Hacking [Tutorial] How to have two emunand (MT + CFW) on the same SD for 4.X 3DS

[gamesquest1]

Read the OP and try to uderstand it. The title should be clear enough, but since I spent soe time to write the tutorial ...

Anyway, the answer is below:

Spoiler

No with the file included. They are only for the CFW

Yes if you can modify on your own the GW launcher.DAT. I'm not able.

Sorry to have been so rude, only morning bad mood.

Anyway, modding the GW launcher.dat is hard work because you haf fistly to decrypt the code (easy), than you have to find what to patch (hard because it's not plaincode but mostly ROP) and then eliminate CRC checks that avoid modification on GW code.

And how do you plan to run the second GW emunand? This tutorial is only for Palantine CFW as second emunand.

He has stated several times that it's not for 2 gateway emunand, there is probably more than this, this was just from the last 2 pages, yeah the post you shared was poorly worded, what he mean was it doesn't have to be MT+cfw it could be GW+CFW, or NTR + CFW

 

[Lord M]

eh, this is what i understand if you say "you can do what you want"... and he also say how to extranc and inject ntr emunand... so this mean work no? And if cant use 2 GW emunand, what say about MT+NTR CFW? And if yes how to change the original Guide since both of 2 are not palantine cfw and so the second part of tutorial cant apply in this case

 

[gamesquest1]

eh, this is what i understand if you say "you can do what you want"... and he also say how to extranc and inject ntr emunand... so this mean work no? And if cant use 2 GW emunand, what say about MT+NTR CFW? And if yes how to change the original Guide since both of 2 are not palantine cfw and so the second part of tutorial cant apply in this case

It all got a bit messy with people thinking cfw meant ANY cfw, including NTR cfw.........it's always any gateway based launcher + the leaked cfw

See confusing as any gateway based launcher covers
MT, GATEWAY,NTR CFW
And cfw is exclusively the leaked cfw referred to as palentines or govanify's cfw

So you can only pick 1 slot 1 emunand from compatible launchers and 1 emunand for the leaked cfw

 

[Lord M]

Ah, so MT is also GW... so... GW/MT/NTR CFW + Palpatine CFW, right?
Hmm but multiroploader.nds dont have the ability to select the exploit to launch before to do? So why cant install both emunand and ntr cfw and then select one of them before launching with roploader? Or maybe because with roploader both emunands are considered as same exploit to launch and then cant select?

 

[gamesquest1]

Ah, so MT is also GW... so... GW/MT/NTR CFW + Palpatine CFW, right?
Hmm but multiroploader.nds dont have the ability to select the exploit to launch before to do? So why cant install both emunand and ntr cfw and then select one of them before launching with roploader? Or maybe because with roploader both emunands are considered as same exploit to launch and then cant select?

Yeah that's it, basically all the multirop loader does is change what file name the DS exploit looks for on the SD, to make one of the gateway based launchers look for emunand in a different position that the default one you would need to edit the launcher.dat file, the gateway based launcher files are much more complicated to work with than the leaked cfw due to them being encrypted etc

 

[Lord M]

Hmm no one stop to try, a try its free, to use multiroploader with emunand+ntr cfw but for sure, as i understand, its a waste of time because will not work, uh?

EDIT: uhm wait, the first post dont mention Rop_multiloader... and this app allow you to select the launcher to use for exploit... so if maybe can work for emunand+ntr cfw?

 

[nop90]

Definitively trolling!

 

[Lord M]

Ok, sorry to everyone, because english for me its hard xD
Anyway i ask for last time, maybe a definitevly answer will be good... its really possible to have both GW 9.2 + NTR CFW in 1 SD using ropmultiloader to select the exploit to launch?

 

[gamesquest1]

Ok, sorry to everyone, because english for me its hard xD
Anyway i ask for last time, maybe a definitevly answer will be good... its really possible to have both GW 9.2 + NTR CFW in 1 SD using ropmultiloader to select the exploit to launch?

no

 

[CalebW]

Following this tutorial we are going to have a classic Gateway/MT emunand starting on sector 1 of your SD and the CFW emunand starting on sector 2097153 (= 0x00200001). To boot the CFW we will use a modified launcher.

The parameter count=1953791 is for a Samsung NAND. For a Toshiba NAND use count=1931263.

Why would you start the cfw nand at sector 2097153 instead of at sector 1953791+2? Why do you have 143362 sectors of empty space between the nands?

Now I'm working on making the CFW more stable and modify it to boot higher emunand version other than only 4.X (but without unsigned CIA support , I will not spread piracy).

Yes, because you must protect the flashcart companies from going out of business. I might could have see this as a plausible argument when piracy was only restricted to 4.X, but now with GW at 9.2 and Sky at 9.5 piracy has already spread as far as it's going to, they just wouldn't have to pay $70 to do it. Also, without unsigned CIA support you wouldn't be able to run hombrew CIAs.

 

[nop90]

Why would you start the cfw nand at sector 2097153 instead of at sector 1953791+2? Why do you have 143362 sectors of empty space between the nands?


Yes, because you must protect the flashcart companies from going out of business. I might could have see this as a plausible argument when piracy was only restricted to 4.X, but now with GW at 9.2 and Sky at 9.5 piracy has already spread as far as it's going to, they just wouldn't have to pay $70 to do it. Also, without unsigned CIA support you wouldn't be able to run hombrew CIAs.

There are some reasons. None very strong, but that's the way I think it had to be done.

First so I have to modify only a byte with the hex editor, that helps to keep this complex tutorial a little bit more simple to understand. Consider that this tutorial is not important for it's result, but because I hope that some curious people start learning RE. If one understand the how it works, than he can place it's emunand wherever he wants.

Second, Gateway formats the emunand leaving 0x00200000 sectors of unallocated space, even if the nand images uses less than this. I only doubled this configuration (again only for simplicity).

Third, 1Gb is a good number in informatic, the size of the actual NAND not. There are two different sizes of NAND, maybe soon could there be a third that need more space (maybe it's already out, check the N3DS NAND size on 3DBrew ). As an engineer, loosing some KB of space for potential scalability is always a worth price to pay. It's a professional deformation.

 

[Ronhero]

I looked around but couldn't find an answer. Can you use spider loader to run both the gateway exploit and then the msetforboss.dat from two different URL's?

I am trying to help someone who doesn't have an r4 card

 

[nop90]

The spider loader cant load a file created to be loaded by a different hack, so it can't load the CFW.

 

[CR_Avila]

Can you break the 300 icon limit with this method?

 

[Ronhero]

Holy necrobump batman!

You can break the 300 limit by booting via FBI

 

[CR_Avila]

Holy necrobump batman!

You can break the 300 limit by booting via FBI

lmao I'm such a necrobumper... I know I can do that,but I was wondering if i could have more than 300 games on the Home Menu...

 

[Ronhero]

lmao I'm such a necrobumper... I know I can do that,but I was wondering if i could have more than 300 games on the Home Menu...

Um... Yeah you can have multiple emunands all with 300 titles on them and select what one you want on boot via Luma

 

[CR_Avila]

Um... Yeah you can have multiple emunands all with 300 titles on them and select what one you want on boot via Luma

oh ok thx...

 

[Connorsdad]

So I just hit the 300 limit too, could someone help a newb with the options available to bypass this please. Thanks