Hacking Rom Injection Tool

  • Thread starter Thread starter FrankVVV
  • Start date Start date
  • Views Views 8,624
  • Replies Replies 40
  • Likes Likes 1
How about just decrypt the ROM and use a loader to load the ROM in?
I'm assuming the exploit allows for permissions on par with commercial games.

That's what I was thinking about too. Ssspwn does not have kernel access so that should mean there will be no stuffs like region free etc etc but loading commercial games should be possible. Since commercial games are essentially homebrew on a larger scale by companies.
 
ctrtool --romfsdir out_directory RomFS.bin
Will extract the contents of RomFS.bin to out_directory.

Fixing makerom would be a simple matter for someone who has reverse engineered the RomFS format fully, but that's not my strong suit. If 3DSGuy wasn't able to figure it out, most of us aren't likely to.
Source: https://github.com/3DSGuy/Project_CTR/tree/master/makerom


Is there a way to use ctrtool to extract RomFS.bin??? I'm using the -x flag and it's not producing anything. What fork of ctrtool are you using?
 
That's what I was thinking about too. Ssspwn does not have kernel access so that should mean there will be no stuffs like region free etc etc but loading commercial games should be possible. Since commercial games are essentially homebrew on a larger scale by companies.

Funnily smea implied region free is possible.
It's probably more than just that though.
 
Ok. Ssspwn allows homebrew. Homebrew can do whatever the official dev kit can do. In theory, a homebrew to the scale of Pokemon X/Y can be created.

Homebrew .3ds files are official stuff just encrypted with the 0000.... AES key. Aka, it is a rom that has been decrypted and reencrypted with homebrew keys. So if you can decrypt a 3ds game rom and re-encrypt it with homebrew keys, the .3ds rom is now recognized by the system as homebrew and will run it.

SSSpwn executes code within a sandbox. The code that it can execute should include the code in .3ds game roms since 3ds homebrew by its very definition allows the creating of official SDK stuff but homebrew instead.


Sorry, but no. The way Gateway allows to play .3ds files is because they patch the kernel itself, to redirect file reading calls to their cart in a proper way. SSSPWN doesn't use ANY kind of kernel exploit, it's userland only, so such redirection would be impossible.
What's more, ROP Loader homebrew was NOT encrypted. At all. And from what Smea said so far, this is going to use a similair method, so nothing encrypted either.
Also, "So if you can decrypt a 3ds game rom". Well, do you know the key? Nobody does. If anybody had the key already, then we would be able to fully unpack the roms, to get to the music and such inside them, but we can't.

Before you start to give out weird piracy theories, read a bit how all current exploits work, then you will see that what you said is completely stupid.
 
Sorry, but no. The way Gateway allows to play .3ds files is because they patch the kernel itself, to redirect file reading calls to their cart in a proper way. SSSPWN doesn't use ANY kind of kernel exploit, it's userland only, so such redirection would be impossible.
What's more, ROP Loader homebrew was NOT encrypted. At all. And from what Smea said so far, this is going to use a similair method, so nothing encrypted either.
Also, "So if you can decrypt a 3ds game rom". Well, do you know the key? Nobody does. If anybody had the key already, then we would be able to fully unpack the roms, to get to the music and such inside them, but we can't.

Before you start to give out weird piracy theories, read a bit how all current exploits work, then you will see that what you said is completely stupid.

Thanks for the abrasive reply.

Humor me this. If a 3ds game rom can be decrypted, will it then work?
 
Thanks for the abrasive reply.

Humor me this. If a 3ds game rom can be decrypted, will it then work?


Not really. One major thing you are forgetting, is that Homebrew is not written using official Nintendo SDK, but a custom toolchain compatible with 3DS. Therefore, we are actually limited in what we can create, and both SSSPWN and the Homebrew Launcher base on thise imperfect tools. Not to mention, some sort of redirection still would be necessary, as all the game files are stored in a file called "RomFS.bin" which is inside a .3ds rom, so you'd need to point the KERNEL where that file is so any commercial game can run.
 
Not really. One major thing you are forgetting, is that Homebrew is not written using official Nintendo SDK, but a custom toolchain compatible with 3DS. Therefore, we are actually limited in what we can create, and both SSSPWN and the Homebrew Launcher base on thise imperfect tools. Not to mention, some sort of redirection still would be necessary, as all the game files are stored in a file called "RomFS.bin" which is inside a .3ds rom, so you'd need to point the KERNEL where that file is so any commercial game can run.

I'm fairly certain that it was mentioned somewhere by a dev on one of the threads that homebrew can do anything that a official commercial game can do
 
I'm fairly certain that it was mentioned somewhere by a dev on one of the threads that homebrew can do anything that a official commercial game can do

THEORETICALLY yes. Because both games and homebrew will run in the same privileges. But first we need to know how to use everything, where it is residing in the system, where it is mapped to memory, stuff like that. And we only know part of it as of now.
 
Is there a way to use ctrtool to extract RomFS.bin??? I'm using the -x flag and it's not producing anything. What fork of ctrtool are you using?
I just told you how. Use the parameters I posted. The -x flag is not needed (but it won't hurt either), if you use the exact parameters I posted it should work.
https://anonfiles.com/file/ae2dbe5e005b03996577aee278d35d78 This is the version of ctrtool I use (compile of https://github.com/3DSGuy/Project_CTR/tree/master/ctrtool), it's a bit more up to date than other forks. Might not matter which fork you use in this case.
 
I just told you how. Use the parameters I posted. The -x flag is not needed (but it won't hurt either), if you use the exact parameters I posted it should work.
Oh thanks, that's actually a better fork then I was looking at.

This has ctrtool and makerom. You can compile it VS2010 and VS2012 or using make file with cygwin:
https://github.com/3DSGuy/Project_CTR/tree/master/ctrtool

This extracts the Rom File System from the 3DS file:
ctrtool.exe --romfs=RomFS.bin input_file.3ds

This extracts the contents of the Rom File System to the output directory:
ctrtool --romfsdir out_directory RomFS.bin

The rom is in the newly extracted folder rom/vc_rom.bin

This is md5sum for extracted rom (for pokemon yellow):
$ md5sum.exe vc_rom.bin

d9290db87b1f0a23b89f99ee4469e34b *vc_rom.bin

This is the md5sum from scene release for Pokemon Yellow:
$ md5sum.exe Pokemon\ Yellow.gb

d9290db87b1f0a23b89f99ee4469e34b *Pokemon Yellow.gb
 
I'm going to point out that if you start brainstorming how the hombrew laucher can possible launch 3ds roms, you should realize that if you say something that is possible and smea realizes, he'll probably fix it so it's not possible, since he is against using his stuff for piracy. Smart course would be to wait till the homebrew launcher is out before you start with the public brainstorming on how to get it to play 3ds roms.
 
im sure smea would of done a brainstorming session himself........and lets face it he has more knowledge of how it all works than any of us do :lol:

could it be possible? i have no idea, but for smealum to say its not you can be sure its not going to just be some sort of "maybe if we rename the romz, hombrew.3dsx it will work"
 
  • Like
Reactions: emo kid 68
I'm going to point out that if you start brainstorming how the hombrew laucher can possible launch 3ds roms, you should realize that if you say something that is possible and smea realizes, he'll probably fix it so it's not possible, since he is against using his stuff for piracy. Smart course would be to wait till the homebrew launcher is out before you start with the public brainstorming on how to get it to play 3ds roms.

I don't care actually. I just want to discuss the possibilities.
 
So is it possible to create a pkmn-emerald-vc and play it on 3DS without Gateway atm?
GBA games havent worked yet, but BBB has created all the original gameboy Pokemon games and gbc Pokemon games. They work just like VC games too, only issue I noticed was Pikachu's cry sound on Yellow does not work.

I would live to be able to inject my own roms if that was possible but looks like the emulator will probably be coming soon anyways.
 
GBA games havent worked yet, but BBB has created all the original gameboy Pokemon games and gbc Pokemon games. They work just like VC games too, only issue I noticed was Pikachu's cry sound on Yellow does not work.

I would live to be able to inject my own roms if that was possible but looks like the emulator will probably be coming soon anyways.


do you know how to do it? Want to play them on my 3DS x_x (Pokemon Crystal and Yellow for example)
 

Site & Scene News

Popular threads in this forum