11 KiB
title | permalink |
---|---|
DSiWare Downgrade (Save Injection) | /dsiware-downgrade-(save-injection).html |
If you are on version 11.0.0 or 11.1.0, you must follow this guide to downgrade your NATIVE_FIRM using DSiWare {: .notice}
This takes advantage of an oversight which allows DSiWare titles to read and write anywhere in NAND. {: .notice--info}
Be prepared to wait 20 minutes (New 3DS) to an hour (Old 3DS). Slowhax (waithax) is named so for a reason. {: .notice--info}
This is a currently working implementation of the "FIRM partitions known-plaintext" exploit detailed here. {: .notice--info}
Your DSiWare's save will be backed up before getting replaced by the hacked save. {: .notice--info}
What you need
- Already own (and install) one of the following exploitable DSiWare games installed on your 3DS (you must have already installed one; they have all been pulled from the eShop)
- Fieldrunners
- Legends of Exidia
- Guitar Rock Tour
- The Legend of Zelda: Four Swords (Anniversary Edition)
- An entrypoint from Homebrew Launcher (SoundHax) or Homebrew Launcher (No Browser)
4B51394A.zip
- The latest release of 3ds_dsiwarehax_installer
- The latest release of waithax
- The latest release of 3DSident
- The latest release of dgTool
- The Homebrew Starter Kit
- The NFIRM
.zip
corresponding to the device and version of the target 3DS:
Instructions
Section I - Prep Work
- Copy the contents of the
starter.zip
to the root of your SD card, replace existing files
- This will ensure that the Homebrew Launcher is up to date; older versions will freeze when your try to launch 3ds_dsiwarehax_installer
- Copy and merge the
3ds
folder from the 3ds_dsiwarehax_installer.zip
to the root of your SD card - Copy the
4B51394A
folder from4B51394A.zip
to the/3ds/3ds_dsiwarehax_installer/dsiware/
folder on your SD card. - Copy and merge the
3ds
folder from the 3DSident.zip
to your SD card - Copy
waithax.3dsx
to the/3ds/
folder on your SD card - Copy the dgTool
boot.nds
to the root of your SD card - Create a folder named
dgTool
on the root of your SD card if it does not already exist - Copy the contents of the NFIRM
.zip
to thedgTool
folder on the root of your SD card - Reinsert your SD card into your 3DS
Section II - Backup DSiWare
After completing the entire guide, you can use this backup to restore your DSiWare saves by deleting the DSiWare from your System Memory and copying it from your SD Card. {: .notice--info}
This backup can only be used on this NAND. If you format your 3DS or restore another NAND (specifically if movable.sed
is ever modified), it will become unusable.
{: .notice--info}
- Go to System Settings, then "Data Management", then "DSiWare"
- Copy the DSiWare game you intend to use to the SD Card
- Exit System Settings
Section III - waithax
- Get into the Homebrew Launcher using your entrypoint
- Launch waithax
- Wait
- On New 3DS, this will take about 20 minutes (due to a bug, this can take the same time as an Old 3DS for some systems)
- On Old 3DS, this will take about an hour
- Once it's done, press (Start) to exit
- Launch 3ds_dsiwarehax_installer
- Select the DSiWare game you want to install the exploit on
- Once it's done, press (A) to exit
- Press (Start) to open the homebrew launcher exit menu
- Press (A) to exit
Section IV - Backing up NFIRM
- Launch your DSiWare game
- Launch dgTool using your DSiWare game
- Fieldrunners: Touch the 'Scores' button at the main menu
- Legends of Exidia: After pressing (A) or (Start) at the two title screens, select the first save slot and press continue
- Guitar Rock Tour: Scroll down and go to High-Scores -> Drums -> Easy
- The Legend of Zelda: Four Swords (Anniversary Edition): Just start the game
- If your game does not have the hacked save file installed, restart from the beginning
- Select "Dump f0f1" to backup your NFIRM
- This will take a while
- Make note of the NFIRM backup's location
- Exit dgTool
- You may have to force power off by holding the power button
- Put your SD card in your computer, then copy
F0F1_N3DS.bin
orF0F1_O3DS.bin
(depending on your device) to a safe location
- Make backups in multiple locations
- This backup will save you from a brick if anything goes wrong in the future
Section V - Flashing NFIRM
Never downgrade with dgTool on a device that already has arm9loaderhax installed or you will BRICK! {: .notice--danger}
- Launch your DSiWare game on
- Launch dgTool using your DSiWare game
- Fieldrunners: Touch the 'Scores' button at the main menu
- Legends of Exidia: After pressing (A) or (Start) at the two title screens, select the first save slot and press continue
- Guitar Rock Tour: Scroll down and go to High-Scores -> Drums -> Easy
- The Legend of Zelda: Four Swords (Anniversary Edition): Just start the game
- Select "Downgrade FIRM to 10.4" and confirm to flash the 10.4.0 NFIRM bin
- Exit dgTool
- You may have to force power off by holding the power button
- Reboot
Section VI - Exploit verification
- Reinsert your SD card into your 3DS
- Launch the homebrew launcher on using your entrypoint
- Launch 3DSident
- Verify that the following:
- Kernel version: 2.50-11
- FIRM version: 2.50-11
- If either of these do not display the versions above, make sure you used the correct NFIRM zip and try flashing NFIRM again
- Press any button to exit back to the Homebrew Launcher
Your version number will not have changed in the settings. {: .notice--info}
Continue to Decrypt9 (Homebrew Launcher) {: .notice--primary}