For those of you who watched Smea’s Plutoo’s and Derek’s talk back in 2015 you may remember them talking about ARM9LoaderHax. ARM9LoaderHax has been found by WulfyStylez, Dazzozo, shinyquagsire23, plutoo, Normmatt and Yellows8. This was first publically disclosed in Smea’s Plutoo’s and Derek’s 32C3 3DS Talk. For in-depth information and if you want to know how exactly this works you can read this here.
A bit later first people started dumping their Console unique Key (OTP) and messing with ARM9LoaderHax. At first, there were no real tutorials and tools to help you downgrade and dump the OTP but now around 2 months later this has progressed a lot and there are now well-documented ways on how to downgrade an Old- or New3DS to FW 2.1 and dump the OTP.bin. The first CFW actually using ARM9LoaderHax has also been released with hopefully RXTools and others to follow. But now you probably want to know why you should take the risk to downgrade to 2.1, dump the OTP, and risk bricking it by either Human or machine failure.
Pro:
Boot times as fast as booting sysNAND
“Real” Coldboot because of it loaded directly at boot
100% Bootrate. No 3DS crashing while starting your favorite CFW anymore
Con:
If being done wrong this can brick your 3DS
Only 1 CFW supporting ARM9LoaderHax as of now
DISCLAIMER: Any modifications to your 3DS are done at your own risk. I am not responsible for any bricks that may occur during this process
1. Dumping the Console Unique Key (OTP.bin)
If you still want to continue please follow the following Guide on how to downgrade your 3DS to 2.1 and dump your Console Unique Key but be aware that if you use the wrong files, don’t follow the tutorial 100% correctly, flashing a corrupt sysNAND image or your 3DS turning of while messing with the sysNAND partition can brick your 3DS so double check that you have the correct files for your 3DS, follow the Tutorial as close as possible, checked your 3DS NAND backups and have your 3DS hooked up to a wall charger so it doesn’t accidently shut down. The following Guides assume that your 3DS is on Firmware 9.2. If your 3DS isn’t on Firmware 9.2 and not higher than 10.3 then you can downgrade it with SafeSysSpdater to 9.2 and follow these tutorials. Be aware that even though SafeSysUpdater has been made as stable as possible that there is still a tiny brick risk.
Old3DS/2DS/New3DS Tutorial
If you want to check the files integrity you can find SHA-256 sums of all the files here. They can be found at the bottom.
When you finished dumping your Console Unique Key you can now continue and compile your own ARM9LoaderHax installer. This Installer will only work for your 3DS, so if you want to build ARM9LoaderHax for another 3DS you will have to go through downgrading and getting the Console Unique Key for that 3DS too.
2. Compiling the ARM9LoaderHax Installer and setting up your 3DS
Update: It is recommended to use SafeA9LH Updater to install Arm9LoaderHax. It is safer and you don’t need to compile the installer.
What you will need for building and installing ARM9LoaderHax to your 3DS:
Delebils ARM9LoaderHax Source
data_input.zip (Download it from this page,For new3ds10.firm, new3ds90.firm and secret_sector.bin)
Your OTP.bin that you dumped with the Tutorial. NEVER USE ANOTHER OTP.BIN FILE OR THE ONE PROVIDED WITH THE SOURCE. IT WILL BRICK YOUR 3DS AND NEVER GIVE YOUR OTP.BIN FILE TO RANDOM PEOPLE. ONLY TO PEOPLE YOU TRUST.
MiniPasta (This is only needed if you’re building ARM9LoaderHax for New3DS)
Python 2.7.11 x86-x64
PyCrypto 2.6.1 for Python 2.7 32bit
Make
DevKitARM (This is part of DevKitPro)
Luma3DS (Starting with Luma3DS 5.0 the firm.bin files aren’t needed anymore)
1. Preparation
1. If you have a version of Python 2.7.x 32bit installed remove this first
2. Install Python 2.7 and make sure to tick the “Add Python.exe to Path” Setting so that you can use python by typing python in your CMD
3. Install Pycrypto 32bit into the folder you installed Python to. (Normally this is C:Python27)
4. Install DevKitPro 1.6.0. You will be presented with different packages to install but we will only need Minimal Install and DevKitARM. You can uncheck everything else.
5. Install Make
2. Compile the ARM9LoaderHax Installer
1. Extract Delebils ARM9LoaderHax Source to any Directory (I will go with C:arm9loaderhax-master)
2. Extract data_input.zip and copy the new3ds10.firm, new3ds90.firm and secret_sector.bin to Delebils ARM9LoaderHax Source folder and there into the data_input folder.
3. Copy your OPT.bin into the data_input folder in Delebils ARM9LoaderHax Source folder
4. Open a CMD Window and CD to Delebils ARM9LoaderHax Source Folder (Just replace C:/arm9loaderhax-master with the path where you stored Delebils ARM9LoaderHax Source)
5. Now, type make and wait until it finishes. This should take about 1 minute. If you get any errors while building please post them in the Comments and I will try to help you 🙂
6. If it finished without errors you should now have a folder called data_output. Copy the arm9loaderhax.3dsx from the data_output folder to your 3DS SDcard into the 3ds folder used by Ninjhax
3. Installing ARM9LoaderHax to your 3DS
1. Make sure you have a valid sysNAND backup before you continue
2. Enter HomeBrewLauncher through the entry point of your choice (I used browserhax for this but you can also use Cubic Ninja or other entry points)
3. Run arm9loaderhax.3dsx. If you are stuck on “exploiting arm9” you will have to shut down your 3DS. Then download and copy the MiniPasta.3dsx file to your 3ds folder. Then boot up your 3DS and launch HBL. Start MiniPasta and wait a few seconds until you will be kicked back to the HomeMenu. Now reenter HBL and run arm9loaderhax.3dsx again.
4. After the payload got installed it will reboot your 3DS to a black screen. This is normal because you don’t have an arm9loaderhax payload on your SDCard yet.
4. Setting up Luma3DS to use ARM9LoaderHax
1. Extract Luma3DS and copy the luma folder and arm9loaderhax.bin to the root of your SDCard
2. Put the SDCard back into your 3DS and it should now let you setup a few things. Set your preferred settings and save them. Luma3DS should automatically boot into emuNAND now 😀
Congratulations you now have a 3DS with fully working ARM9LoaderHax 😀
Big thanks to every Dev who made this possible and I hope to see more awesome releases in the future. I’m hoping for RXTools to release a ARM9LoaderHax compatible version soon 😀
If you have any questions or problems feel free to ask in the Comments 🙂
Why firmware 2.1?
OTP is locked on every firmware past 2.1
i keep getting that
also when I try to install pycrypto python 2.7 required which is not found in registry
I tried reinstalling python and nothing
so I skipped it and got
make: python: Command not found
make: *** [sector] Error 127
Did you tick “Add python.exe to path” while installing Python 2.7?
yeah
ok I got the done now I keep getting
ImportError: DLL load failed: %1 is not a valid Win32 application.
make: *** [sector] Error 1
when I do the make in cmd
I got the pycrypto installed but now I get
ImportError: DLL load failed: %1 is not a valid Win32 application.
make: *** [sector] Error 1
when I do the make on the cmd window
Do you have a setup to do a video step by step tut on this you would have thousands add and visit that video!
Sadly I don’t have the right equipment for this. Maybe 8Bit will be able to do one
I got the pycrypto installed but now I get
ImportError: DLL load failed: %1 is not a valid Win32 application.
make: *** [sector] Error 1
when I do the make on the cmd window
PyCrypto requires VC redist 2008 and/or 2010 so please install them and report back 🙂
I will add this to the tutorial later today 🙂
I have them installed already but I get the same thing
Did you install the 64bit version instead of the 32 bit version? What windows do you use?
I use windows 10 and yes 64bit
You probably need to install 32bit versions of VC Redist 2008 and 2010.Pease install them and report back 🙂
Hello i bricked my Japanese New 3DS do you have any clue why the safe mode plays music but is showing a black screen please?
At which step did you brick?
While downgrading to 2.1 or while installing arm9loaderhax?
After I downgraded from 2.1 and needed to upgrade I used Rockman Classics to update to 9.9 since I could not restore the original 9.0 band after I downgraded to 2.1. So when the manual update from the game it gives me an error on boot after 2 seconds.
I figured out what happen when I downgraded the 2.1 I cloned the emunand to sysnand.I must have the safe mode loading 2.1 and the Sysnand got corrupted now I have no clue what to do maybe salvage. It for parts.
The update to 9.9 broke the sysnand. Because you flashed modified 2.1 old3ds files to get the otp on new3ds it installed a 9.9 old3ds fw on your new3ds. I guess the only option you have left is to get a hardmod and flash back the nand backup you did
Your last chance could maybe be #3dshacks on Rizon IRC. Here’s the link to it:https://qchat.rizon.net/?channels=3dshacks&uio=d4
Try contacting plailect or any other channel operator for real time support
Thank you