A9LH

This is just a log of how I did it, not a tutorial. Starting condition: brandnew machine, 11.1.0-34J/U operating system (latest by the time I write this).

1. Disassemble and solder wires of eMMC
2. Read back the original content of eMMC, add 10.4 FIRM, flash back
3. Use any of the HBL entrance supporting 11.1
4. Use any tool to downgrade to 9.2 from HBL
5. Use any of the HBL entrance supporting 9.2
6. Install Luma3DS-A9LH
7. Reboot and install the latest OS (11.1)
8. Install FBI and Luma upgrade utility etc.

This is already simplified process. There used to be step of flashing 2.1 OS and extracting OTP, which are no longer necessary.

Adding 1.1 cartridge support for Smashhax

Smashhax is one of the HBL entrance, based on ninjahax. In a high level, it utilize an exploit in the multiplayer of Smash Bros, the packet sent by the PC would case a stack/heap overflow and execute unsigned binary code. Obviously each different build of the game (like different version, different region) would require different packet to trigger the exploit. Two of the cartridges I own were not supported, so I am using a tool provided by the author to generate the necessary packet with the game dump.

1. Use a 3DS to dump and decrypt the cartridge
2. Unpack the exefs and extract code.bin on PC
3. Use the tool provided by the author to extract the addresses
4. Build pcap packet

Conclusion

There are lot of information online, so probably there is no real need of me writing these.. and things would get outdated pretty quickly. As a result I kept everything as brief as possible.

Unrelated image: