want to restore it, check the NAND section.

If you don't have a NAND backup, you can't use this hack at all. You must buy a new console if you want one with System version 4.5.0 or bellow.


Can you check the System version before buying a new 3DS?

It's not 100% accurate, but you'll have more chance to get a firmware bellow 5.0.0 if the packaging indicates "Copyright 2012".

You'll also have more chance with a Red/black Blue/black consoles.

Discussion thread: ....


Using the flashcarts

Do I need to run DS exploit every time?

No.

The patched DS profile is reset only if you launch a DS game or a DS mode flashcard. In this case, you will need to run the DS install.nds homebrew again.

You will also need to run the install.nds again if you changed your 3DS System language.

Is the 3DS hack permanent or do I need to run it after every reboot?

You need to run the exploit after each console's reboot/shutdown.

Go to Settings > Other Settings > Nintendo DS Profile to launch the hack again.


I want to remove all exploit and hack

  1. Run a DS game or a DS mode flashcart.
  2. Shut Down your 3DS
  3. Delete the Launcher.dat from your big SD card
  4. Delete the install.nds from your DS flashcard's MicroSD.

Games

Are all games working ?

It depends on the flashcart and its firmware version.

ROMs:

  • GW2.0b1: Only 2 games (Pokemon X/Y and Animal Crossing) are not working when using the ROM form.
  • R4i Deluxe/ 3DS Link 2.0: Games using SDK5+ are not working.


Game Cartridge:

  • EmuNAND classic with GW2.0b1: All games (tested up to release 497) are working using EmuNAND classic Firmware 6.3.0


Attention: Since SDK6 (and System version 6.0+) games are using a different save encryption method. While in EmuNAND, the system is still running under 4.5.0 and it's using the old encryption method. If you play your cartridge in System NAND 6.0+ it will not be compatible with EmuNAND 6.0+ and the game will delete/reinitialize the save.


You can check the 3DS flashcarts game compatibility page to see which games are not working, and which version you need.


Are games region free?

Yes.

You can play games from all regions when using ROMs. But if you are using EmuNAND Classic (GW2.0b1), you still need to use a game cartridge from your region.


ROMs:

  • GW2.0b1, R4i Gold 3DS Deluxe 2.0, 3DS Link 2.0: Working with games from all regions.
  • EmuNAND (GW2.0b1): Working with games from all regions.


Game Cartridge:

  • EmuNAND Classic (GW2.0b1) : No region free.


Can I play games requiring System version past 4.5.0?

Yes.

The flashcarts are spoofing the required System version and prevent the prompt asking to update your console if you play from ROMs. But if you are using EmuNAND Classic (GW2.0b1), you still need to use an updated EmuNAND.

ROMs:

  • GW1.2, R4i Gold 3DS Deluxe 2.0, 3DS Link 2.0: Working with all games requiring System version up to 4.5.0 and some games requiring 5.1.0.
  • GW2.0b1: Working with all games requiring System version up to 6.2.0.
  • EmuNAND (GW2.0b1): Working with all games requiring System version up to 6.2.0.


Game Cartridge:

  • EmuNAND Classic (GW2.0b1) : No System version spoofing. You need to update your EmuNAND System version to 5.1.0 or newer.


Why games using SDK5+ are not working with old flashcart's firmware?

In the SDK5, Nintendo changed the location of the booting logo (the Nintendo logo at the bottom of the booting screen). It's now located outside of the ExeFS, in unencrypted form. Unable to locate this file, the game couldn't boot.

Flashcart's firmwares are patching the location to allow games created with SDK5 to work with System version 4.5.0.


ROMs:

  • R4i Gold 3DS Deluxe 2.0, 3DS Link 2.0: Not working with SDK5+ games.
  • GW2.0b1: Working with all SDK5+ games.
  • EmuNAND (GW2.0b1): Working with all SDK5+ games.

Game Cartridge:

  • EmuNAND Classic (GW2.0b1) : No file path patching. You need to update your EmuNAND System version to 5.1.0 or newer.


Can I store multiple games on my MicroSD?

No.

At least, not for the moment. You need 1 game per MicroSD card.

The Gateway team said they are working on a game selection menu for GW 2.0.


How can I store games bigger than 4GB on FAT32?

It's unknown for the moment how the games will be stored to allow multiple games at the same time.


How do I install a game to my MicroSD card?

The game is written in RAW format, it doesn't use any file system.

You need to use tools to write the ROM image to your device. There are different tools depending on your operating system.

Select the device in the list, Select the .3ds game file and click "Write" button. Attention, be sure to select the correct drive's letter. ALL your card will be deleted and the game will be written.

If the MicroSD contains already a game, the program will not display the device in the list. You need to format the MicroSD first (using Panasonic SD Formater).



  • Linux: use dd command line to write binary file to the device.
sudo dd if=/u01/filename.3ds of=/dev/mmcblk0 bs=1M


Which MicroSD should I choose?

Which MicroSD size should I choose?

Can I trim ROMs to fit in a smaller MicroSD?

Yes.

Some games can be trimmed to remove unused dumped binary data. There are different program you can use to do that.


There are two trimming methods, what are the differences?

The normal trimming method removes unused data at the end of the Game's Data. it can be reverted to get the file back to the original Dump.

The second trimming methods also removes the Update Partition from the game's Data and is irreversible. You can't restore the deleted partition from the modified file.

The first method should be enough to fit all games in your MicroSD card.


Where are the saves? Can I backup them ?

When you play, the save is stored into the flashcart.

If you want to backup your current progress to a file, you need to exit the game by using Home > X > A, it will make a copy of the flashcart's internal save chipset to the root of your big SD card, with the filename based on the GameID.

As long as you play the same game, it will use the flashcart's internal save chipset.

If you play another game, it will import the game's save file from the big SD card to to internal save chipset. It will NOT backup your previous game's save first, you need to properly exit the game if you don't want to loose your save.

You can then keep a backup of your .sav files on your computer if you want.


How to I change games?

Exit your current game with Home > X > A, and wait few seconds before removing the flashcard, it's doing a backup of the save. change your MicroSD and put the flashcard back in the 3DS.


NAND

Backup

How do I backup my NAND?

Yes, There are two methods :

  1. You can backup using a hardware flasher. You need to open your console and solder wires in your console. For instruction, check this thread ....
  2. You can backup using a software. Currently, only GateWay is providing this option.


- GW2.0b1: Launch the Gateway menu (Press L when selecting the DS profile) and select the "Backup NAND" option. It will save your system NAND to Nand.bin file located at your big SD card's root.

Information: You don't need the Gateway flashcart to backup your NAND to nand.bin file.


What is the correct size of the NAND dump?

There are two different NAND chipsets (different manufacturers), and they are of different sizes.

Toshiba NAND:
1931264 sectors
988.807.168 bytes
Samsung NAND:
1953792 sectors
1.000.341.504 bytes

Restore

How do I restore my NAND backup?

It's possible only through hardware method.

If you want to modify your console to do hardware NAND backup and restore, you can check this thread: ...

There are two different models (Normal 3DS and 3DS XL). The 3DS XL is easier to mod.

Can I restore another 3DS's NAND backup?

No.


EmuNAND

What is EmuNAND?

Do I need a 3DS flashcart to setup and use EmuNAND?

You don't need a 3DS flashcart. You only need a DS compatible flashcart (DStwo, R4i, etc.) to install the DS exploit which is used to boot the launcher.

The 3DS flashcart is needed only to launch 3DS Roms.


How to I create EmuNAND?

Do I need EmuNAND? What is its purpose?

Do I need to update my EmuNAND?

How do I update my EmuNAND?

Link to tutorial or write one.

Can I backup my EmuNAND partition located on my SD card?

Yes

Is EmuNAND sandboxed? Am I safe while in EmuNAND?

While in EmuNAND, your System NAND (4.5.0) is still running and active. Some action done in EmuNAND will only affect EmuNAND, while others will affect both EmuNAND and System NAND.


Here is a list of known action affecting the System NAND:

  • Modifying a Network setting in EmuNAND will save all EmuNAND's network setting to System NAND's Network Setting.


Is System NAND affecting EmuNAND?

Yes. As your console is still running on System NAND 4.5.0, it's using that System version's files and functions.


Here is a list of known action affecting the EmuNAND:

  • Save data encryption using by new games (SDK6+) is using the 4.5.0 encryption method, even if you are using EmuNAND 6.1.0+


Specific Game's Questions

Is Pokemon working on emuNAND?

Do I need EmuNAND to play Zelda ?