Hacking [Release] Free multi patcher

[RednaxelaNnamtra]

Congratulations. Have you get the kernel access in ARM11?
If so i'd like to know if someone implement a customized SVC call in ARM9 providing prototypes..
Would you be able to call it? Or still it must be a service provided first? Thanks.

Note: I'm not smart enough to do so.. Only wonder.

This is based on the old e-shop spoofer, the old spoofer needed Kernel Hax for getting access to svcBackdoor. Because I defined it inside the rfc file, its possible to use svcBackdoor to change the process id to 0 to have more access, but I'm still unsure how much access i realy have and how svcBackdoor realy works.
For advanced memory access and processcode area finding, im only using his kobject and processIDpatching code. I only modified the memory patching, implemented more patches(based on the memory finding in rxtools) and removed the kernel hax.

 

[Syphurith]

This is based on the old e-shop spoofer, the old spoofer needed Kernel Hax for getting access to svcBackdoor. Because I defined it inside the rfc file, its possible to use svcBackdoor to change the process id to 0 to have more access, but I'm still unsure how much access i realy have and how svcBackdoor realy works.
For advanced memory access and processcode area finding, im only using his kobject and processIDpatching code. I only modified the memory patching, implemented more patches(based on the memory finding in rxtools) and removed the kernel hax.

Well thanks for reply. You might contact feli (original one creator) for more info about the method to archive the goal.
For svcBackDoor or other, see 3dbrew for details. Its prototype is "void Backdoor(u32 CodeAddress)"
"This is used on ARM9 NATIVE_FIRM. No ARM11 processes have access to it without some form of kernelhax."
Actually i don't know how much priviledge you have once with pid=0,. Well you could forget my question currently.

 

[Syphurith]

What i forgot to say is that: RxTools mostly runs under ARM9 so it has limitation with libraries, and it has to implement its own sometime.
Since this one works under ARM11, you may have access to some quite easy-to-use functions.
Also for its Memory Search, that is not fast, which was done to archive some timing requirement. If memmem is ok, take use of that.
I had ever tried to implement a memmem for rxtool however that doesn't works good everytime. So i aborted it - and you could still find it in my repo (another branch).

 

[gudenau]

So, since this works for me, is there a list of titles with the crypto?

Edit:
Also the source would be nice.

 

[Shadowtrance]

So, since this works for me, is there a list of titles with the crypto?

Edit:
Also the source would be nice.

Source is coming... read the first post fully.

Notes:

• The testversions on the Pasta thread replaced Ygw Eshop Spoofer, this version wont do this.
• I have not much experience on reverse engineering(Mostly I only read sourcecode and stuff on 3dbrew and try n error things), so I cant promise anything.
• I will release the sourcecode later this week

 

[zackaerith007]

good day! got a question, does this only works on firmlaunch? or can i use it without it? thanks

 

[RednaxelaNnamtra]

good day! got a question, does this only works on firmlaunch? or can i use it without it? thanks

Its also works without firmlaunch

 

[thinhvnn]

Its also works without firmlaunch

Does it work with firmlaunch ?

 

[F3l1xbxb]

Silly question, I have a n3ds with 9.4 emunand (if Im correct), if I use this patch I can go to eshop, but doing this will uninstall my cias?

Sorry for the noobie question

 

[JJTapia19]

Silly question, I have a n3ds with 9.4 emunand (if Im correct), if I use this patch I can go to eshop, but doing this will uninstall my cias?

Sorry for the noobie question

This does not uninstall cias. It will work to enter the eshop on your firmware version.

 

[tatumanu]

So can i do a system transfer with this?

 

[F3l1xbxb]

This does not uninstall cias. It will work to enter the eshop on your firmware version.

Thanks, i was afraid of getting my cias uninstaled

 

[RednaxelaNnamtra]

The Sourcecode is now up on github.
Feel free to contribute.

 

[Ronhero]

I am just very excited about the eshop fix for swapped region, that to me is worth it's wait on gold and will gladly contribute to a bounty to get it working

 

[VerseHell]

You need 3 sd cards :
A : emunand from the source region + NNID
B : emunand from the source region without NNID
C : emunand from the target region + NNID
(Optionnal) D : Emunand from the target reion without NNID

(If you don't have 3/4 sd cards, you can use emunand tool instead)

1. Go to the eshop with the sd card A :works fine
2. Then go to the eshop with the sd card B : error 011-3136. Don't click on OK. Turn off the console.
3. Finally go the eshop with the sd card C : works fine.

Just do the opposite if you want to use the eshop from your original region again : C -> D -> A.

 

[Ronhero]

You need 3 sd cards :
A : emunand from the source region + NNID
B : emunand from the source region without NNID
C : emunand from the target region + NNID
(Optionnal) D : Emunand from the target reion without NNID

(If you don't have 3/4 sd cards, you can use emunand tool instead)

1. Go to the eshop with the sd card A :works fine
2. Then go to the eshop with the sd card B : error 011-3136. Don't click on OK. Turn off the console.
3. Finally go the eshop with the sd card C : works fine.

Just do the opposite if you want to use the eshop from your original region again : C -> D -> A.

Once I do this for the first time will it stick on the third sd card or do I need to swap every time I want to access eshop? Also I assume I run the spoof every time I boot into ta different emunand?

 

[VerseHell]

"Once I do this for the first time will it stick on the third sd card or do I need to swap every time I want to access eshop?"

No, but you won't be able to use the eshop from your original region anymore, unless you're doing it again.

 

[Ronhero]

"Once I do this for the first time will it stick on the third sd card or do I need to swap every time I want to access eshop?"

No, but you won't be able to use the eshop from your original region anymore, unless you're doing it again.

I meant stick on emunand of the 3ds with the target region sd card, both the system nand and emunand are region swapped but I only am worried about it on target emunand

Also how do I setup a NNID on the 3rd target region sd card? Just go into settings and link the info from the one I made on the original region?

 

[VerseHell]

"I meant stick on emunand of the 3ds with the target region sd card, both the system nand and emunand are region swapped but I only am worried about it on target emunand"

Yes you can.

"Also how do I setup a NNID on the 3rd target region sd card? Just go into settings and link the info from the one I made on the original region?"

Yes, but make a backup of your emunand without NNID first.

 

[Ronhero]

"I meant stick on emunand of the 3ds with the target region sd card, both the system nand and emunand are region swapped but I only am worried about it on target emunand"

Yes you can.

"Also how do I setup a NNID on the 3rd target region sd card? Just go into settings and link the info from the one I made on the original region?"

Yes, but make a backup of your emunand without NNID first.

Okay I am going to try this soon with a JAP to USA n3ds. I have a bunch of n3ds coming in and it would be amazing to offer eshop on them. So here is what I plan to do

1) Take virgin nand from JAP n3ds dump and make emunand on SD A / B with it
2) Take A and make NNID and log onto eshop
3) Take B and log onto eshop with no nnid get error
4) Take C (my region swapped emunand) and load the nnid from A and it should work? I can't wait to try this thanks!