Hacking Official Corbenik - Another CFW for advanced users (with bytecode patches!)

[chaoskagami]

Blergh.

Is there any built binary to download? I Got R4 (hk & com) failed to load on hourly Luma3DS.

Once it's merged to master, yes.

I already fix the issue of reboot_hook and made a pull request about 5 hours ago, I tested and it works, would be awesome if someone tested as well to be certain

I'm guessing the stack layout changed and the fread handle got moved from the changes. Ugh. Also, check github - I made a comment there for a fixup.

The mov sp line shouldn't be needed, can you test without it? Nothing around there uses stack, and the payload immediately overwrites sp, so removing that shouldn't cause issues.

I'll merge that and @ih8ih8sn0w's commit once you confirm that. won't be able to test stuff right now.

So, I take it some shit severely broke if even Luma is having issues. I'll need to read up on what changed.

 

[The Catboy]

Blergh.



Once it's merged to master, yes.



I'm guessing the stack layout changed and the fread handle got moved from the changes. Ugh. Also, check github - I made a comment there for a fixup.

The mov sp line shouldn't be needed, can you test without it? Nothing around there uses stack, and the payload immediately overwrites sp, so removing that shouldn't cause issues.

I'll merge that and @ih8ih8sn0w's commit once you confirm that. won't be able to test stuff right now.

So, I take it some shit severely broke if even Luma is having issues. I'll need to read up on what changed.

I will give the reboot patch a quick test

 

[Gray_Jack]

I'm guessing the stack layout changed and the fread handle got moved from the changes. Ugh. Also, check github - I made a comment there for a fixup.

I will give the reboot patch a quick test

Ok, here is the corbenik with the suggestion that @chaoskagami did on github
https://up1.secretalgorithm.com/#kCM8INQoOrk7u1H4gE3hkw

Can you test if it works the same as the last one that I posted? I was almost sleeping when I received the e-mail notification, so I'll try when I wake up

 

[The Catboy]

Ok, here is the corbenik with the suggestion that @chaoskagami did on github
https://up1.secretalgorithm.com/#kCM8INQoOrk7u1H4gE3hkw

Can you test if it works the same as the last one that I posted? I was almost sleeping when I received the e-mail notification, so I'll try when I wake up

For some reason I can't get it things to work for me. So I am still working on it.
I think I just need to do a straight clean install.

 

[Gray_Jack]

For some reason I can't get it things to work for me. So I am still working on it.
I think I just need to do a straight clean install.

With none builds?

 

[The Catboy]

With none builds?

Just freezes with a black screen on my old3DS. I've tried both your builds and the latest nightly with the updated files.
Let me post my code

Spoiler: Log

Cache: Signature Fix
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: FIRM Protection
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Title Downgrade Fix (11.0+ NFIRM)
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Region Free HOME (Loader)
  Version: 10
  cache: 0004003000008F02
  cache: 0004003000008202
  cache: 0004003000009802
  cache: 000400300000A102
  cache: 000400300000A902
  cache: 000400300000B102
            Cache: Block Cart Update / Cart RF (Loader)
  Version: 10
  cache: 0004013000008002
            Cache: Block eShop Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: Block NIM Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: RO Signature Fix (Loader)
  Version: 10
  cache: 0004013000003702
            Cache: Fake Friends Version (Loader)
  Version: 10
  cache: 0004013000003202
            Cache: Download Play Region Fix (Loader)
  Version: 10
  cache: 0004013000002802
            Cache: Settings Version String (Loader)
  Version: 10
  cache: 0004001000021000
  cache: 0004001000020000
  cache: 0004001000022000
  cache: 0004001000026000
  cache: 0004001000027000
  cache: 0004001000028000
            Cache: SecureInfo_A Signature Fix (Loader)
  Version: 10
  cache: 0004013000001702
            Cache: TWL Patches (1/2 - new3ds)
  Version: 10
  cache: 0004013820000102
            Cache: TWL Patches (2/2 - o3ds)
  Version: 10
  cache: 0004013800000102
            Cache: AGB Signature Fix
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: AGB Bootscreen
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: FIRM Protection (2.x)
  Version: 1
  cache: 0004013800000002
  cache: 0004013800000003
  cache: 0004013820000003
            Cache: Remove Outlines - Pokemon S/M (Loader)
  Version: 1
  cache: 0004000000164800
  cache: 0004000000175E00
            Cache: Disable SVC Permission Checks
  Version: 1
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Signature Fix
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: FIRM Protection
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Title Downgrade Fix (11.0+ NFIRM)
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Region Free HOME (Loader)
  Version: 10
  cache: 0004003000008F02
  cache: 0004003000008202
  cache: 0004003000009802
  cache: 000400300000A102
  cache: 000400300000A902
  cache: 000400300000B102
            Cache: Block Cart Update / Cart RF (Loader)
  Version: 10
  cache: 0004013000008002
            Cache: Block eShop Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: Block NIM Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: RO Signature Fix (Loader)
  Version: 10
  cache: 0004013000003702
            Cache: Fake Friends Version (Loader)
  Version: 10
  cache: 0004013000003202
            Cache: Download Play Region Fix (Loader)
  Version: 10
  cache: 0004013000002802
            Cache: Settings Version String (Loader)
  Version: 10
  cache: 0004001000021000
  cache: 0004001000020000
  cache: 0004001000022000
  cache: 0004001000026000
  cache: 0004001000027000
  cache: 0004001000028000
            Cache: SecureInfo_A Signature Fix (Loader)
  Version: 10
  cache: 0004013000001702
            Cache: TWL Patches (1/2 - new3ds)
  Version: 10
  cache: 0004013820000102
            Cache: TWL Patches (2/2 - o3ds)
  Version: 10
  cache: 0004013800000102
            Cache: AGB Signature Fix
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: AGB Bootscreen
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: FIRM Protection (2.x)
  Version: 1
  cache: 0004013800000002
  cache: 0004013800000003
  cache: 0004013820000003
            Cache: Remove Outlines - Pokemon S/M (Loader)
  Version: 1
  cache: 0004000000164800
  cache: 0004000000175E00
            Cache: Disable SVC Permission Checks
  Version: 1
  cache: 0004013800000002
  cache: 0004013820000002
            TWL Patches (2/2 - o3ds)
AGB Signature Fix
AGB Bootscreen
Signature Fix
FIRM Protection
Title Downgrade Fix (11.0+ NFIRM)
FIRM Protection (2.x)
Disable SVC Permission Checks
reboot: proc9 mem @ 08028000
reboot: proc9 off @ 24152a10
            reboot: firmlaunch @ 241af568
reboot: fopen @ 08059e35
            svc: 0x7B (backdoor) missing.
Svc: backdoor is 64 bytes
Svc: Read code to 24137e38
svc: Injected 0x7B.
Module: Grow 11 units
Module: injected /corbenik/lib/module/native/loader.cxi

Spoiler: Loader

Title: 0004013000008002
  validated params
  patched cpu
  patch: /corbenik/var/cache/loader/0004013000008002
  exec
Block Cart Update / Cart RF (Loader)
Created process
Title: 0004013000002202
  validated params
Created process
Title: 0004013000001702
  validated params
  patch: /corbenik/var/cache/loader/0004013000001702
  exec
SecureInfo_A Signature Fix (Loader)
Created process
Title: 0004013000001B02
  validated params
Created process
Title: 0004013000001E02
  validated params
Created process
Title: 0004013000001F02
  validated params
Created process
Title: 0004013000002102
  validated params
Created process
Title: 0004013000002302
  validated params
Created process
Title: 0004013000003102
  validated params
Created process
Title: 0004013000001502
  validated params
Created process

 

[Gray_Jack]

Just freezes with a black screen on my old3DS. I've tried both your builds and the latest nightly with the updated files.
Let me post my code

Spoiler: Log

Cache: Signature Fix
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: FIRM Protection
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Title Downgrade Fix (11.0+ NFIRM)
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Region Free HOME (Loader)
  Version: 10
  cache: 0004003000008F02
  cache: 0004003000008202
  cache: 0004003000009802
  cache: 000400300000A102
  cache: 000400300000A902
  cache: 000400300000B102
            Cache: Block Cart Update / Cart RF (Loader)
  Version: 10
  cache: 0004013000008002
            Cache: Block eShop Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: Block NIM Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: RO Signature Fix (Loader)
  Version: 10
  cache: 0004013000003702
            Cache: Fake Friends Version (Loader)
  Version: 10
  cache: 0004013000003202
            Cache: Download Play Region Fix (Loader)
  Version: 10
  cache: 0004013000002802
            Cache: Settings Version String (Loader)
  Version: 10
  cache: 0004001000021000
  cache: 0004001000020000
  cache: 0004001000022000
  cache: 0004001000026000
  cache: 0004001000027000
  cache: 0004001000028000
            Cache: SecureInfo_A Signature Fix (Loader)
  Version: 10
  cache: 0004013000001702
            Cache: TWL Patches (1/2 - new3ds)
  Version: 10
  cache: 0004013820000102
            Cache: TWL Patches (2/2 - o3ds)
  Version: 10
  cache: 0004013800000102
            Cache: AGB Signature Fix
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: AGB Bootscreen
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: FIRM Protection (2.x)
  Version: 1
  cache: 0004013800000002
  cache: 0004013800000003
  cache: 0004013820000003
            Cache: Remove Outlines - Pokemon S/M (Loader)
  Version: 1
  cache: 0004000000164800
  cache: 0004000000175E00
            Cache: Disable SVC Permission Checks
  Version: 1
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Signature Fix
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: FIRM Protection
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Title Downgrade Fix (11.0+ NFIRM)
  Version: 10
  cache: 0004013800000002
  cache: 0004013820000002
            Cache: Region Free HOME (Loader)
  Version: 10
  cache: 0004003000008F02
  cache: 0004003000008202
  cache: 0004003000009802
  cache: 000400300000A102
  cache: 000400300000A902
  cache: 000400300000B102
            Cache: Block Cart Update / Cart RF (Loader)
  Version: 10
  cache: 0004013000008002
            Cache: Block eShop Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: Block NIM Updates (Loader)
  Version: 10
  cache: 0004013000002C02
            Cache: RO Signature Fix (Loader)
  Version: 10
  cache: 0004013000003702
            Cache: Fake Friends Version (Loader)
  Version: 10
  cache: 0004013000003202
            Cache: Download Play Region Fix (Loader)
  Version: 10
  cache: 0004013000002802
            Cache: Settings Version String (Loader)
  Version: 10
  cache: 0004001000021000
  cache: 0004001000020000
  cache: 0004001000022000
  cache: 0004001000026000
  cache: 0004001000027000
  cache: 0004001000028000
            Cache: SecureInfo_A Signature Fix (Loader)
  Version: 10
  cache: 0004013000001702
            Cache: TWL Patches (1/2 - new3ds)
  Version: 10
  cache: 0004013820000102
            Cache: TWL Patches (2/2 - o3ds)
  Version: 10
  cache: 0004013800000102
            Cache: AGB Signature Fix
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: AGB Bootscreen
  Version: 10
  cache: 0004013800000202
  cache: 0004013820000202
            Cache: FIRM Protection (2.x)
  Version: 1
  cache: 0004013800000002
  cache: 0004013800000003
  cache: 0004013820000003
            Cache: Remove Outlines - Pokemon S/M (Loader)
  Version: 1
  cache: 0004000000164800
  cache: 0004000000175E00
            Cache: Disable SVC Permission Checks
  Version: 1
  cache: 0004013800000002
  cache: 0004013820000002
            TWL Patches (2/2 - o3ds)
AGB Signature Fix
AGB Bootscreen
Signature Fix
FIRM Protection
Title Downgrade Fix (11.0+ NFIRM)
FIRM Protection (2.x)
Disable SVC Permission Checks
reboot: proc9 mem @ 08028000
reboot: proc9 off @ 24152a10
            reboot: firmlaunch @ 241af568
reboot: fopen @ 08059e35
            svc: 0x7B (backdoor) missing.
Svc: backdoor is 64 bytes
Svc: Read code to 24137e38
svc: Injected 0x7B.
Module: Grow 11 units
Module: injected /corbenik/lib/module/native/loader.cxi

Spoiler: Loader

Title: 0004013000008002
  validated params
  patched cpu
  patch: /corbenik/var/cache/loader/0004013000008002
  exec
Block Cart Update / Cart RF (Loader)
Created process
Title: 0004013000002202
  validated params
Created process
Title: 0004013000001702
  validated params
  patch: /corbenik/var/cache/loader/0004013000001702
  exec
SecureInfo_A Signature Fix (Loader)
Created process
Title: 0004013000001B02
  validated params
Created process
Title: 0004013000001E02
  validated params
Created process
Title: 0004013000001F02
  validated params
Created process
Title: 0004013000002102
  validated params
Created process
Title: 0004013000002302
  validated params
Created process
Title: 0004013000003102
  validated params
Created process
Title: 0004013000001502
  validated params
Created process

Are you using the 11.4 FIRM? ( cause with my first try I loaded the 11.4 emuNAND with a 11.2 FIRM and things got messy, every title I tried to load or gets on a black screen or the system froze after I click on "open"

I just tested the recent build with a GBA game and it worked (for me I felt like it take longer to load the game... but it can easily be my sleepy state)
I don't tested the DS/DSi cause, as people know now, for some weird reason the TWL firm load and patch is not working for me

 

[The Catboy]

Are you using the 11.4 FIRM? ( cause with my first try I loaded the 11.4 emuNAND with a 11.2 FIRM and things got messy, every title I tried to load or gets on a black screen or the system froze after I click on "open"

I just tested the recent build with a GBA game and it worked (for me I felt like it take longer to load the game... but it can easily be my sleepy state)
I don't tested the DS/DSi cause, as people know now, for some weird reason the TWL firm load and patch is not working for me

OK, so it looks like an old cache file kept finding it's way into my files.
Old3DS tested (new3DS test coming soon)
Testing with the second one posted.
HMM Game: Super Mario Mario Marker 3DS: Works
GBA: FF1&2: Works
DSi: TWL Slot-1 Launcher with DSONEi: Works

 

[Gray_Jack]

OK, so it looks like an old cache file kept finding it's way into my files.
Old3DS tested (new3DS test coming soon)
Testing with the second one posted.
HMM Game: Super Mario Mario Marker 3DS: Works
GBA: FF1&2: Works
DSi: TWL Slot-1 Launcher with DSONEi: Works

If saves your time, try only the last build, if the last one works, then the first one works as well
if the last build don't work, then test the first one.
At least I think it will save you some time

 

[The Catboy]

If saves your time, try only the last build, if the last one works, then the first one works as well
if the last build don't work, then test the first one.
At least I think it will save you some time

Both tests are being done with the second build
New3DS tests, using the second file as well
EMM: Not needed for New3DS, but tested anyways: Monster Hunter Gen: Working
GBA: FF1&2: Working
DSi: DSTT launcher: Works

 

[Gray_Jack]

Both tests are being done with the second build
New3DS tests, using the second file as well
EMM: Not needed for New3DS, but tested anyways: Monster Hunter Gen: Working
GBA: FF1&2: Working
DSi: DSTT launcher: Works

Thank you for testing!! :3

 

[ih8ih8sn0w]

If saves your time, try only the last build, if the last one works, then the first one works as well
if the last build don't work, then test the first one.
At least I think it will save you some time

Both of the mentioned builds are working on my n3ds when launching ctraging

 

[chaoskagami]

My battery is dead, so I have to wait for it to charge up, but good to see this resolves the issue (hopefully.)

Merged, so Jenkins will build sometime within the next hour.

Both of the mentioned builds are working on my n3ds when launching ctraging

I accidentally fixed ctraging at some point?

 

[JerryShaw]

It is weird that the reboot patch works on corbenik when even booting from CtrBootManager9, but only works on Luma when booted without any boot manager.

--------------------- MERGED ---------------------------

My battery is dead, so I have to wait for it to charge up, but good to see this resolves the issue (hopefully.)

Merged, so Jenkins will build sometime within the next hour.



I accidentally fixed ctraging at some point?

Seems like we can get the latest binary later, wow...

 

[The Catboy]

It is weird that the reboot patch works on corbenik when even booting from CtrBootManager9, but only works on Luma when booted without any boot manager.

This actually isn't shocking.
Corbenik's patches are not part of the launcher. So you can rename the launcher literally anything, so even "fart.bin," and the patches will work.
Luma3DS tethers all of the patches the "arm9loaderhax.bin" so it's cleaner, but it's broken with custom paths. You actually need to enable the custom paths in the settings for the patches to work.

 

[ih8ih8sn0w]

My battery is dead, so I have to wait for it to charge up, but good to see this resolves the issue (hopefully.)

Merged, so Jenkins will build sometime within the next hour.



I accidentally fixed ctraging at some point?

Ctraging acts similarly to emm titles on o3ds fsr, so firmlaunch hook is needed to launch.

 

[JerryShaw]

This actually isn't shocking.
Corbenik's patches are not part of the launcher. So you can rename the launcher literally anything, so even "fart.bin," and the patches will work.
Luma3DS tethers all of the patches the "arm9loaderhax.bin" so it's cleaner, but it's broken with custom paths. You actually need to enable the custom paths in the settings for the patches to work.

OK, I think I got what you meant. Actually, I preferred CakesFW and Corbenik, which could be fully functional when managed under a boot manager.

 

[The Catboy]

OK, I think I got what you meant. Actually, I preferred CakesFW and Corbenik, which could be fully functional when managed under a boot manager.

An interesting note, Corbenik's patching function was actually inspired off of CakesFW. So they function similarly in that aspect.

 

[chaoskagami]

Ctraging acts similarly to emm titles on o3ds fsr, so firmlaunch hook is needed to launch.

The reason I ask is because pre-firmlaunch-refactor, it was broken. You would only boot to a black screen.

This actually isn't shocking.
Corbenik's patches are not part of the launcher. So you can rename the launcher literally anything, so even "fart.bin," and the patches will work.
Luma3DS tethers all of the patches the "arm9loaderhax.bin" so it's cleaner, but it's broken with custom paths. You actually need to enable the custom paths in the settings for the patches to work.

It works basically the same as Luma now, but appends the payload path to the hook, and there's a copy of the payload in /corbenik rather than required at the sd root.

 

[The Catboy]

It works basically the same as Luma now, but appends the payload path to the hook, and there's a copy of the payload in /corbenik rather than required at the sd root.

Well, that's kind of the nature of all CFWs, just saying.
But what I mean is, Luma3DS crams everything into the launcher. All of the payloads are completely part of the actual launcher, expect for the settings file.