Hacking (4.x only) CIA CFW Complete Guide

[Vappy]

It was in this thread. http://gbatemp.net/threads/4-x-only-cia-cfw-complete-guide.373532/page-2#post-5144677

 

[mocalacace]

and I have decrypted the game and everything you need romfs,icon.bin,banner.bin,code.bin,logo.bin,exheader.bin gw.rsf , but it gives me error


C:\makeroms>makerom -f cia -romfs decrypted_romfs.bin -icon icon.bin -banner ban
ner.bin -code code.bin -logo logo.bin -exheader decrypted_exheader.bin -rsf gw.r
sf -o rom.cia -exefslogo
[NCCH WARNING] NCCH AES Key could not be loaded, NCCH will not be encrypted
[CIA WARNING] Common Key could not be loaded, CIA will not be encrypted

C:\makeroms>makerom -f cia -romfs decrypted_romfs.bin -icon icon.bin -banner ban
ner.bin -code code.bin -logo logo.bin -exheader decrypted_exheader.bin -rsf gw.r
sf -o rom.cia
[NCCH WARNING] NCCH AES Key could not be loaded, NCCH will not be encrypted
[CIA WARNING] Common Key could not be loaded, CIA will not be encrypted


help me please

thank

I'm still stuck at the error

[RSF ERROR] Unrecognised key: RomFs
[RSF ERROR] Error Processing RSF File

edit: turns out I was using an outdated makerom

Now my error is

[ACEXDESC ERROR] Current keyset cannor sign AccessDesc, please appropriately set -up RSF or specify a preset with -desc]
[EXHEADER ERROR] Failed to create ExHeader
[NCCH ERROR] NCCH Build process failed]

edit2: I didnt have the commonkey and other stuff at the end of the RSF

and now im getting error
[CIA ERROR] Content 0 is corrupt (res = -10)
failed to build cia

edit3: my xorpad was incomplete, as I did not have enough storage space on my sd card. I dumped the xorpads again and decrypted the romfs.bin once more. and still am getting the Content 0 is corrupt error


this is my rsf file (modified from smealum yeti-3ds

Spoiler

BasicInfo:
BasicInfo:
Title : "LoZ Ocarina of Time"
CompanyCode : "00"
ProductCode : "CTR-N-LoZO"
ContentType : Application # Application / SystemUpdate / Manual / Child / Trial
Logo : Nintendo # Nintendo / Licensed / Distributed / iQue / iQueForSystem

RomFs:
# Specifies the root path of the file system to include in the ROM.
RootPath : "decryted_romfs"


TitleInfo:
UniqueId : 0x1234 # This was/is the first real homebrew app. I hope this TID range is not used by any retail game/app.
Category : Application # Application / SystemApplication / Applet / Firmware / Base / DlpChild / Demo / Contents / SystemContents / SharedContents / AddOnContents / Patch / AutoUpdateContents

CardInfo:
MediaSize : 512MB # 128MB / 256MB / 512MB / 1GB / 2GB / 4GB / 8GB / 16GB / 32GB
MediaType : Card1 # Card1 / Card2
CardDevice : NorFlash # NorFlash / None


Option:
UseOnSD : true # true if App is to be installed to SD
EnableCompress : true # Compresses exefs code
FreeProductCode : true # Removes limitations on ProductCode
EnableCrypt : false # Enables encryption for NCCH and CIA
MediaFootPadding : false # If true CCI files are created with padding

ExeFs: # these are the program segments from the ELF, check your elf for the appropriate segment names
ReadOnly:
- .rodata
- RO
ReadWrite:
- .data
- RO
Text:
- .init
- .text
- STUP_ENTRY

PlainRegion: # only used with SDK ELFs
# - .module_id

AccessControlInfo:
# UseOtherVariationSaveData : true
# UseExtSaveData : true
# ExtSaveDataId: 0x1234
# SystemSaveDataId1: 0x222
# SystemSaveDataId2: 0x00040011
# UseExtendedSaveDataAccessControl: true
# AccessibleSaveDataIds: [0x101, 0x202, 0x303, 0x404, 0x505, 0x606]
FileSystemAccess:
# - CategorySystemApplication
# - CategoryHardwareCheck
# - CategoryFileSystemTool
- Debug
# - TwlCardBackup
# - TwlNandData
# - Boss
- DirectSdmc
# - Core
# - CtrNandRo
# - CtrNandRw
# - CtrNandRoWrite
# - CategorySystemSettings
# - CardBoard
# - ExportImportIvs
# - DirectSdmcWrite
# - SwitchCleanup
# - SaveDataMove
# - Shop
# - Shell
# - CategoryHomeMenu
IoAccessControl:
# - FsMountNand
# - FsMountNandRoWrite
# - FsMountTwln
# - FsMountWnand
# - FsMountCardSpi
# - UseSdif3
# - CreateSeed
# - UseCardSpi

IdealProcessor : 0
AffinityMask : 1

Priority : 16

MaxCpu : 0x9E # Default

DisableDebug : true
EnableForceDebug : false
CanWriteSharedPage : true
CanUsePrivilegedPriority : false
CanUseNonAlphabetAndNumber : true
PermitMainFunctionArgument : true
CanShareDeviceMemory : true
RunnableOnSleep : false
SpecialMemoryArrange : true

CoreVersion : 2
DescVersion : 2

ReleaseKernelMajor : "02"
ReleaseKernelMinor : "33"
MemoryType : Application # Application / System / Base
HandleTableSize: 512
IORegisterMapping:
- 1ff50000-1ff57fff
- 1ff70000-1ff77fff
MemoryMapping:
- 1f000000-1f5fffff:r
SystemCallAccess:
ArbitrateAddress: 34
Break: 60
CancelTimer: 28
ClearEvent: 25
ClearTimer: 29
CloseHandle: 35
ConnectToPort: 45
ControlMemory: 1
CreateAddressArbiter: 33
CreateEvent: 23
CreateMemoryBlock: 30
CreateMutex: 19
CreateSemaphore: 21
CreateThread: 8
CreateTimer: 26
DuplicateHandle: 39
ExitProcess: 3
ExitThread: 9
GetCurrentProcessorNumber: 17
GetHandleInfo: 41
GetProcessId: 53
GetProcessIdOfThread: 54
GetProcessIdealProcessor: 6
GetProcessInfo: 43
GetResourceLimit: 56
GetResourceLimitCurrentValues: 58
GetResourceLimitLimitValues: 57
GetSystemInfo: 42
GetSystemTick: 40
GetThreadContext: 59
GetThreadId: 55
GetThreadIdealProcessor: 15
GetThreadInfo: 44
GetThreadPriority: 11
MapMemoryBlock: 31
OutputDebugString: 61
QueryMemory: 2
ReleaseMutex: 20
ReleaseSemaphore: 22
SendSyncRequest1: 46
SendSyncRequest2: 47
SendSyncRequest3: 48
SendSyncRequest4: 49
SendSyncRequest: 50
SetThreadPriority: 12
SetTimer: 27
SignalEvent: 24
SleepThread: 10
UnmapMemoryBlock: 32
WaitSynchronization1: 36
WaitSynchronizationN: 37
InterruptNumbers:
ServiceAccessControl:
- APT:U
- $hioFIO
- $hostio0
- $hostio1
- ac:u
- boss:U
- cam:u
- cecd:u
- cfg:u
- dlp:FKCL
- dlp:SRVR
- dsp:SP
- frd:u
- fs:USER
- gsp::Gpu
- hid:USER
- http:C
- mic:u
- ndm:u
- news:u
- nwm::UDS
- ptm:u
- pxi:dev
- soc:U
- ssl:C
- y2r:u
- ldr:ro
- ir:USER


SystemControlInfo:
SaveDataSize: 512KB # It doesn't use any save data.
RemasterVersion: 0
StackSize: 0x40000
# JumpId: 0
Dependency:
ac: 0x0004013000002402L
am: 0x0004013000001502L
boss: 0x0004013000003402L
camera: 0x0004013000001602L
cecd: 0x0004013000002602L
cfg: 0x0004013000001702L
codec: 0x0004013000001802L
csnd: 0x0004013000002702L
dlp: 0x0004013000002802L
dsp: 0x0004013000001a02L
friends: 0x0004013000003202L
gpio: 0x0004013000001b02L
gsp: 0x0004013000001c02L
hid: 0x0004013000001d02L
http: 0x0004013000002902L
i2c: 0x0004013000001e02L
ir: 0x0004013000003302L
mcu: 0x0004013000001f02L
mic: 0x0004013000002002L
ndm: 0x0004013000002b02L
news: 0x0004013000003502L
nim: 0x0004013000002c02L
nwm: 0x0004013000002d02L
pdn: 0x0004013000002102L
ps: 0x0004013000003102L
ptm: 0x0004013000002202L
ro: 0x0004013000003702L
socket: 0x0004013000002e02L
spi: 0x0004013000002302L
ssl: 0x0004013000002f02L
CommonHeaderKey:
D: |
jL2yO86eUQnYbXIrzgFVMm7FVze0LglZ2f5g+c42hWoEdnb5BOotaMQPBfqt
aUyAEmzQPaoi/4l4V+hTJRXQfthVRqIEx27B84l8LA6Tl5Fy9PaQaQ+4yRfP
g6ylH2l0EikrIVjy2uMlFgl0QJCrG+QGKHftxhaGCifdAwFNmiZuyJ/TmktZ
0RCb66lYcr2h/p2G7SnpKUliS9h9KnpmG+UEgVYQUK+4SCfByUa9PxYGpT0E
nw1UcRz0gsBmdOqcgzwnAd9vVqgb42hVn6uQZyAl+j1RKiMWywZarazIR/k5
Lmr4+groimSEa+3ajyoIho9WaWTDmFU3mkhA2tUDIQ==
Exponent: |
AQAB
Modulus: |
zwCcsyCgMkdlieCgQMVXA6X2jmb1ICjup0Q+jk/AydPkOgsx7I/MjUymFEkU
vgXBtCKtzh3NKXtFFuW51tJ60GPOabLKuG0Qm5li+UXALrWhzWuvd5vv2FZI
dTQCbrq/MFS/M02xNtwqzWiBjE/LwqIdbrDAAvX4HGy0ydaQJ1DKYeQeph5D
lAGBw2nQ4izXhhuLaU3w8VQkIJHdhxIKI5gJY/20AGkG0vHD553Mh5kBINrWp
CRYmmJS8DCYbAiQtKbkeUfzHViGTZuj6PwaY8Mv39PGO47a++pt45IUyCEs4/
LjMS72cyfo8tU4twRGp76SFGYejYj3wGC1f/POQw==
Signature: |
BOPR0jL0BOV5Zx502BuPbOvi/hvOq5ID8Dz1MQfOjkey6FKP/6cb4f9YXpm6c
ZCHAZLo0GduKdMepiKPUq1rsbbAxkRdQdjOOusEWoxNA58x3E4373tCAhlqM2
DvuQERrIIQ/XnYLV9C3uw4efZwhFqog1jvVyoEHpuvs8xnYtGbsKQ8FrgLwXv
pOZYy9cSgq+jqLy2D9IxiowPcbq2cRlbW9d2xlUfpq0AohyuXQhpxn7d9RUor
9veoARRAdxRJK12EpcSoEM1LhTRYdJnSRCY3x3p6YIV3c+l1sWvaQwKt0sZ/U
8TTDx2gb9g7r/+U9icneu/zlqUpSkexCS009Q==
Descriptor: |
AP///wAABAACAAAAAAAFGJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiIAAAAAAAABBUFQ6VQAAACRo
aW9GSU8AJGhvc3RpbzAkaG9zdGlvMWFjOnUAAAAAYm9zczpVAABjYW06dQAA
AGNlY2Q6dQAAY2ZnOnUAAABkbHA6RktDTGRscDpTUlZSZHNwOjpEU1BmcmQ6
dQAAAGZzOlVTRVIAZ3NwOjpHcHVoaWQ6VVNFUmh0dHA6QwAAbWljOnUAAABu
ZG06dQAAAG5ld3M6dQAAbndtOjpVRFNwdG06dQAAAHB4aTpkZXYAc29jOlUA
AABzc2w6QwAAAHkycjp1AAAAbGRyOnJvAABpcjpVU0VSAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAABOn/rw/7//8ec/APIA8JH/APaR/1D/gf9Y/4H/cP+B/3j/gf8B
AQD/AAIA/iECAPz/////////////////////////////////////////////
////////////////////////////////////////AAAAAAAAAAAAAAAAAAAA
AAADAAAAAAAAAAAAAAAAAAI=

 

[Reecey]

Reecey You should get Result Code 0. That means it worked.

The code should just say 0 not c02690 for example?

 

[Rizzorules]

It was in this thread. http://gbatemp.net/threads/4-x-only-cia-cfw-complete-guide.373532/page-2#post-5144677

Yeah exactly :b

 

[asesin22]

Is this correct:

also does he mean create db files or folders cause how do you create files in a folder?

yes but i aaaaaaaaaaaaaaaarg watch this

 

[Huntereb]

The code should just say 0 not c02690 for example?

Right.

 

[asesin22]

yes but i aaaaaaaaaaaaaaaarg watch this

 

[Reecey]

Yeah exactly :b

I've done the files thing just 2 data base files and change them to .db at the end? how do you create a txt file?????????????????????????????????

 

[CalebW]

Bulletproof? It's not that hard...

Could you share some info? I managed to compile a cia from the decrypted rom once and when I tried to install it with devmenu I got some sort of permission error...

 

[daxtsu]

I give up its driving me fucking insane what a load of bolloooookkkkkkkkksssssssssssssssssssssssssssssssssssssssssssssssssssss.........................shit, wank crap bullshit CFW and look at that back with my old SD card and boots into GW 9.x in a second, much better in my opinion!!! Devs you can shove your CFW where the sun don't shine! give me the Gateway team any day of the week!

Just because there's no one-click installer yet that always works without 10 3DS reboots between successful runs doesn't warrant insulting the people (e.g. Palantine and whoever else helps him) that are working on this in their spare time for you and the community, for free. It'll take time for this to become easier, as it does with all scene-related stuff.

 

[xyzmanas]

only if someone can remove the connect to 3ds part to install devmenu. That is where most fail.

 

[mijuu]

EDIT: Features:
-Includes Gateway and Homebrew Launchers
[/CODE]

Does this mean the gateway launcher can be launched without a gateway card?

 

[Huntereb]

I give up its driving me fucking insane what a load of bolloooookkkkkkkkksssssssssssssssssssssssssssssssssssssssssssssssssssss.........................shit, wank crap bullshit CFW and look at that back with my old SD card and boots into GW 9.x in a second, much better in my opinion!!! Devs you can shove your CFW where the sun don't shine! give me the Gateway team any day of the week!

The firmware that got leaked was older apparently. Yeah, the original developers can shove it, but let the Developers here give it some work. I'm sure it'll turn out great over time!

 

[Vappy]

Does this mean the gateway launcher can be launched without a gateway card?

No, it just means it includes a launcher for this CFW that's compatible with the Gateway ROP.

 

[misterb98]

I give up its driving me fucking insane what a load of bolloooookkkkkkkkksssssssssssssssssssssssssssssssssssssssssssssssssssss.........................shit, wank crap bullshit CFW and look at that back with my old SD card and boots into GW 9.x in a second, much better in my opinion!!! Devs you can shove your CFW where the sun don't shine! give me the Gateway team any day of the week!

Lets see....


This is a LEAKED version of CFW, not meant to be used by anyone. You are complaining about a leaked, unfinished, old product not being equal to a dedicated team of hackers?

XD

 

[Huntereb]

Could you share some info? I managed to compile a cia from the decrypted rom once and when I tried to install it with devmenu I got some sort of permission error...

Well, it has to be a game compiled with SDK 5.0 or lower, and you should set "-desc app:4" in your makerom parameters. That should give you the right permissions.

If your rsf is set up correctly, and it's not too new of a game, it should work.

 

[CalebW]

Well, it has to be a game compiled with SDK 5.0 or lower,

You mean the leaked CTR SDK?

Also, what about the -target option?

 

[Rizzorules]

Could someone help me?
C:\Users\Rizzo\Desktop\Decryptor3>makerom -f cia -romfs decrypted_romfs.bin -ico
n icon.bin -banner banner.bin -code code.bin -logo logo.bin -exheader decrypted_
exheader.bin -rsf gw.rsf -o rom.cia
[NCCH ERROR] Failed to open RomFs file 'decrypted_romfs.bin'
[NCCH ERROR] NCCH Build Process Failed
[RESULT] Failed to build outfile
Please

 

[Vappy]

You mean the leaked CTR SDK?

No, he means it depends on whichever version of the SDK the game developers used when compiling the game

 

[CalebW]

Could someone help me?
C:\Users\Rizzo\Desktop\Decryptor3>makerom -f cia -romfs decrypted_romfs.bin -ico
n icon.bin -banner banner.bin -code code.bin -logo logo.bin -exheader decrypted_
exheader.bin -rsf gw.rsf -o rom.cia
[NCCH ERROR] Failed to open RomFs file 'decrypted_romfs.bin'
[NCCH ERROR] NCCH Build Process Failed
[RESULT] Failed to build outfile
Please

Your decrypted romfs has a different name, or you haven't yet decrypted you romfs.bin