Hacking [Release] 0-key movable.sed 『No more CIA installation!!!』

[Quantumcat]

Then you aren't contributing much to achieve a more educated 3DS section.

I like seeing these one-sided arguments, makes me feel I did the right thing when I clicked ignore on whoever it is.

 

[tony_2018]

I like seeing these one-sided arguments, makes me feel I did the right thing when I clicked ignore on whoever it is.

Likes...I've been ignoring alot of posts/threads lately.

On topic: its a 50/50 chance of bricking if you know what this can be used for and what can happen if you fuck up. Use at your own risk and stop asking if its safe or not. Nothing is guaranteed.

 

[Billy Acuña]

Stop feeding the troll, pls.

 

[Maq47]

I just tried 'injecting' this by copying the file as-is with FBI to CTRNAND. Instant brick. I'm guessing that it was encrypted and that it should not be just 'copied', right? Sucks to be me, considering that I happened to 'forget' to make a NAND backup with Gateway BEFORE choosing 'Format emuNAND'.

Edit: Safe Mode also won't work, so a System Update is out of the question, too.

 

[Olmectron]

I just tried 'injecting' this by copying the file as-is with FBI to CTRNAND. Instant brick. I'm guessing that it was encrypted and that it should not be just 'copied', right? Sucks to be me, considering that I happened to 'forget' to make a NAND backup with Gateway BEFORE choosing 'Format emuNAND'.

Edit: Safe Mode also won't work, so a System Update is out of the question, too.

What CFW do you have?

Did you brick EmuNAND or SysNAND?

 

[Maq47]

What CFW do you have?

Did you brick EmuNAND or SysNAND?

I was using Gateway sysNAND mode. I bricked sysNAND.

 

[ihaveahax]

I was using Gateway sysNAND mode. I bricked sysNAND.

you need a hardmod to restore your sysnand now.

in the future, if you modify movable.sed (bad idea!), you need to do it within Decrypt9WIP and use "Autofix CTRNAND".

 

[Maq47]

you need a hardmod to restore your sysnand now.

in the future, if you modify movable.sed (bad idea!), you need to do it within Decrypt9WIP and use "Autofix CTRNAND".

I got another 2DS, and the latest release of D9WIP doesn't seem to have an 'Autofix CTRNAND' option. Not only that, but there is no option to 'explore' NAND or emuNAND in order to delete the contents of the '/data/' folder as outlined in the guide here. Am I missing something? Also, the movable.sed file in the OP is only 288 bytes, but when I backup my emuNAND's copy, it's 320 bytes. Is that normal? I didn't install anything on emuNAND prior to backing up my emuNAND's movable.sed, either.

 

[ihaveahax]

I got another 2DS, and the latest release of D9WIP doesn't seem to have an 'Autofix CTRNAND' option. Not only that, but there is no option to 'explore' NAND or emuNAND in order to delete the contents of the '/data/' folder as outlined in the guide here. Am I missing something? Also, the movable.sed file in the OP is only 288 bytes, but when I backup my emuNAND's copy, it's 320 bytes. Is that normal? I didn't install anything on emuNAND prior to backing up my emuNAND's movable.sed, either.

Decrypt9WIP -> "SysNAND/EmuNAND Options" -> "CTRNAND transfer..." -> "Autofix CTRNAND"

GodMode9 -> SYSNAND/EMUNAND CTRNAND

also, if you are trying to explore the contents of one emunand intended for a different system, it won't work. NAND contents are encrypted per-console.

 

[Maq47]

Decrypt9WIP -> "SysNAND/EmuNAND Options" -> "CTRNAND transfer..." -> "Autofix CTRNAND"

GodMode9 -> SYSNAND/EMUNAND CTRNAND

I didn't think to look in the "CTRNAND transfer..." section. Thanks! I guess D9WIP doesn't have the option to explore emuNAND, only GodMode9, right?

also, if you are trying to explore the contents of one emunand intended for a different system, it won't work. NAND contents are encrypted per-console.

I already installed a fresh Gateway emuNAND on this new 2DS, so it's fine.

 

[ihaveahax]

I didn't think to look in the "CTRNAND transfer..." section. Thanks! I guess D9WIP doesn't have the option to explore emuNAND, only GodMode9, right?

only GodMode9(arm9 payload) and FBI(as CIA) can explore NAND contents.

also random tip: I would suggest using EmuNAND9 for formatting SD cards instead of Gateway's crap-ish formatter.

 

[Maq47]

only GodMode9(arm9 payload) and FBI(as CIA) can explore NAND contents.

also random tip: I would suggest using EmuNAND9 for formatting SD cards instead of Gateway's crap-ish formatter.

Thanks for the tip. I will keep that in mind. Also, any idea on why the movable.sed files' sizes don't match up? Would that be a problem in this case? Also, when I tried deleting the contents of the /data/ folder in FBI on the previously bricked system, a few folders gave an 'access denied' error. I was using rxTools' Pasta Mode, which I assume didn't give all needed permissions. Would doing this in Gateway Mode on emuNAND present any error in this case?

Edit: I was using the latest FBI in .cia format. Just FYI.

 

[ihaveahax]

Thanks for the tip. I will keep that in mind. Also, any idea on why the movable.sed files' sizes don't match up? Would that be a problem in this case? Also, when I tried deleting the contents of the /data/ folder in FBI on the previously bricked system, a few folders gave an 'access denied' error. I was using rxTools' Pasta Mode, which I assume didn't give all needed permissions. Would doing this in Gateway Mode on emuNAND present any error in this case?

for things under nand/data, you probably need to do that under GodMode9. FBI is running under the 3DS kernel which is actively using a few files, so you can't touch them.

as for sizes, who knows? it should be 320 bytes.

--------------------- MERGED ---------------------------

@MarcusCarter actually, it's 288 bytes, until you do a system transfer, then it's 320 bytes.

https://3dbrew.org/wiki/Nand/private/movable.sed

 

[Maq47]

for things under nand/data, you probably need to do that under GodMode9. FBI is running under the 3DS kernel which is actively using a few files, so you can't touch them.

as for sizes, who knows? it should be 320 bytes.

--------------------- MERGED ---------------------------

@MarcusCarter actually, it's 288 bytes, until you do a system transfer, then it's 320 bytes.

https://3dbrew.org/wiki/Nand/private/movable.sed

Would MenuHax be enough to launch GodMode9 for full NAND access? I don't have Cubic Ninja.

 

[ihaveahax]

Would MenuHax be enough to launch GodMode9 for full NAND access? I don't have Cubic Ninja.

of course, ninjhax just runs the same things as menuhax anyway.

 

[uyjulian]

Would MenuHax be enough to launch GodMode9 for full NAND access? I don't have Cubic Ninja.

Here, just put your gateway away and follow Plailect's guide:
https://github.com/Plailect/Guide/wiki

 

[Aletron9000]

If you are going to modify ANY part of the sysnand, you need a9lh if something happens and your 3ds bricks.

 

[Maq47]

Here, just put your gateway away and follow Plailect's guide:
https://github.com/Plailect/Guide/wiki

Um, no thanks. I like Gateway's Cheat Menu too much for A9LH. And I know about NTR Debugger, and I think that it's a little easier to just use Gateway's Cheat Menu instead of launching BootNTR on my 2DS, then launching NTR Debugger on PC, yada, yada, et cetra, et cetra.

 

[Aletron9000]

Um, no thanks. I like Gateway's Cheat Menu too much for A9LH. And I know about NTR Debugger, and I think that it's a little easier to just use Gateway's Cheat Menu instead of launching BootNTR on my 2DS, then launching NTR Debugger on PC, yada, yada, et cetra, et cetra.

A9lh can run a Gateway Menu payload I think.

Not Gateway a9lh, a gateway menu payload

 

[ihaveahax]

Um, no thanks. I like Gateway's Cheat Menu too much for A9LH. And I know about NTR Debugger, and I think that it's a little easier to just use Gateway's Cheat Menu instead of launching BootNTR on my 2DS, then launching NTR Debugger on PC, yada, yada, et cetra, et cetra.

using a9lh doesn't mean you need to give up Gateway, it's just another exploit, and you can use Gateway through it. this isn't really on-topic though.