Homebrew Is Possible To Make a Serial MAC Spoofer/ Serial Number spoofer on 3DS [Like WII]

[Rinnegatamante]

It is read-only if you not enable shared-mem write privileges in exheader.

 

[zannalabianca]

It is read-only if you not enable shared-mem write privileges in exheader.

I've made an app and can read it out perfectly fine, but i appear to be unable to write it back, is there some form of protection on that area of memory, it should be rw shared shouldn't it?

so you can not do anything , or are studying to be able to do this ?

 

[Immortal_no1]

At the moment it's studying the effects, Rinnegatamante knows far more about this than i do, i'd like to know more about how it all links in, but if going online replaces the MAC in FCRAM then i'm not sure what else could be done. If the MAC is stored in an OTP register in the 3DS's chip then i don't know if it's possible to side load an app to create a wrapper around the function used to get the MAC address and return a spoofed one, but that is beyond my capabilities. I'm sure that someone out there could give an appropriate answer to that and it would most likely be Not possible at least without CFW. I think i read in another thread that the MAC has been proven to not be the identifier that Nintendo check in order to enforce the BAN. If it is the NNID then that is a different kettle of fish.

Rinnegatamante, where in the rsf should the shared memory exheader be changed to allow shared write access? Would that be here:
ReadWrite:
- .data

- RO (change to RW)?
i don't see another flag that looks applicable...

 

[Rinnegatamante]

At the moment it's studying the effects, Rinnegatamante knows far more about this than i do, i'd like to know more about how it all links in, but if going online replaces the MAC in FCRAM then i'm not sure what else could be done. If the MAC is stored in an OTP register in the 3DS's chip then i don't know if it's possible to side load an app to create a wrapper around the function used to get the MAC address and return a spoofed one, but that is beyond my capabilities. I'm sure that someone out there could give an appropriate answer to that and it would most likely be Not possible at least without CFW. I think i read in another thread that the MAC has been proven to not be the identifier that Nintendo check in order to enforce the BAN. If it is the NNID then that is a different kettle of fish.

Rinnegatamante, where in the rsf should the shared memory exheader be changed to allow shared write access? Would that be here:
ReadWrite:
- .data

- RO (change to RW)?
i don't see another flag that looks applicable...

Did you really miss this?

CanWriteSharedPage : false

 

[Immortal_no1]

Thanks, I didn't miss it, it wasn't in my rsf. i've added it now and will give it another go. i've also added the others from this thread.

Thanks for your help

 

[Retr0Capez]

It is very possible, but it would be WAY easier on your router.

 

[zannalabianca]

It is very possible, but it would be WAY easier on your router.

Im are available to help at the scene , spreading my data console , mac and serial

so I thank you the information , really thank you

Now I would like you to tell me what you mean and how to do it on my router to try

I await your instructions , thanks

It is very possible, but it would be WAY easier on your router.

Hey Retr0....

 

[Immortal_no1]

i added the CanWriteSharedPage and set it to true and low and behold.... it gives me an error when i start the app "The Game Card Was Removed"..... any ideas?

 

[Retr0Capez]

Im are available to help at the scene , spreading my data console , mac and serial

so I thank you the information , really thank you

Now I would like you to tell me what you mean and how to do it on my router to try

I await your instructions , thanks



Hey Retr0....

Since I don't know what type of router you have, I recommend going to your router's administration page and looking around there.

 

[zannalabianca]

Since I don't know what type of router you have, I recommend going to your router's administration page and looking around there.

that's fine, but do not understand what I should do , I have to change the router MAC or what?


.. we need to spoof Nintendo ID...

 

[Rinnegatamante]

i added the CanWriteSharedPage and set it to true and low and behold.... it gives me an error when i start the app "The Game Card Was Removed"..... any ideas?

If you builded it as 3DS it's normal.

 

[Immortal_no1]

Ah, so i take it i should build that into a cia in order for it to operate correctly? I have a couple of cia creating apps, but i'm going to have to look at how to do it for a homebrew app, assuming i can convert either the .3ds or .elf into the cia file?

 

[Rinnegatamante]

Only if you build as a CIA you have kernel mode access.

To build a CIA you just need last version of makerom, for example this is my batch file to create 3DSX, CIA and 3DS files for ORGANIZ3D (I use an older version of makerom for 3DS build):

make
arm-none-eabi-strip lpp-3ds.elf
makerom2 -f cci -o ORGANIZ3D.3ds -rsf gw_workaround.rsf -target d -exefslogo -elf lpp-3ds.elf -icon icon.bin -banner banner.bin
makerom -f cia -o ORGANIZ3D.cia -elf lpp-3ds.elf -rsf cia_workaround.rsf -icon icon.bin -banner banner.bin -exefslogo -target t

 

[nastys]

Only if you build as a CIA you have kernel mode access.

But... devMenu and Title Manager have kernel access as .3ds

 

[Immortal_no1]

i get:
[NCCH WARNING] NCCH AES Key could not be loaded, NCCH will not be encrypted
[CIA WARNING] Common Key could not be loaded, CIA will not be encrypted

I assume this is due to changes in your cia_workaround.rsf that i don't have?

 

[Rinnegatamante]

But... devMenu and Title Manager have kernel access as .3ds

I said this only 3435151 times...

SDK tools != Homebrews
Nintendo workaround != Gateway workaround
SDK-builded 3DS != Makerom-builded 3DS

Immortal_no1: Just use my lpp-3ds workaround as skeleton: https://github.com/Rinnegatamante/lpp-3ds/blob/master/cia_workaround.rsf

 

[Immortal_no1]

Thank you for the rsf, CIA now builds, i was missing option:
UseOnSD : true # true if App is to be installed to SD
i had EnableCrypt set to true "# Enables encryption for NCCH and CIA"
i also hasn't commented out - .module_id
I was also missing the following service controls:
- ir:u
- csnd:SND
- am:u
- ns:s
But now it at least is building. I see the differences between your gw_workaround.rs and cia_workaround.rsf and it makes a lot more sense now.
i'll try the file out when i get home, your help has been immeasurable. Thanks!

 

[zannalabianca]

I wanted to thank you on behalf of so many people for the work you are doing all .
With you the scene 3DS will reach a very milestone , if fate wants .
thanks again

 

[Immortal_no1]

Ok the CIA is working, i have another problem which i'm just sorting out now but i think all is good , MAC address is being written successfully and read back so that part is working fine.

 

[zannalabianca]

UP ..
News?..