CakesFW use (decrypted) firmware.bin from another CFW -> e.g. firmlaunch 9.0

Discussion in '3DS - Tutorials' started by GothicIII, Mar 10, 2016.

  1. GothicIII
    OP

    GothicIII GBAtemp Fan

    Member
    495
    135
    Jan 4, 2015
    Gambia, The
    Hello,

    If you are looking for a way to use firmware.bin with cakesfw which is NOT available on NUS (NintendoUpdateServer) anymore, then this is the right tutorial for you! This guide is most useful for ppl with arm9loaderhax (a9lh) because you can coldboot homebrew with arm11 execution.

    Explanation: Most CFWs don't use the firmware from your 3DS, instead they are loading a "firmware.bin" from sd card and patch it on the fly to make homebrew usage possible on the latest firmware. But there are two different firmware.bin you can get:
    -The official one which hosts NUS [encrypted! First bytes inside the file are garbage]
    -The decrypted one (e.g. AuReiNAND uses this) [First bytes inside the file say "FIRM"]

    CakesFW uses always the former and not all firmware.bin are available for download. e.g. N3DS firmware.bin for 9.0 is missing. This is how we circumvent this issue without recompiling and alter with the sourcecode.

    Pros and Cons:

    +Coldboot homebrew with ARM11 execution (e.g. gateway/hbl); only way to do it otherwise is to use AuReiNAND and holding "L" while booting
    +Plain simple push on/off button and boot homebrew
    - You can't use CakesFW bootmenu anymore (else you have to make changes again)


    Prerequisites:

    -AuReinand CFW installed and running.
    -CakesFW installed and running.
    -the decrypted firmware.bin *
    -Hexeditor of your choice

    *=Legal way: If you can't find a decrypted firmware.bin for the firmware you seek, you can follow this tutorial to dump and decrypt your own from a 3DS:
    http://gbatemp.net/threads/quick-tu...-any-system-titles.396247/page-2#post-6154106
    Thank you @pakrett !
    And instead of creating a d9titles folder you create "Decrypt9" and copy the firm.app in there. Use the option: Game Decrypter Options->NCCH/NCSD Decryptor
    Note: For N3DS the app-folder inside the firmwareimage will be 20000002.
    Method2: You can decrypt and extract the cia of the Downgrade-Pack to retrieve a decrypted copy.
    ** For a decrypted 9.0 N3DS firmware.bin you can use the "firm.7z" pack from AuReiNands github.


    Guide:

    1. copy the firmware.bin to the rei folder (sd0:/rei/) on your sd. Create an empty file there called "usepatchedfw"
    2. Boot Aureinand once or hold "L" while booting to use the firmware90.bin
    3. Configure Cakes so it autoboots cfw and uses the patches/settings you need.
    4. Copy the config.dat to your pc
    5. Now you need to know from which NATIVE_FIRM your firmware.bin is!
    Look up the "3DS hex title contentID" on https://3dbrew.org/wiki/FIRM and remember it.
    Example: For firmware 4.0 it will be "0x1D"
    Note: I didn't find it for New3DS but there exist only 4 versions up today:
    "0x04" stands for 9.0+
    "0x0B" stands for 9.6+
    "0x0F" stands for 10.2+
    "0x1F" stands for 10.4+
    6. Open up the config.dat in a hexeditor and on the right side you'll see a path to the patches you're applying.
    e.g. "/cakes/patches/n3ds-0x1F/emunand.cake"
    Replace the 0x1F with the "3DS hex title contentID" from the firmware.bin you want to use.
    So for N3DS fw9.0 it will be "/cakes/patches/n3ds-0x04/emunand.cake"
    7. Do this for all entries you see in your config.dat

    8. Rename the patched_firmware.bin or patched_firmware90.bin from sd0:/rei/ to "firmware_patched.bin"
    9. Move and replace the firmware_patched.bin from sd0:/rei/ to sd0:/cakes/
    10. CakesFW should work now :)

    For firmware.bin 9.0 user:
    You can now configure the nand you are booting to with menuhax and boot for example gateway directly!

    If it doesn't work for whatever reason (blackscreen) make sure you have all required Slot0xXXKeyXXX.bin files on sd0:/.

    Hope this helps some people.

    EDIT: 18.03.2016: Editing config.dat is not needed :)
     
    Last edited by GothicIII, Mar 18, 2016
  2. leonmagnus99

    leonmagnus99 GBAtemp Addict

    Member
    2,387
    582
    Apr 2, 2013
    Seinegald
    great tutorial!

    i have a somewhat off-topic question , i have recently installed A9LH on my og 3ds, and when i pressed R during boot it would boot me into sysNAND with sig. patch thingie.
    and the L button would boot nothing just blank black screen.

    i would like to know which way i am supposed to configure the menuhax to set L to boot into sysNAND with sig. patched.
    i have managed to set R to boot into my CTR coldboot thingie, but i am stuck and dont know how to set L for sysNAND. could you help me with this please?
    thanks in advance.
     
  3. GothicIII
    OP

    GothicIII GBAtemp Fan

    Member
    495
    135
    Jan 4, 2015
    Gambia, The
    I screwed up. Wrong subforum Im sorry. Hope it will be moved soon.

    @leonmagnus99 :

    1st. You need to edit your boot_config.ini file so for example L will boot Reinand.Don't forget to get the files for Bootctr9, the bootmanager for arm9loaderhax.
    This should look like this:
    [KEY_L]
    path = /a9lh/ReiNand.dat
    screenEnabled = 1
    delay = 200
    offset = 0x12000
    payload = -1

    Then boot into Sysnand and then you need HBL to install menuhax.
     
    Last edited by GothicIII, Mar 10, 2016
  4. thaikhoa

    thaikhoa GBAtemp Maniac

    Member
    1,146
    331
    Sep 16, 2008
    Will cakesfw boot on every firms? Even on 2.1.0 (0x0B)?
     
    Last edited by thaikhoa, Mar 11, 2016
  5. GothicIII
    OP

    GothicIII GBAtemp Fan

    Member
    495
    135
    Jan 4, 2015
    Gambia, The
    @thaikhoa : theoretically yes. But for sigpatches the folder must contain the patch for that specific fw. But I won't test it.

    Edit: this applies to O3DS only. For running 2.1.0 on N3DS you need to modify cakesfw source code and compile it because cakes fw behaves differently on N3DS
     
    Last edited by GothicIII, Mar 10, 2016
  6. Plasma Shadow

    Plasma Shadow GBAtemp's Artificial Lifeform

    Member
    1,551
    383
    May 15, 2009
    I have no fucking idea.
    wrong section lmao
    needs to be in the 3DS tuts section.
     
  7. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    HBL doesn't require 9.0 FIRM, you can even use it on 10.6... Just Gateway and D9/emunand9/whatever cfw do. D9 and cfws now work from A9LH directly, so the only real reason for 9.0 FIRM is gateway (that's why I'm keeping the 9.0 emuNAND currently).
     
  8. GothicIII
    OP

    GothicIII GBAtemp Fan

    Member
    495
    135
    Jan 4, 2015
    Gambia, The
    @Plasma Shadow : I don't know what I should do. I already reported it but nobody cares.

    @Aurora Wright : Yes you're right. But e.g. Fbi cia installation only works on 9.0fw and for me injection doesn't work (the app disappears from home menu). Maybe there is more home brew like gateway or ntr which depends on 9.0 FIRM.
     
    satelman likes this.
  9. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    With A9LH D9, you can now very easily inject FBI to Health and Safety of a 10.6 NAND. From there, you can install the real FBI cia, so you don't need an exploit to do it. Gateway needs a 9.0 NAND because they haven't (yet?) released an A9LH payload. NTR works on 10.6 if you use the 10.2/9.6 FIRM.
    As I said, Gateway is the only real reason for 9.0 FIRM today.
     
    Last edited by Aurora Wright, Mar 10, 2016
    satelman and GothicIII like this.
  10. GBHAKC75

    GBHAKC75 GBAtemp Fan

    Member
    397
    182
    Jan 26, 2008
    France
    Amazing ! It would be nice to see a cake patch to quickly switch between firmwares :)
     
  11. samiam144

    samiam144 RĂ©gulier

    Member
    2,870
    935
    Aug 19, 2007
    Canada
    Oh awesome! This will be really helpful while waiting for GW to support a9lh (if ever)!!
     
  12. ad1gjm

    ad1gjm Member

    Newcomer
    20
    1
    Jan 7, 2016
    Indonesia
    need your help. I'm on AuReiNand A9LH & I really want use GW now. Already put firmware90.bin (from A9LH - n3ds) to rei folder. when boot to AuReiNand A9LH hold "L" button it shows "an error has occured. Hold down the power button to turn off the power. then turn it on and try again. For help, visit support.nintendo.com". what does it means?
     
  13. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    You either have menuhax interfering, or 9.0 emunand is borked.
     
  14. ad1gjm

    ad1gjm Member

    Newcomer
    20
    1
    Jan 7, 2016
    Indonesia
    I use browserhax instead of menuhax when install arm9loaderhax
    9.0 emunand borked? how to fix it?
     
  15. mid-kid

    mid-kid GBAtemp spamBOT

    Member
    879
    962
    Aug 2, 2012
    OBJECTION!
    If you enable autoboot, CakesFW just blindly boots whatever your firmware_patched.bin is (which is a decrypted firmware). No patching is done whatsoever. Editing the config.dat the way you do is exceedingly unnecessary. Keep in mind that replacing firmware_patched.bin is unsupported, though for the time being, as long as the patched_firmware.bin you replace it with is for the same console, you should be fine.
    Also, since the patched firmware isn't touched, any settings you enable in CakesFW (aside from autoboot) will be ignored.
    I really recommend just getting a proper firmware.bin instead. I posted a pack of o3ds firmwares a while back on the CakesFW thread on the iso site, and you can also extract them from update CIAs by using `ctrtool -p --meta=meta firm.cia`.
     
    Last edited by mid-kid, Mar 18, 2016
  16. GothicIII
    OP

    GothicIII GBAtemp Fan

    Member
    495
    135
    Jan 4, 2015
    Gambia, The
    Thank you for your suggestion.
    Yes, about hexediting the config.dat you are completly right. I didnt test this carefully, I posted the tutorial as soon as it worked. I also posted the downside of this (that you cannot use the cakes menu).
    I didn't know that you can extract encrypted files from a cia. You won't find information about this topic easily. I managed only to extract decryted content.
    Also I tried it with ctrtool now and extracted the file. I checked the size and it is ok (994.304 Bytes) but cakesfw doesn't accept it and tells that it failed to decrypt arm9 firm.
     
    Last edited by GothicIII, Mar 18, 2016
  17. mid-kid

    mid-kid GBAtemp spamBOT

    Member
    879
    962
    Aug 2, 2012
    Make sure you have the proper slot0x11key96.bin (if it even gets to that point it means the firmware.bin is probably right).
     
  18. GothicIII
    OP

    GothicIII GBAtemp Fan

    Member
    495
    135
    Jan 4, 2015
    Gambia, The
    @mid-kid I have else fw-files >9.5 wouldnt work

    First 16Bytes of the firmware.bin from 9.0FIRM:

    BA D4 CA 46 51 84 6B A3 30 07 68 04 59 44 F0 7E

    @mid-kid no ideas anymore? I checked all files and its good. CRC32 of slot0x11key96.bin is 595856B6. I checked it with multiple sources.
     
    Last edited by GothicIII, Mar 18, 2016
  19. Skaterdie

    Skaterdie Member

    Newcomer
    26
    4
    Feb 21, 2016
    United States
    Has anyone got 2.1 emunand working?