Toggle sidebar

Hacking (4.x only) CIA CFW Complete Guide

  • Thread starter Thread starter palantine
  • Start date Start date
  • Views Views 546,054
  • Replies Replies 2,082
  • Likes Likes 29
asesin22 said:
yes 192.168.0.33
Click to expand...

Ok, assuming you followed step 1-14 of the guide in the op. Doublecheck if you replaced "IPTOMODIFY" with your 192.168.0.33. I also got a failed to connect message at the first time. Just don't turn off the 3DS, stay in the home menu, close the cmd window and open the batch file again. I had to do it three times in a row.
 
CalebW said:
Ok, I decrypted the rom, but when I try to compile it into a cci I get:
Code: 
$ makerom -f cci -target d -rsf gw.rsf -exheader dec_exheader.bin -code dec_exef
s/code.bin -icon dec_exefs/icon.bin -banner dec_exefs/banner.bin -logo dec_exefs/logo.bin -romfs dec_romfs.bin -alignwr -o LM.3ds -v
 
[NCCH] NCCH AES keys:
> key0: 00000000000000000000000000000000
> key1: 00000000000000000000000000000000
Segmentation fault (core dumped)

Here's my rsf file:
Code: 
BasicInfo:
  Title                  : "LM3DS"
  CompanyCode            : "01"
  ProductCode            : "CTR-P-AGGE"
  ContentType            : Application
  Logo                    : Nintendo # Nintendo / Licensed / Distributed / iQue / iQueForSystem
 
RomFs:
  # Specifies the root path of the file system to include in the ROM.
  #RootPath                : "decrypted_romfs"
 
TitleInfo:
  UniqueId                : 0x085E
  Category                : Application
 
CardInfo:
  MediaSize              : 1GB # 128MB / 256MB / 512MB / 1GB / 2GB / 4GB
  MediaType              : Card1 # Card1 / Card2
  CardDevice              : NorFlash # NorFlash(if you use savedata and Card1) / None (for Card2)
 
 
Option:
  UseOnSD                : true # true if App is to be installed to SD
  FreeProductCode        : true # Removes limitations on ProductCode
  MediaFootPadding        : true # If true CCI files are created with padding
  EnableCrypt            : true # Enables encryption for NCCH and CIA
  EnableCompress          : true # Compresses exefs code
 
ExeFs: # these are the program segments from the ELF, check your elf for the appropriate segment names
  ReadOnly:
  - .rodata
  - RO
  ReadWrite:
  - .data
  - RO
  Text:
  - .init
  - .text
  - STUP_ENTRY
 
PlainRegion: # only used with SDK ELFs
- .module_id
 
AccessControlInfo:
  ExtSaveDataId: 0x00000000
  SystemSaveDataId1: 0x00000000
  SystemSaveDataId2: 0x00000000
  OtherUserSaveDataId1: 0x00000
  OtherUserSaveDataId2: 0x00000
  OtherUserSaveDataId3: 0x00000
  UseOtherVariationSaveData : true
  #UseExtendedSaveDataAccessControl: true
  #AccessibleSaveDataIds: [0x101, 0x202, 0x303, 0x404, 0x505, 0x606]
  FileSystemAccess:
  #- Boss
  #- CardBoard
  #- CategoryFileSystemTool
  #- CategoryHardwareCheck
  #- CategoryHomeMenu
  #- CategorySystemApplication
  #- CategorySystemSettings
  #- Core
  #- CtrNandRo
  #- CtrNandRoWrite
  #- CtrNandRw
  #- Debug
  #- DirectSdmc
  #- DirectSdmcWrite
  #- ExportImportIvs
  #- SaveDataMove
  #- Shell
  #- Shop
  #- SwitchCleanup
  #- TwlCardBackup
  #- TwlNandData
 
SystemControlInfo:
  SaveDataSize: 128K
  RemasterVersion: 0000
  StackSize: 0x00028000
  JumpId: 0x0004000000055F00L
 
 
# DO NOT EDIT BELOW HERE OR PROGRAMS WILL NOT LAUNCH (most likely)
 
AccessControlInfo:
  #IoAccessControl:
  #- FsMountNand
  #- FsMountNandRoWrite
  #- FsMountTwln
  #- FsMountWnand
  #- FsMountCardSpi
  #- UseSdif3
  #- CreateSeed
  #- UseCardSpi
 
  IdealProcessor                : 0
  AffinityMask                  : 1
 
  Priority                      : 48
  MaxCpu                        : 0x9E # Default
 
  CoreVersion                  : 2
  DescVersion                  : 2
 
  #Kernelflags
  DisableDebug                  : false
  EnableForceDebug              : false
  CanUseNonAlphabetAndNumber    : false
  CanWriteSharedPage            : false
  CanUsePrivilegedPriority      : false
  PermitMainFunctionArgument    : false
  CanShareDeviceMemory          : false
  RunnableOnSleep              : false
  SpecialMemoryArrange          : false
  MemoryType                    : Application # Application / System / Base
  HandleTableSize: 0x200
 
  #Kernel release version:
  ReleaseKernelMajor            : "02"
  ReleaseKernelMinor            : "33" # must be 33 or else Gateway won't accept it
 
  IORegisterMapping:
  - 1ff50000-1ff57fff
  - 1ff70000-1ff77fff
  MemoryMapping:
  - 1f000000-1f5fffff:r
  SystemCallAccess:
    ArbitrateAddress: 34
    Break: 60
    CancelTimer: 28
    ClearEvent: 25
    ClearTimer: 29
    CloseHandle: 35
    ConnectToPort: 45
    ControlMemory: 1
    CreateAddressArbiter: 33
    CreateEvent: 23
    CreateMemoryBlock: 30
    CreateMutex: 19
    CreateSemaphore: 21
    CreateThread: 8
    CreateTimer: 26
    DuplicateHandle: 39
    ExitProcess: 3
    ExitThread: 9
    GetCurrentProcessorNumber: 17
    GetHandleInfo: 41
    GetProcessId: 53
    GetProcessIdOfThread: 54
    GetProcessIdealProcessor: 6
    GetProcessInfo: 43
    GetResourceLimit: 56
    GetResourceLimitCurrentValues: 58
    GetResourceLimitLimitValues: 57
    GetSystemInfo: 42
    GetSystemTick: 40
    GetThreadContext: 59
    GetThreadId: 55
    GetThreadIdealProcessor: 15
    GetThreadInfo: 44
    GetThreadPriority: 11
    MapMemoryBlock: 31
    OutputDebugString: 61
    QueryMemory: 2
    ReleaseMutex: 20
    ReleaseSemaphore: 22
    SendSyncRequest1: 46
    SendSyncRequest2: 47
    SendSyncRequest3: 48
    SendSyncRequest4: 49
    SendSyncRequest: 50
    SetThreadPriority: 12
    SetTimer: 27
    SignalEvent: 24
    SleepThread: 10
    UnmapMemoryBlock: 32
    WaitSynchronization1: 36
    WaitSynchronizationN: 37
  InterruptNumbers:
  ServiceAccessControl:
  - APT:U
  - $hioFIO
  - $hostio0
  - $hostio1
  - ac:u
  - boss:U
  - cam:u
  - cecd:u
  - cfg:u
  - dlp:FKCL
  - dlp:SRVR
  - dsp::DSP
  - frd:u
  - fs:USER
  - gsp::Gpu
  - hid:USER
  - http:C
  - mic:u
  - ndm:u
  - news:u
  - nwm::UDS
  - ptm:u
  - pxi:dev
  - soc:U
  - ssl:C
  - y2r:u
  - ldr:ro
  - ir:USER
 
 
SystemControlInfo:
  Dependency:
    ac: 0x0004013000002402L
    am: 0x0004013000001502L
    boss: 0x0004013000003402L
    camera: 0x0004013000001602L
    cecd: 0x0004013000002602L
    cfg: 0x0004013000001702L
    codec: 0x0004013000001802L
    csnd: 0x0004013000002702L
    dlp: 0x0004013000002802L
    dsp: 0x0004013000001a02L
    friends: 0x0004013000003202L
    gpio: 0x0004013000001b02L
    gsp: 0x0004013000001c02L
    hid: 0x0004013000001d02L
    http: 0x0004013000002902L
    i2c: 0x0004013000001e02L
    ir: 0x0004013000003302L
    mcu: 0x0004013000001f02L
    mic: 0x0004013000002002L
    ndm: 0x0004013000002b02L
    news: 0x0004013000003502L
    nim: 0x0004013000002c02L
    nwm: 0x0004013000002d02L
    pdn: 0x0004013000002102L
    ps: 0x0004013000003102L
    ptm: 0x0004013000002202L
    ro: 0x0004013000003702L
    socket: 0x0004013000002e02L
    spi: 0x0004013000002302L
    ssl: 0x0004013000002f02L
CommonHeaderKey:
  D: |
    jL2yO86eUQnYbXIrzgFVMm7FVze0LglZ2f5g+c42hWoEdnb5BOotaMQPBfqt
    aUyAEmzQPaoi/4l4V+hTJRXQfthVRqIEx27B84l8LA6Tl5Fy9PaQaQ+4yRfP
    g6ylH2l0EikrIVjy2uMlFgl0QJCrG+QGKHftxhaGCifdAwFNmiZuyJ/TmktZ
    0RCb66lYcr2h/p2G7SnpKUliS9h9KnpmG+UEgVYQUK+4SCfByUa9PxYGpT0E
    nw1UcRz0gsBmdOqcgzwnAd9vVqgb42hVn6uQZyAl+j1RKiMWywZarazIR/k5
    Lmr4+groimSEa+3ajyoIho9WaWTDmFU3mkhA2tUDIQ==
  Exponent: |
    AQAB
  Modulus: |
    zwCcsyCgMkdlieCgQMVXA6X2jmb1ICjup0Q+jk/AydPkOgsx7I/MjUymFEkU
    vgXBtCKtzh3NKXtFFuW51tJ60GPOabLKuG0Qm5li+UXALrWhzWuvd5vv2FZI
    dTQCbrq/MFS/M02xNtwqzWiBjE/LwqIdbrDAAvX4HGy0ydaQJ1DKYeQeph5D
    lAGBw2nQ4izXhhuLaU3w8VQkIJHdhxIKI5gJY/20AGkG0vHD553Mh5kBINrWp
    CRYmmJS8DCYbAiQtKbkeUfzHViGTZuj6PwaY8Mv39PGO47a++pt45IUyCEs4/
    LjMS72cyfo8tU4twRGp76SFGYejYj3wGC1f/POQw==
  Signature: |
    BOPR0jL0BOV5Zx502BuPbOvi/hvOq5ID8Dz1MQfOjkey6FKP/6cb4f9YXpm6c
    ZCHAZLo0GduKdMepiKPUq1rsbbAxkRdQdjOOusEWoxNA58x3E4373tCAhlqM2
    DvuQERrIIQ/XnYLV9C3uw4efZwhFqog1jvVyoEHpuvs8xnYtGbsKQ8FrgLwXv
    pOZYy9cSgq+jqLy2D9IxiowPcbq2cRlbW9d2xlUfpq0AohyuXQhpxn7d9RUor
    9veoARRAdxRJK12EpcSoEM1LhTRYdJnSRCY3x3p6YIV3c+l1sWvaQwKt0sZ/U
    8TTDx2gb9g7r/+U9icneu/zlqUpSkexCS009Q==
  Descriptor: |
    AP///wAABAACAAAAAAAFGJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiIAAAAAAAABBUFQ6VQAAACRo
    aW9GSU8AJGhvc3RpbzAkaG9zdGlvMWFjOnUAAAAAYm9zczpVAABjYW06dQAA
    AGNlY2Q6dQAAY2ZnOnUAAABkbHA6RktDTGRscDpTUlZSZHNwOjpEU1BmcmQ6
    dQAAAGZzOlVTRVIAZ3NwOjpHcHVoaWQ6VVNFUmh0dHA6QwAAbWljOnUAAABu
    ZG06dQAAAG5ld3M6dQAAbndtOjpVRFNwdG06dQAAAHB4aTpkZXYAc29jOlUA
    AABzc2w6QwAAAHkycjp1AAAAbGRyOnJvAABpcjpVU0VSAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAABOn/rw/7//8ec/APIA8JH/APaR/1D/gf9Y/4H/cP+B/3j/gf8B
    AQD/AAIA/iECAPz/////////////////////////////////////////////
    ////////////////////////////////////////AAAAAAAAAAAAAAAAAAAA
    AAADAAAAAAAAAAAAAAAAAAI=
Click to expand...
Segmentation fault? what
 
Sorry to bother you but I do wrong? I do this and with these three tools:

romtool extracted with me .cxi y el .cfa

romtool -x --extract= test.3ds

trtool extracted with me ExeFS,RomFS, header, logo.. etc

trtool -p --exheader=exheader.bin --romfs=romfs.bin --exefs=exefs.bin --logo=logo.bin test.3ds

but I skip this error

Error, exheader hash mismatch. Wrong key?

although I believe it.

repackage and makerom to .cia

makerom -f cia -content homebrew.cxi:0:0 -content manual.cfa:1:1 -o homebrew.cia

and I loose this error:

CIA WARNING] CXI AES Key could not be loaded
Meta Region, SaveDataSize, Remaster Version cannot be obtained

if you create the game.cia, but does not work in 3ds, black screem , Error reset 3ds.


thank

sorry for my English
 
schuko1982 said:
Sorry to bother you but I do wrong? I do this and with these three tools:

romtool extracted with me .cxi y el .cfa

romtool -x --extract= test.3ds

trtool extracted with me ExeFS,RomFS, header, logo.. etc

trtool -p --exheader=exheader.bin --romfs=romfs.bin --exefs=exefs.bin --logo=logo.bin test.3ds

but I skip this error

Error, exheader hash mismatch. Wrong key?

although I believe it.

repackage and makerom to .cia

makerom -f cia -content homebrew.cxi:0:0 -content manual.cfa:1:1 -o homebrew.cia

and I loose this error:

CIA WARNING] CXI AES Key could not be loaded
Meta Region, SaveDataSize, Remaster Version cannot be obtained

if you create the game.cia, but does not work in 3ds, black screem , Error reset 3ds.


thank

sorry for my English
Click to expand...

try
Code: 
makerom -target d -ccitocia yourrom.3ds
 
I think you need to make a real cia, not a homebrew one
Code: 
makerom -f cia -romfs decrypted_romfs.bin -exefs decrypted_exefs.bin -exheader decrypted_exheader.bin -rsf RSF.rsf -o rom.cia
(Or something like that)
 
piratesephiroth
piratesephiroth said:
try
Code: 
makerom -target d -ccitocia yourrom.3ds
Click to expand...


C:\makerom>makerom -target d -ccitocia yourrom.3ds
[SETTING ERROR] Unrecognised argument '-ccitocia'
[RESULT] Invalid arguments, see 'makerom -help'

CalebW said:
I think you need to make a real cia, not a homebrew one
Code: 
makerom -f cia -romfs decrypted_romfs.bin -exefs decrypted_exefs.bin -exheader decrypted_exheader.bin -rsf RSF.rsf -o rom.cia
(Or something like that)
Click to expand...

C:\makerom>makerom -f cia -romfs decrypted_romfs.bin -exefs decrypted_exefs.bin
-exheader decrypted_exheader.bin -rsf RSF.rsf -o rom.cia
[SETTING ERROR] Unrecognised argument '-exefs'
[RESULT] Invalid arguments, see 'makerom -help'
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Help on 3DS prices...

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Website for finding alternative games for 3DS

Homebrew Homebrew app  [Release] GridLauncher Rosalina

Homebrew  My Secret World DS: is there a way to bypass the password lock?

please help, wont boot

Hardware  I Have 2 THQ Dev Kit 3DSes (Panda), Need Help On Preserving What’s Inside