Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

[Click This]

Like transferring Ambassador status to emunand? Yeah, that will work. You are just cloning the system's nand and reading it off the SD card instead so everything is exactly the same (but optionally updated to latest FW) as far as the system is concerned.

If you meant doing a system transfer to a new system? Then Ambassador status is carried over to the new 3DS unit. (I've done it before a few times. RIP my original Aqua 3DS)

I was more worried recovery if anything happens to emunand.

 

[Hashtastrophe]

I was more worried recovery if anything happens to emunand.

You would have a clean backup of your nand so there shouldn't be any worries. If emunand breaks, make a new one with the backup.

Edit: And once you have an up-to-date emunand that works, make a backup of the entire SD card with an imaging program. This way you can just restore the image and not have to set it all up again.

 

[cearp]

for using another console's secureinfo_a file (using their serial etc) - i doubt it matters if it is from a n3ds or not.
also, i doubt eshop detects and displays n3ds exclusive content (when it comes out) by looking at the serial number. (but sure that is possible)

 

[Dazzozo]

Haha nice to see Daz! I finally retired my G300. Excellent work guys, keep it up.

Hello old friend!

 

[Katsumi San]

Will Karl3DS support region free for future updates? Or am I asking in wrong place? I know credit is due to smealum and friends for RegionThree, but I don't think they are work forever for RegionThree... At least that is what it looks like.

 

[WulfyStylez]

Will Karl3DS support region free for future updates? Or am I asking in wrong place? I know credit is due to smealum and friends for RegionThree, but I don't think they are work forever for RegionThree... At least that is what it looks like.

You'll be able to boot into the newest firmware with region unlocked, yes.

 

[Katsumi San]

You'll be able to boot into the newest firmware with region unlocked, yes.

OMG I know no promises but I will watch this board closely. Thank you so much! I feel like in love for wrong reason.

 

[fatpolomanjr]

Region free is the only reason I want any kind of cfw on 3DS at all, because fk NoA. I lived through the exciting PSP and Wii days as a pirate, but my pirating days are over because, for one, I usually only beat games I care about enough to pay for. And two, I now make $$, which I like giving to Nintendo, to help support them as a premiere gaming company. But boy do they sure know how to piss off fans with excuses and bs like region locking and not offering the same hardware options worldwide.

 

[WulfyStylez]

New build of bootstrap pushed! Should fix 8.x firmwares. Same link, update the google doc with your results.

 

[kamesenin888]

i would love to help testing , my cubic ninja is US and until i get my n3ds of mh i cannot help, the other n3ds i have are jap and EUR and i dont have that game for those regions

 

[TidusWulf]

So glad I got in early with a $5 copy of Cubic Ninja.

Good luck with the project, guys. I'm really excited to see the final product on my own machine someday soon.

 

[AlbertoSONIC]

Is the Arm9 FS fix going to be open source?

 

[Oishikatta]

Is the Arm9 FS fix going to be open source?

They've said no, only the bootstrap will be open source for now.

 

[shinyquagsire23]

Is the Arm9 FS fix going to be open source?

The actual fix itself? Well the first issue was one specific to our port of firmloader, the other issues was an undocumented register (0x10000020) which needs to be set to 0 and then 0x340:

    *(u32*)0x10000020 = 0;
    *(u32*)0x10000020 = 0x340;

Normatt also suggested a change to sdmc.s to change the lines at https://github.com/archshift/Decrypt9/blob/master/source/fatfs/sdmc.s#L497 and in NAND_Init to

MOV R0, #0xF0
LSL R0, R0, #0x8

 

[Psi-hate]

Edit: Nothing important, yo

 

[shinyquagsire23]

Was digging around and found this? Apparently it patches most sig checks but that's what TBG told me : mem_Write32(arm11_ServiceBufferAddress() + 0x84, 0)

Just thought this might be of use if not already used or documented.

If it's a legit thing, mind telling what it does?

It's literally source code from 3dmoo.

 

[:-infern:]

New build of bootstrap pushed! Should fix 8.x firmwares. Same link, update the google doc with your results.

Will do so tonight! Been looking at assembly language, tis a bit :confused: how much do you guys actually know to dev for this?

 

[Psi-hate]

That's kinda disappointing, heh. People keep spreading darn rumors. Now I'll stay away from 'em. Sorry for wasting your time.

 

[shinyquagsire23]

Will do so tonight! Been looking at assembly language, tis a bit :confused: how much do you guys actually know to dev for this?

You need to know quite a bit to actually understand the kernel and do modifications to it actually. It takes a bit to actually get used to writing in it though.

 

[WulfyStylez]

To clarify, the buffer for a service request returns data at 0x80. The response header code sits there. Then the next arg is after that. On stuff like this, it's a result code. Literally all this says is that if you make VerifyRsaSha256 return successful, it will return successful. Like, no shit.