Hacking Pasta CFW - A CFW that allows unsigned CIA to be installed on Old and New 3DS! (required ninjhax)

[MrJason005]

Have you ever tried to use sysupdater? It does nothing. At all.

Hardly.
It works for me fine.

 

[Idaho]

Actually, I just re-read it and that should work, yeah. A bit slower than just opening a command prompt though. Either way should give the desired result.

I don't even know how to create an empty file on Windows with CLI whereas I'm an IT tech, it's amazing all the things you can do with just clicks and logic with this OS ^^

 

[DSpider]

Why isn't this on GBATemp's front page yet?

 

[cearp]

cat /dev/null > title.db

for the same effect.

i just do 'touch' and then the filename

 

[urherenow]

ok, i will give more information.
pbt lets you used pirated gba games. better now...?
of course pbt patches signature checks, that's the whole reason for it's release, it's just basically an improved 4.5 leaked cfw. if there were not sig patches... then how are people playing pirated stuff on it... lol

Honestly didn't know that. I've been using Gateway and Ninjhax (and also RXtools for some stuff) and wasn't able to do anything with PBT that I couldn't already manage...

 

[smasbros]

GBA VC titles are confirmed to work.
Even PBT couldn't make them working!

How to make GBA titles to work please?

 

[SLiV3R]

Can someone please make a noob step by step guide?

I have
N3DS 9.2
Downloaded the archive provided, unziped it's contents to the root of the SD card of my N3DS.
start Cubic Ninja
start Brahma, load and execute the payload ("arm9payload.bin")
Im on PASTA CFW MENY. Selected 9.2 firmware, and press start to launch the CFW..
Then start FBI. Installed an CIA (PAZARU)
Successful install of CIA
Then nothing????
(In start meny there are actually an icon that appears and then dissapears after an half second... What is that?)

 

[d0k3]

I just took a look at the source code, and I almost feel cheated (joking, no shitstorm please!). All the magic is in these 6 short lines of code (this is for N3DS v9.0-v9.2, and the code for the other 3 options is equally short):

u8 patch[]={0x6D, 0x20, 0xCE, 0x77};
u32 *dest=0x08052FD8;
memcpy(dest,patch,4);
u8 patch1[]={0x5A, 0xC5, 0x73, 0xC1};
u32 *dest1=0x08058804;
memcpy(dest1,patch1,4);

I'd have expected a cracked GW launcher or hundreds of lines of code . Anyways, great work capito27!

So... is this permanent, meaning if I cold restart the system the patch will stay? I guess no, but if it isn't, I wonder, how will SYSNAND handle the illegit .CIAs when the patch is not loaded? Will they just not show up? And what if you have legit / bought .CIAs installed alongside 'illegit' ones? Also, is this risky in terms of possible bricks? What if you select the wrng option for your console?

 

[tyrran]

Can someone please make a noob step by step guide?

I have
N3DS 9.2
Downloaded the archive provided, unziped it's contents to the root of the SD card of my N3DS.
start Cubic Ninja
start Brahma, load and execute the payload ("arm9payload.bin")
Im on PASTA CFW MENY. Selected 9.2 firmware, and press start to launch the CFW..
Then start FBI. Installed an CIA (PAZARU)
Successful install of CIA
Then nothing????
(In start meny there are actually an icon that appears and then dissapears after an half second... What is that?)

After finishing installing via FBI, you have to re-launch PastaCFW one more time. I know it's redundant but it's what works.

 

[SLiV3R]

IT FUCKING WORKS!!! =) LOVE YOU ALL <3

 

[urherenow]

I just took a look at the source code, and I almost feel cheated (joking, no shitstorm please!). All the magic is in these 6 short lines of code (this is for N3DS v9.0-v9.2, and the code for the other 3 options is equally short):

u8 patch[]={0x6D, 0x20, 0xCE, 0x77};
u32 *dest=0x08052FD8;
memcpy(dest,patch,4);
u8 patch1[]={0x5A, 0xC5, 0x73, 0xC1};
u32 *dest1=0x08058804;
memcpy(dest1,patch1,4);

I'd have expected a cracked GW launcher or hundreds of lines of code . Anyways, great work capito27!

So... is this permanent, meaning if I cold restart the system the patch will stay? I guess no, but if it isn't, I wonder, how will SYSNAND handle the illegit .CIAs when the patch is not loaded? Will they just not show up? And what if you have legit / bought .CIAs installed alongside 'illegit' ones? Also, is this risky in terms of possible bricks? What if you select the wrng option for your console?

The patch will not stay and there is no risk of a brick. It only patches what's in memory. If you brick, it's because of something else you did like installing an O3DS firmware file on an N3ds or vice versa, or deleting a firmware file with fbi, etc.

The real question is... how to translate this bit from NTR debugger "write(0x10DD28, (0x00, 0x20, 0x08, 0x60, 0x70, 0x47), pid=0x25)" to add to the above code? If someone could do that, we'd also have eshop access and such, wouldn't we?

 

[HELPMEPLEASEOMG]

Damn, and here I was getting all hopped up thinking that this would work on my 9.5 3DS. Oh well.

 

[capito27]

The patch will not stay and there is no risk in a brick. It only patches what's in memory. If you brick, it's because of something else you did like installing an O3DS firmware file on an N3ds or vice cersa, or deleting a firmware file with fbi, etc.

The real question is... how to translate this bit from NTR debugger "write(0x10DD28, (0x00, 0x20, 0x08, 0x60, 0x70, 0x47), pid=0x25)" to add to the above code? If someone could do that, we'd also have eshop access and such, wouldn't we?

The issue with ntr, in my opinion, is that firm isn't a process, so it can't be done (I might be wrong tho.

 

[Idaho]

i just do 'touch' and then the filename

touch does work but that's not the real purpose of this command

 

[DSpider]

Damn, and here I was getting all hopped up thinking that this would work on my 9.5 3DS. Oh well.

The word "ninjhax" didn't tip you off? You need to be on an exploitable firmware to use the Cubic Ninja hack, and that means fw 9.2 or below.

 

[innercy]

^ i think creating dummy file is not an issue. there are various ways. it should be stated in 1st post. one of them is create using text file which already mention a couple page back. to summarize:
#In Windows open Notepad. Click File, Save As...
#Change File name to title.db and update.db, Select All Files (*.*) in Save as type.

 

[urherenow]

The issue with ntr, in my opinion, is that firm isn't a process, so it can't be done (I might be wrong tho.

What do you mean? NTR does it. Already, we can load pasta, then load NTR using a .cia of CN, and access eshop. I was just thinking there must be a way to avoid the NTR step altogether.

 

[cearp]

Honestly didn't know that. I've been using Gateway and Ninjhax (and also RXtools for some stuff) and wasn't able to do anything with PBT that I couldn't already manage...

well yeah pbt is good for installing personal legit cias and pirating gba and dsiware. we could not install perfect backups of our content using gw
which are the same special unique features that pasta cfw has

 

[cearp]

How to make GBA titles to work please?

just install a cia, or run the ones you already have installed from the store.
they simply work in pasta cfw, just like pbt cfw.
they do not work in stuff like gw.

 

[cearp]

How to make GBA titles to work please?

just install a cia, or run the ones you already have installed from the store.
they simply work in pasta cfw, just like pbt cfw.
they do not work in stuff like gw.