Hacking [Release] rxTools - Roxas75 3DS Toolkit [fw 2.0 - 9.2]

[einstein95]

Yet another chimer

4.5E, can test OoT3D, MSET and Cubic Ninja before I post it to a friend.

 

[Tjessx]

rxMode just crashed while exiting mario kart.
Was using 9.5 emunand from the gateway launcher.
The screen just stopped moving while there was a message that it was closing the software.

 

[Fishaman P]

I can test. There's an unusually large portion of European consoles in this thread.

2DS, 9.2.0-20U, Spider and Ninjhax

 

[RodrigoDavy]

I have a regular 3DS, 9.2.0-20U, Spider, Ninjhax and a Ocarina of Time cartridge

 

[Wantija]

Your downloaded games and patches will only be available in your emunand, so you'd need to play on 9.5
There's an exception for game updates if you had previously downloaded one of them in 9.2 (for example the smash bros ones, if you had 1.0.4 you can download 1.0.5 in Emunand and have it available in sysnand) but your nands must still be linked for that as far as I know.

Edit: There's also a guide to move your eshop content back to sysnand but it's a bit tricky and not noob friendly but you can check for yourself.
http://gbatemp.net/threads/tutorial-moving-eshop-content-from-emunand-to-sysnand.379879/

I'll check out that guide even though it seems quite daunting to look at. Now just to make sure I make a NAND backup, go into rxMode, upgrade and get stuff from eShop, then to go back to 9.2 use Inject EmuNAND partitions? I don't want to loose homebrew when we're so close to Kernel access and all that other jazz that will motivate people update their emulators.

 

[zero2exe]

I'll check out that guide even though it seems quite daunting to look at. Now just to make sure I make a NAND backup, go into rxMode, upgrade and get stuff from eShop, then to go back to 9.2 use Inject EmuNAND partitions? I don't want to loose homebrew when we're so close to Kernel access and all that other jazz that will motivate people update their emulators.

You won't lose the ability to run homebrew as long as you don't update your sysnand, in fact don't mess up with your sysnand unless you know what you're doing or you might just brick it (the only time you should do this is with gateway's downgrade/restore nand feature).

 

[Wantija]

You won't lose the ability to run homebrew as long as you don't update your sysnand, in fact don't mess up with your sysnand unless you know what you're doing or you might just brick it (the only time you should do this is with gateway's downgrade/restore nand feature).

So basically as long as I update in rxMode I'm fine?

 

[zero2exe]

So basically as long as I update in rxMode I'm fine?

In Rxmode while RX-E is displayed on system settings, if it says RX-S or any other thing you're on sysnand.

 

[bbmax]

In Rxmode while RX-E is displayed on system settings, if it says RX-S or any other thing you're on sysnand.

But be careful !!! once you boot to Emunand with rxMode and you go to setting will display RX-E you can update ,but when you exit setting then kick you to SYSNAND !!! to have again RX-E you need run again rxTools and enter rxMode

 

[zero2exe]

But be careful !!! once you boot to Emunand with rxMode and you go to setting will display RX-E you can update ,but when you exit setting then kick you to SYSNAND !!! to have again RX-E you need run again rxTools and enter rxMode

That reminds me once I had this very weird bug where I left RX-E mode by leaving system settings but after getting into sysnand it wouldn't recognize any of my retail games as inserted. So I just went back into system settings and left again and it worked again, haven't tried replicating it but still pretty weird.

 

[bbmax]

looks like this is normal going to system settings kick out to sysnand when goig out form. same situation is on CFW or this is a BUG maybe possible to fix it

 

[Wantija]

In Rxmode while RX-E is displayed on system settings, if it says RX-S or any other thing you're on sysnand.

Sorry for being a hassle but I checked my system settings and it shows 'RX-S', can I go into the eShop and 'update' with that?

 

[-LuCas-]

Sorry for being a hassle but I checked my system settings and it shows 'RX-S', can I go into the eShop and 'update' with that?

NO. It's sysnand

 

[zero2exe]

Sorry for being a hassle but I checked my system settings and it shows 'RX-S', can I go into the eShop and 'update' with that?

DON'T. It means your emunand isn't present or hasn't been configured properly.

 

[mid-kid]

Could you add support to boot a "dual emunand"? It should be fairly trivial; just changing the offset.

 

[Death78793]

I'm willing to test (sorry if I'm bothering ), I have a n3DS XL on 9.0.0-20U and a 2DS on 9.2.0-20!

 

[johovahs]

I didn't see it listed on the OP post, but is emunand mode region free? As in I can play some Japan retail games on it.

 

[Apache Thunder]

I've noticed that romfs isn't decrypted correctly for the system apps I attempted to decrypt with this. exefs and exheader gets decrypted. But romfs is corrupt. I had tried the home menu CXI title and more recently the MicroSD Management CXI title. Both suffer from corrupt romfs once I decrypt them with rxTools.

Perhaps look into it. Maybe system titles use a different encryption scheme for romfs?

 

[Zidapi]

I didn't see it listed on the OP post, but is emunand mode region free? As in I can play some Japan retail games on it.

Not yet, but it should be soon.

 

[Apache Thunder]

Hey Roxas75, check this out:

According to http://3dbrew.org/wiki/Nand/private/movable.sed it should be as simple as using the aes engine to encrypt the hash over the first 0x120 bytes.

I think you need to re-encrypt everything that's been encrypted with per-console keys (that's not specified by movable.sed). I think that includes the dbs on NAND.

From quick inspection (may missed something/a lot) but in order to do a manual system transfer + region swap:
1) N3DS: Change region with https://gist.github.com/yellows8/f15be7a51c38cea14f2c
2) O3DS: Get movable.sed and decrypt the MAC
3) N3DS: Encrypt movable.sed from O3DS
4) O3DS: Decrypt dbs/ticket.db and dbs/title.db
5) N3DS: Re-encrypt files from 4 and then merge with N3DS's ticket.db/title.db (not sure if needed, but I think this way the system apps/firm will still have tickets)
6) N3DS: Copy merged ticket.db/title.db as well as movable.sed over. Also copy over "data" to get all your saves.
I think an alternative to merging title.db is to replace title.db and then immediately do a system update (in the same boot cycle). Hopefully that will write the new tickets. I'm not even sure tickets are required for the system apps and stuff, but it's in there, so idk.

(He refers to n3DS in this quote, but just pretend that's the target console in this situation. )
Might not need to decrypt/renecrypt data folder after all.


Any chance you can write something up for rxTools to do this? I've been wanting to manually transfer over the movable.sed file so I can restore my original friend code and friend list. This would also allow me to use my old save games and other stuff from a bricked 3DS I no longer own. Since my NNID has been moved over to my current 3DS I can just copy the data over. But the movable.sed has to be modified (this appears to involve altering the KeyY string stored in the movable.sed file). The string has to be rehashed using the AES engine on the 3DS as well as the data/dbs folder being decrypted and re-encrypted. So this sounds like something rxTools could do.

Moving over SD content might take a lot of programming to do as that might also need to be decrypted from the source system and then reencrypted for the target system. (although you already have a way of dumping title keys, and the title folder of the fat16 partition. And I think you already plan on doing SD content decryption without using xorpads. It's just a matter of also doing reencryption for that then)

But having an extractor and injector of the entire dbs folder and the data folder in the fat16 partition would be a great start and would be more then enough for me.

I'm sure I'm not the only person that could benefit from this. For example, if someone had a whole bunch of important game saves/SD content/Friend Code and friend list on their 3DS and they have decrypted backups and the 3DS breaks from bricking or physical damage, being able to manually transfer over the data would be a life saver for them. I think it's only the movable.sed file that is the roadblock right now.


EDIT: Refer to this thread regarding this particular issue. It happened to be a discussion on region swapping a 3DS and this is another situation that would be helped along if you implemented this.

http://gbatemp.net/threads/nand-trading-for-region-change.384115