Hacking Official [Release] CakesFW

mid-kid

GBAtemp spamBOT
OP
Member
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
Disclaimer: This OP is pretty old now and needs some cleaning. Most info still does it's job, however. Just make sure to look at the nightlies and the additional information for them.

untitled_drawing_by_loenabelle-d8ybmrs.png

cakes-png.37267

Credits: @mashers

Um4vTS0.png

Credits: @subcon959

c52cb984eac54b60bc9729c18dfcbcbe.png

This is a CFW solution me and @b1l1s have been working on for a while.

For users:

Features right now:
  • SPIDER 4.x-9.2, MSET 4.x and 6.x and Ninjhax 1/2 (up to firmware 9.2) support for old 3ds/xl/2ds.
  • MSET 4.x and Ninjhax 1/2 (up to firmware 9.2) support for new 3ds/xl.
  • Options to boot to sysNAND and emuNAND up to 10.7.
  • Emunand supports redNAND and GW emuNANDs.
  • Sig patches
  • Patches are contained in "cakes". The .cake format is a simple format that bundles FIRM patches, and tells the patcher what those patches need to work.
  • Autoboot.
  • Supports multiple NATIVE_FIRM versions (see this for an explanation).

How to install:
Just copy all the files to the root of your SD card, and launch it with either spider, MSET or Ninjhax.
Files and stuff are on the bottom of the post.
Copy the firmware.bin linked at the bottom of the post to the cakes directory. Do the same with cetk.
If you have an old 3ds with a firmware lower than 7.0, and you plan to use a emuNAND version 7.0 or higher, you need to get a file named slot0x25keyX.bin from the internet, and place it on the root of your SD card, and make sure you enable the "Load 7.x NCCH crypto key" patches.
If you have a new 3ds with a firmware lower than 9.6, and you plan to use a emuNAND version 9.6 or higher, you need to get a file named slot0x11key96.bin from the internet, and place it on the root of your SD card.

For MSET on 4.x or 6.x, I've modified zoogie's ROP installer to work with this. There's even a code.bin to install the rop via spider in the downloads page.
For MSET on newer firmwares, first downgrade the MSET app to the 4.x or 6.x version (there's tutorials on this site for doing that), then use the CakesROP.nds or code.bin on the downloads page to install the correct ROP.
For spider, see the bottom of the post for a launcher page.
NOTE: The code.bin installs the correct ROP based on your firmware version. If you're on firmware 6.x or higher, the ROP for MSET 6.x will be installed.
NOTE: Never rename the Cakes.dat. The arm9 payload is located there and the code expects it to be named like that.

How to use:

In the "Select patches" menu, you select the features you want/may not want to enable.
In the "More options..." menu, there's two submenus:
  • Toggleable options. This menu contains two options:
    • Autoboot: This will skip the menu when cakes starts, and automatically load the CFW (way faster than usual). Hold the "L" button while booting to enter the menu.
    • Force saving patched firmware: This option is mainly used for debugging, but may also be needed if there's a problem with autobooting/the reboot patches. Cakes tries everything possible to not to have to write firmware_patched.bin, but it may not always be right. This option forces cakes to do it (this option isn't saved in the config file).
  • Select emuNAND. This menu allows selecting which emuNAND will be booted if you enable the emuNAND patches, if you have more than one emuNAND available.
In the "Version info" menu, you can check your CakesFW and firmware versions.
Once done, you select "Boot CFW", and the options you've selected will be saved and the CFW will boot.

For developers:

Contributions are welcome on my github: https://github.com/mid-kid/CakesForeveryWan
Just don't be scared if I end up rewriting/restructuring your code as I see fit.
You may happily fork the project if you don't agree with something. I just ask you to rename it, give credits, publish source, and actually add/change something useful (a.k.a. don't be a smartass).

FAQ:

Q: Why should I use this?
A: If you ask yourself that question, this is probably not for you. Other projects already provide a lot of stuff this provides.

Q: Can I eat it?
A: Stop being so funny.

Q: Is it possible to boot on sysNAND mode without using another SD card that doesn't have emuNAND set-up?
A: Yes.

Q: what does [reboot patches] mean? It won't restart after closing smash? Or will GBA and smash work together (since the patched rxtools gives you one or the other)
A: The reboot patches are required to start smash. The console actually performs a reboot when starting it, and clears the patched firmware if these patches are not present.

Q: Smash/Monster Hunter don't work on my old 3ds!
A: Enable the reboot patches.

Q: Are these patches or "cakes" analogous to NTR CFW plugins?
A: No. NTR plugins are ARM11 userland code, cakes are FIRM patches.

Q: I want to update/downgrade my console. Can I disable firmlaunch?
A: No. This, however, isn't a problem anymore with recent versions of sysUpdater. Cakes doesn't block writing NATIVE_FIRM like Gateway does, so you're fine.

Q: Does cakes support ds carts in emunand?
A: Apparently they do on n3ds. They don't on my o3ds, but you may try. In any case disable the reboot patches for that to wok, as the current ones are sure to block it.

Q: Cakes tells me about an error on the bottom screen and I don't know what it's about because it's not about something I was specifically trying to get to work. Am I going crazy? Have I confirmed illuminati? How do I fix this error because I can't use Cakes with an error?
A: If Cakes doesn't shove that error up your face on the top screen and the error that shows on the bottom screen has nothing to do with what you were trying to do (or you don't know what it means) you can safely ignore it (and you should).
Q: But it looks really important...
A: NO.

Q: Halp, I forgot how to enter the menu after configuring autoboot.
A: Hold "L" and get your alzheimer checked.

Q: Just updated my n3ds emuNAND from 9.5 to [anything higher than 9.6], but I'm getting a black screen, what do?
A: Get the latest firmware.bin from the downloads section. Don't forget to select the patches again after swapping the firmware.bin.

Q: I am getting yelled at about "Failed to decrypt the CETK Please make sure the CETK is right." even though I have the correct one. I am using arm9loaderhax to load CakesFW.
A: CakesFW doesn't support decrypting the CETK from an arm9loaderhax environment as of right now. Either boot CakesFW once without arm9loaderhax or get a firmkey.bin for your console from the internet.

Qr code for spider:
cakesqr.png

http://dukesrg.no-ip.org/3ds/cakes?Cakes.dat
(Thanks to @duke_srg)

To load the code.bin, use this:
codeqr.png

http://dukesrg.no-ip.org/3ds/cakes?code.bin

Downloads (Yes, I am a link. Click me.)
Nightlies (Not recommended, check logs to see what changed. Don't ask questions about these. Only report bugs if something's not working.)
Report bugs on GitHub.
(Releases are numbered by commit number. Changelogs can be found on the github.)

Editor's note: The firmware files linked here are for native_firm v11.4; currently, these work fine without causing issues on firmwares 11.8 and 11.12, as long as none of the games or apps you use require a higher firmware version. This may change in the future if newer firmwares are released; old enough native_firm versions will not boot on high enough firmwares, and there is a risk of firm0/firm1 being overwritten if you boot an older native_firm on a newer firmware with the firmprot patch off.
firmware.bin and cetk download urls
Rename the numbered file to firmware.bin yourself after download.

Editor's note 2: If you need older firmware versions, here are several ways in which you can obtain them. Note that the cetk is the same for all firmware versions.
  1. Find the firmware version you need in this file;
  2. Replace the last two digits of the firmware.bin url from the download urls above, with the two-digits version number from ".version".

This will download the firmware version you need, instead of the 11.4 firm. Note: older firmware versions may not be available on NUS anymore. If that is the case, you will have to obtain them another way.
If your 3DS is on a lower firmware version, you can extract native_firm from nand, instead of downloading from NUS.

  1. Boot into GodMode9;
  2. Navigate to 1:title/00040138/00000002/content if O3DS, or 1:title/00040138/20000002/content if N3DS;
  3. Press A on 000000XX.app, where XX depends on the native_firm version you have;
  4. Select "NCCH image options...", then "Mount image to drive", and press A to enter the path;
  5. Navigate to G:/exefs, and copy the .firm file to your SD card. It may be necessary to decrypt it, if it is a N3DS firm (O3DS firms are fully decrypted already by this point, and can be copied as-is);
  6. Move this file to the cakes folder at the root of your SD card, and rename it to firmware.bin as usual.

Note that if you obtain the firmware files in this way, you will not need the cetk.
If the firmware version you need is not available on NUS, and your 3DS is not on the right firmware version, you can extract native_firm from a Gamecard which has the firmware update you need.

  1. Go to http://3dsdb.com/
  2. Enter the firmware version you need in the search bar at the top-right (for example, 9.6.0);
  3. Obtain one of the games which contains the firmware version you need. Both genuine cartridges and roms work, as long as the rom is a direct dump from gamecard and doesn't have the update partition scrubbed out;
  4. Mount the .3ds in GodMode9. Inside will be update_n3ds and update_o3ds folders;
  5. Enter the romfs folder within the update partition's folder, and find 0004013800000002.cia for O3DS, or 0004013820000002.cia for N3DS. Copy it to your SD card;
  6. Mount this CIA in GM9, and navigate to G:/0000.000000XX/exefs, where XX depends on the version of native_firm included within the gamecard;
  7. Copy the .firm file to the cakes folder, and rename it to firmware.bin as usual. It may be necessary to decrypt it as well, if it is a N3DS firm(O3DS firms are fully decrypted already by this point, and can be copied as-is).

Note that if you obtain the firmware files in this way, you will not need the cetk.
Always keep the firmprot patch enabled if booting older native_firm versions on newer firmware versions, unless you know what you are doing and/or have a way to recover from overwritten firm0/firm1 (such as ntrboot.)


MD5 checksums for keys:
slot0x25keyX.bin: 817fd1bffba60f79cf8cdf19caf28923
slot0x11key96.bin: af6dd85a583dbe1471661d2f3b90df15

Current nightly additional information:

Join us at #Cakey on freenode. webchat link
 
Last edited by ,

Suiginou

(null)
Member
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
Huh?
I just thought some people might think this has something to do with pasta.
My bad, I misread that as "We won't share code" and managed to overlook the link to the github repo.

Disregard my earlier post, please allow me to applaud your work.

Edit: lol responses to edited responses to edited posts
 
  • Like
Reactions: mid-kid

Madridi

Card Collector
Member
Joined
May 9, 2008
Messages
3,562
Trophies
2
Age
38
Location
Doha
XP
3,071
Country
Qatar
Thanks for this, but I am confused, what's the difference between this and the patched rxTools as of now? Are they the same?
 

sarkwalvein

There's hope for a Xenosaga port.
Member
Joined
Jun 29, 2007
Messages
8,505
Trophies
2
Age
41
Location
Niedersachsen
XP
11,199
Country
Germany
Nice, specially the MSET on 9.2 if it happens.

--------------------- MERGED ---------------------------

Thanks for this, but I am confused, what's the difference between this and the patched rxTools as of now? Are they the same?
Cakes, I suppose. Customization and additional features.
 

mid-kid

GBAtemp spamBOT
OP
Member
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
Thanks for this, but I am confused, what's the difference between this and the patched rxTools as of now? Are they the same?

The patches are reversed from rxTools, and some parts of the code are rewritten from rxTools's open source stuff (most notably the kernel hacks).
Right now they're not much different feature-wise, so this may not be for you.
 
  • Like
Reactions: Madridi

nolimits59

Well-Known Member
Member
Joined
Apr 25, 2008
Messages
701
Trophies
1
XP
2,064
Country
France
can't wait for the CIA over network for this, i know some friends who don't own Ninja or GW that gonna be happy, keep up the good work :)
 

Madridi

Card Collector
Member
Joined
May 9, 2008
Messages
3,562
Trophies
2
Age
38
Location
Doha
XP
3,071
Country
Qatar
The patches are reversed from rxTools, and some parts of the code are rewritten from rxTools's open source stuff (most notably the kernel hacks).
Right now they're not much different feature-wise, so this may not be for you.
Thanks, I'll keep an eye on this. Looks great :)

--------------------- MERGED ---------------------------

I am guessing that you may be able to activate on the fly things like AGB support, or TWL support, or SSB4 support, or cheats, or... I don't know... things.
Huh? I don't think you can do that, not right now at least..

Can it?

--------------------- MERGED ---------------------------

Options to boot to sysNAND (for GBA/DSi) and emuNAND which already stated in 1st post
I don't get it, I can already access my GBA/DSi on my sysnand, and boot to emunand via rxtools
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Did you pee in the water