Hacking [Tutorial] How to have two emunand (MT + CFW) on the same SD for 4.X 3DS

[nop90]

It should be possible to use this to have emuNANDs for GW and NTR CFW in the same SD and switch between them, right?

Read the OP and try to uderstand it. The title should be clear enough, but since I spent soe time to write the tutorial ...

Anyway, the answer is below:

Spoiler

No with the file included. They are only for the CFW

Yes if you can modify on your own the GW launcher.DAT. I'm not able.

 

[vingt-2]

OP, How did you come across the value of the address in the boot.bin? By reading binary instructions and figuring out what 0x16 contained ?

 

[Ericss]

Read the OP and try to uderstand it. The title should be clear enough, but since I spent soe time to write the tutorial ...

Anyway, the answer is below:

[spoil]
No with the file included. They are only for the CFW

Yes if you can modify on your own the GW launcher.DAT. I'm not able.

[/spoil]

Sorry. And awww, too bad...

 

[nop90]

Sorry. And awww, too bad...

Sorry to have been so rude, only morning bad mood.

Anyway, modding the GW launcher.dat is hard work because you haf fistly to decrypt the code (easy), than you have to find what to patch (hard because it's not plaincode but mostly ROP) and then eliminate CRC checks that avoid modification on GW code.

 

[nop90]

OP, How did you come across the value of the address in the boot.bin? By reading binary instructions and figuring out what 0x16 contained ?

I studied the disassembled ASM, following the flow of the code and figuring out what the code was doing.

I started already with an idea of how it works, so it was easy to understand (or better to guess) what that value was when I found it referred in the code.

It's a matter of experience (I'm new to ARM, but long time ago I spent a lot of night asleep on softICE).

 

[vingt-2]

I studied the disassembled ASM, following the flow of the code and figuring out what the code was doing.

I started already with an idea of how it works, so it was easy to understand (or better to guess) what that value was when I found it referred in the code.

It's a matter of experience (I'm new to ARM, but long time ago I spent a lot of night asleep on softICE).

Good job .

 

[AtlanticBit]

Yay! I finally managed to set this up!

 

[dakhar]

Hello, I've got 3dsXL downgraded to 4.2.0-9U, SD-Card with MT EmuNAND 9.5 at first, and CFW 4.2 second. I've not Gateway card or any. Than I launch DS exploit it succesfully run Launch.dat, and boot EmuNAND or CFW. I need to rename launcher every time. ROP loaders from "Homebrew" thread (1st post) doesn't work for me (I install it, but 3DS crashes, than I try to boot DS Exploit). What multiroploader exactly you use? Can you upload it? Thanks.

 

[djalmafreestyler]

How do I use MT emuNAND? For what?

Can I use it with Gateway Card?

 

[nop90]

Attached you can find it, but i downloaded it fron the homebrew thread.

If it crashes, probably you are using the wrong options from the 4 available.

The first is to boot encrypted launcher.dat for GW/MT. The third is to boot an unencripted launcer.dat (for CFW) renamed to msetforboss.dat

 

[nop90]

How do I use MT emuNAND? For what?

Can I use it with Gateway Card?

if you have gateway card, you don't need what is in this post.

 

[djalmafreestyler]

if you have gateway card, you don't need what is in this post.

I don't have...what for will I use MT emunand?

 

[Lord M]

Attached you can find it, but i downloaded it fron the homebrew thread.

If it crashes, probably you are using the wrong options from the 4 available.

The first is to boot encrypted launcher.dat for GW/MT. The third is to boot an unencripted launcer.dat (for CFW) renamed to msetforboss.dat

So is the third for NTR CFW, right?

 

[nop90]

So is the third for NTR CFW, right?

No, NTR CFW is a mod of gateway and it runs with the GW launcher.It's not to be confuded with the CFW than can run CIAs without a 3DS cart.

 

[nop90]

I don't have...what for will I use MT emunand?

Update emunand to 9.5 and go online or in eshop. It's stated in the OP.

 

[Lord M]

No, NTR CFW is a mod of gateway and it runs with the GW launcher.It's not to be confuded with the CFW than can run CIAs without a 3DS cart.

SO if i want in dual emunand emu 9.4 and NTR CFW, which of four options i need on ropmultiloader to swap between the 2 emunands?

 

[Lord M]

Hmm so for dual emunand with ntr cfw and gw emu i apply the guide on both side but only of gw part, right? cant use palpatine cfw part with ntr cfw...
Anyway i need to know another thing: is MT emunand free to launch? flashcard not required as Gw emunand that need red card? And if yes, can install cias or app like savedatafiler on MT emunand?

 

[Ronhero]

18) Rename the CFW launcher.dat in msetforboss.dat (or use the one in the attached zip). Now you can use the multiroploader.nds from your DS cart to select the emunand to launch with the usual DS profile exploit.
DONE.

This is the only part that confuses me. I want to use a particular launcher along side of the mt launcher.dat and am confused as to what to name the alternative launcher.dat to so that multiroploader.nds sees it

 

[nop90]

This is the only part that confuses me. I want to use a particular launcher along side of the mt launcher.dat and am confused as to what to name the alternative launcher.dat to so that multiroploader.nds sees it

What particular launcher? if you usa un unencrypted laucher.dat (any kind of unencrypted launcer.dat, i.e. the CFW launcher, a homebrew, the xorpad extractor ...) you can simply rename it "msetforboss.dat" and can launch it with the DS profile exploit after installing the rop hack with the option 3 in multiroploader.nds.

You can't use a crypted msetforboss.dat whith this option because the injected rop only loads the file in memory. The GW rop after loading it, also decrypt it's content. At the moment afaik no one made a open source rop for crypted launcher named msetfroboss.dat

If you want use it for launching the CFW with the 2nd emunand, and if you don't want renaming files, I included a ready to use msetforboss.dat launcher in the zip.

 

[Lord M]

Hey nop90, but NTR CFW have his own arm11.bin... i can overwrite arm11 with this in For 3DS SD folder or i cant use ntr cfw as second emunand?