Hacking Pasta CFW - A CFW that allows unsigned CIA to be installed on Old and New 3DS! (required ninjhax)

Status
Not open for further replies.
shinyquagsire23

shinyquagsire23

SALT/Sm4sh Leak Guy
Member
Level 13
Joined
Nov 18, 2012
Messages
1,977
Trophies
2
Age
26
Location
Las Vegas
XP
3,765
Country
United States
hairyfairy said:
wouldn't it make sense to start implementing features that already have been documented? for someone who's able to read assembly and write C code, implementing features such as region free and bypassing updates shouldn't pose a problem.
Click to expand...
Hah. Even RxTools doesn't even have ARM11 hooking, I doubt this project would be able to get it any time soon. It's probably the most difficult thing to hook actually, considering the lengths you have to go just to get something going at boot. .cia wouldn't work past home menu patches and service patches, so it's value would hardly be useful nor elegant.

Just for the record, it took KARL (now SALT) about a week (10 days after getting newer FIRMs to load, about a month or so from starting kernel hax) to get emuNAND working, vs 3 months for ARM11. Granted, we put it off for a long time because I had been stuck for a while and if we didn't it probably would have only taken a week or two of actual work. Sure we could have cheated and used a .cia, but it's clunky and doesn't work well. In any case, I'd stick to ARM9 before frustrating yourselves over ARM11.
 
  • Like
Reactions: Zidapi and lPolarisl
S

Suiginou

(null)
Member
Level 6
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
Salt:
  1. actual salt
  2. alternative name for the NaCl library (http://nacl.cr.yp.to/)
  3. a very odd way to put someone is angry ("WHY DO I KEEP GETTING NOSCOPED?!" - "Wow, that's some serious salt right there.")
  4. payment processing software (http://salt.com/)
  5. a Swiss phone and Internet provider (http://salt.ch/)
  6. common name for the SaltStack automation software (http://saltstack.com/)
  7. a mythical unicorn of a 3DS CFW (http://salthax.tumblr.com/), formerly known as KARL (http://gbatemp.net/threads/wip-karl...ninjhax-loadcode.382113/page-218#post-5530021)

Anything I missed?
 
  • Like
Reactions: Margen67 and lPolarisl
hairyfairy

hairyfairy

Well-Known Member
Newcomer
Level 1
Joined
Jun 5, 2015
Messages
53
Trophies
0
Age
27
XP
69
Country
United States
shinyquagsire23 said:
Hah. Even RxTools doesn't even have ARM11 hooking, I doubt this project would be able to get it any time soon. It's probably the most difficult thing to hook actually, considering the lengths you have to go just to get something going at boot.
Click to expand...

sorry i couldn't disagree more and say, why do you discourage people? arm11 hooking isn't difficult at all, it just depends on the perspective. i.e. who is it difficult for? "rxtools" isn't something that i'd compare anything with. the main difference between your karl team and the pasta guys is that your team is driven by curiousity and research and the pasta guys are not. this is where the pasta guys need to get at. it's not the motives that matter, in the end it's the ways and the outcome -> slowly shifting a basically nonexisting 3ds scene away from piracy towords a healthy development and 'hacking' scene. getting people to learn something about the handheld, processor architectures and reverse engineering.

.cia wouldn't work past home menu patches and service patches, so it's value would hardly be useful nor elegant.
Click to expand...

wrong. you could implement a hooking mechanism the way that NTR does it, just to name one example. why are you neglecting all the possibilities?

Just for the record, it took KARL (now SALT) about a week (10 days after getting newer FIRMs to load, about a month or so from starting kernel hax) to get emuNAND working, vs 3 months for ARM11. Granted, we put it off for a long time because I had been stuck for a while and if we didn't it probably would have only taken a week or two of actual work. Sure we could have cheated and used a .cia, but it's clunky and doesn't work well. In any case, I'd stick to ARM9 before frustrating yourselves over ARM11.
Click to expand...

i do congratulate you and your team for your personal and technical advancements. still, i couldn't care less in what time you achieved what. all it takes is the will to do it and dedication.
 
  • Like
Reactions: Margen67
D

Deleted-355425

Guest
hairyfairy said:
sorry i couldn't disagree more and say, why do you discourage people? arm11 hooking isn't difficult at all, it just depends on the perspective. i.e. who is it difficult for? "rxtools" isn't something that i'd compare anything with. the main difference between your karl team and the pasta guys is that your team is driven by curiousity and research and the pasta guys are not. this is where the pasta guys need to get at. it's not the motives that matter, in the end it's the ways and the outcome -> slowly shifting a basically nonexisting 3ds scene away from piracy towords a healthy development and 'hacking' scene. getting people to learn something about the handheld, processor architectures and reverse engineering.



wrong. you could implement a hooking mechanism the way that NTR does it, just to name one example. why are you neglecting all the possibilities?



i do congratulate you and your team for your personal and technical advancements. still, i couldn't care less in what time you achieved what. all it takes is the will to do it and dedication.
Click to expand...


It's a free world isn't it?
 
S

Suiginou

(null)
Member
Level 6
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
nop90 said:
SpiderPasta for 4.X is completed and now is in debugging (still crashes somewhere and I have to find where). I'm working alone but now I'm going to ask some help to the other PASTA devs to complete this step.

After this I planned to do the port to 9.X and then to return working on MSET entry point.
Click to expand...
Hype thrusters activate!
 
  • Like
Reactions: Margen67
S

Suiginou

(null)
Member
Level 6
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
zoogie said:
You think he's still working on it with rxtools pasta a thing now? The mset would still be cool, but I'm not sure if even that's enough motivation anymore.
Click to expand...
It's got one major use: bootstrapping 2DS users without Cubic Ninja/Gateway. They can't downgrade to 4.5 for PBT/Palantine and any CIA installation app via browser requires kernel hax to be still intact, which rxPasta butchers.

It'd be the first open source CFW launching via spider, too.
 
  • Like
Reactions: Margen67, A600 and zoogie
nop90

nop90

Well-Known Member
Member
Level 12
Joined
Jan 11, 2014
Messages
1,556
Trophies
0
Location
Rome
XP
3,136
Country
Italy
zoogie said:
You think he's still working on it with rxtools pasta a thing now? The mset would still be cool, but I'm not sure if even that's enough motivation anymore.
Click to expand...

Yes, working on it. Slowly but working.

I had been very busy these days so I missed all the news on rxtools with patched sign check, but if I'm not wrong it's not open source yet.

Since my objective is not pirating games but knowledge, I'm not giving up.

Now a little update:

Gpu mem copy ROP gadget for spider of FW 7.1 doesn't work on a 4.x FW. Maybe it's only a problem of virtual addressing mapping since it doesn't crash, but nothing is copied in FCRAM. I know because I made some dumps after copying specific patterns in memory and did not found them in the dumps.

For the same reason we can't load a code.bin using the loadcode web page on duke site with a 4.X FW.

Now I installed the 4.X spider version, that can load and run with no problems a code.bin arm11 file using the loadcode4 page.

The bad thing is that we miss the IWrite_File rop gadget to dump the memory and search the others needed gadget to complete Spiderpasta.

I wrote a simple code bin that scans the memory to search the first 7 words of the IWrite_File and I found it in memory (I placed a infine loop in code to know if pattern is found).

Now I have to get the found address and I'm using the trick of the open file with write/create flag to create an empty file with the address encoded in the filename.

Yesterday night I stopped working with at this point with the code crashing. In the weekend I'll try to fix it and get a memory dump.

I hope I'm not making big mistakes at this point.
 
Last edited by nop90,
  • Like
Reactions: Sizednochi, beester87, ShinkoNet and 10 others
arcangelnew

arcangelnew

Well-Known Member
Newcomer
Level 1
Joined
Apr 1, 2015
Messages
54
Trophies
0
Age
38
XP
105
Country
Mexico
nop90 said:
Yes, working on it. Slowly but working.

I had been very busy these days so I missed all the news on rxtools with patched sign check, but if I'm not wrong it's not open source yet.

Since my objective is not pirating games but knowledge, I'm not giving up.

Now a little update:

Gpu mem copy ROP gadget for spider of FW 7.1 doesn't work on a 4.x FW. Maybe it's only a problem of virtual addressing mapping since it doesn't crash, but nothing is copied in FCRAM. I know because I made some dumps after copying specific patterns in memory and did not found them in the dumps.

For the same reason we can't load a code.bin using the loadcode web page on duke site with a 4.X FW.

Now I installed the 4.X spider version, that can load and run with no problems a code.bin arm11 file using the loadcode4 page.

The bad thing is that we miss the IWrite_File rop gadget to dump the memory and search the others needed gadget to complete Spiderpasta.

I wrote a simple code bin that scans the memory to search the first 7 words of the IWrite_File and I found it in memory (I placed a infine loop in code to know if pattern is found).

Now I have to get the found address and I'm using the trick of the open file with write/create flag to create an empty file with the address encoded in the filename.

Yesterday night I stopped working with at this point with the code crashing. In the weekend I'll try to fix it and get a memory dump.

I hope I'm not making big mistakes at this point.
Click to expand...


Keep the good work, It doesn't matter if rxtools was released or not, knowledge is the best you will achieve of this project, and also a lot of people will continue your steps using your code in the future, so please keep it open, so anyone can modify and test it by himself.
 
  • Like
Reactions: Margen67
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

So what's the current state of hacking and freeshop?

Homebrew Homebrew game  Flappy Bird for 3DS, but with a dog

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

I will Make you a 3DS custom theme if you don't know how!

Accidentally snapped sd card in half, what to do now?

Hacking Homebrew  3DS System Transfer Questions

General chit-chat
Help Users
  • BigOnYa @ BigOnYa:
    This was one of the craziest movies I've seen about our food industry, lots of stuff I didn't know. A must see. https://youtu.be/OqzjC-ENrl8?si=GYxmdY5nShzGniVi
  • OctoAori20 @ OctoAori20:
    Oh, that dude?
  • SylverReZ @ SylverReZ:
    @The Real Jdbye, https://www.youtube.com/watch?v=XPYgtVHa8NI
     +1
  • OctoAori20 @ OctoAori20:
    I stopped believing or caring about that dude when I found out about some of the more questionable nonsense he did in his life.
  • BigOnYa @ BigOnYa:
    Like what? I didn't know or hear.
  • K3Nv2 @ K3Nv2:
    You mean like every famous person that ever existed
     +1
  • K3Nv2 @ K3Nv2:
    I get so tired of hearing oh I liked him until...
  • OctoAori20 @ OctoAori20:
    I just know dude was a chronic alcoholic and such.
  • BigOnYa @ BigOnYa:
    I've been to his chicken restaurant he started in his 2nd movie, Holy Chicken, was pretty good. It is only 15-20 miles from me in Ohio. It only lasted 1 yr or so then closed tho.
  • OctoAori20 @ OctoAori20:
    There are very few people I just have just an immense dislike of and he's one of those very few people, the only other example is Gene Simmons. My musician uncle on my mother's side of the family actually met Gene once during some event and said he was the most unpleasant person to be around.
  • K3Nv2 @ K3Nv2:
    I met myself once turns out that guy is a giant piece of shit that doesn't deserve any of my respect
  • BigOnYa @ BigOnYa:
    Damn alcoholics! (Sshhh- Opens another beer)
  • OctoAori20 @ OctoAori20:
    Agreed, Ken
  • OctoAori20 @ OctoAori20:
    I can't say I've ever tried even a sip of beer tbh-
  • K3Nv2 @ K3Nv2:
    You met yourself also and is a giant piece of shit?
     +1
  • OctoAori20 @ OctoAori20:
    Then again, I don't think I'd really enjoy it //shrug
  • OctoAori20 @ OctoAori20:
    I'm sure it's an acquired taste :P
  • K3Nv2 @ K3Nv2:
    Poor lad can never enjoy the amazing taste of four loko
     +1
  • BigOnYa @ BigOnYa:
    Root beer is a gateway drink, don't ever try it either.
  • K3Nv2 @ K3Nv2:
    @BigOnYa, don't you love how smooth MD20 is
  • BigOnYa @ BigOnYa:
    Mad dog 20 20? Oh yea fixed the typo. I haven't seen that or had forever. Do they still make it?
  • K3Nv2 @ K3Nv2:
    I think it's why I'm alive
     +1
  • BigOnYa @ BigOnYa:
    What happens if when playing Paper Mario, you start a fire in-game?
  • K3Nv2 @ K3Nv2:
    https://youtu.be/vja8uoOy5XE?si=d2qo7jYK9TiyaOZ2
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    Paper Mario is a drug dealer and he is all about the paper yo lol
    Psionic Roshambo @ Psionic Roshambo: Paper Mario is a drug dealer and he is all about the paper yo lol