Hacking (4.x only) CIA CFW Complete Guide

[CalebW]

Shit! I've compiled the latest version of makerom from git, but whenever I try to compile a cia, I get a segmentation fault.
Here's the command I run:

$ makerom -f cia -target t -desc app:2 -icon exefs/icon.bin -code exefs/code.bin
-banner exefs/banner.bin -logo exefs/logo.bin -exefslogo -exheader dec_exheader.bin -romfs dec_romfs.bin -rsf cia.rsf -o Ocarina.cia -v

Here's my rsf file:

Spoiler

BasicInfo:
  Title                  : "LoZOoT"
  CompanyCode            : "00"
  ProductCode            : "CTR-P-AQEE"
  ContentType            : Application # Application / SystemUpdate / Manual / Child / Trial
  Logo                    : Nintendo # Nintendo / Licensed / Distributed / iQue / iQueForSystem
 
TitleInfo:
  UniqueId                : 0x0335
  Category                : Application
 
Option:
  UseOnSD                : true # true if App is to be #installed to SD
  EnableCompress          : true # Compresses exefs code
  FreeProductCode        : true # Removes limitations on ProductCode
  EnableCrypt            : true # Enables encryption for NCCH and CIA
  MediaFootPadding        : true # If true CCI files are created with padding
 
AccessControlInfo:
  ExtSaveDataId: 0x0335 # same as UniqueId
  SystemSaveDataId1: 0x00000000 # plaintext exheader
  SystemSaveDataId2: 0x00000000 # plaintext exheader
  OtherUserSaveDataId1: 0x00000 # plaintext exheader
  OtherUserSaveDataId2: 0x00000 # plaintext exheader
  OtherUserSaveDataId3: 0x00000 # plaintext exheader
  UseOtherVariationSaveData : false
 
SystemControlInfo:
  SaveDataSize: 128K # plaintext exheader
  RemasterVersion: 0000 # plaintext exheader
  StackSize: 0x00004000 # plaintext exheader
  JumpId: 0x0004000000033500L # plaintext exheader (<full UniqueID>L)

And here's the output:

[NCCH WARNING] NCCH AES Key could not be loaded, NCCH will not be encrypted
Segmentation fault (core dumped)

Does anyone know why this is?

 

[drwhojan]

[NCCH WARNING] NCCH AES Key could not be loaded, NCCH will not be encrypted
Segmentation fault (core dumped)

I suppose the only way to tell if the true nature of the file if OK, is to get Super.Mario.Bros.Deluxe.EUR.VC.3DSWare


.CIA files, and see if find one in .3DS format , convert the .3DS version into .CIA , and match both in hxd are hexcap better , if both files match data then we know this is how it maybe was done, Meaning the file OK excluding the one error .

 

[caprathebest]

http://gbatemp.net/threads/gateway-public-release-2-6.373666

 

[drwhojan]

Can we have "Convert Own .3DS to .CIA files" topic here ?

We need more games then just the few available , don't ya think...

I'm not much good on opening righting a topic xd .

 

[CalebW]

I suppose the only way to tell if the true nature of the file if OK, is to get Super.Mario.Bros.Deluxe.EUR.VC.3DSWare


.CIA files, and see if find one in .3DS format , convert the .3DS version into .CIA , and match both in hxd are hexcap better , if both files match data then we know this is how it maybe was done, Meaning the file OK excluding the one error .

Are you replying to me? If so, you must not know the nature of segmentation faults. It's not just "one error" and the cia is still compiled, it's "a very big error" and the program quit before the cia is compiled.

 

[TheMaxynator]

Guys, I'm having problems booting into the CFW. It says that when you click profile setting with L pressed, that it should 'flash white' for a 'moment'. I've had my bottom screen hanging on black and also on white. I don't really know when it was succesful, or when I <b>exactly</b> need to run the .bat

Also, should it keep hanging? How does actually booting in the CFW work? Thank you for any help

 

[drwhojan]

Are you replying to me? If so, you must not know the nature of segmentation faults. It's not just "one error" and the cia is still compiled, it's "a very big error" and the program quit before the cia is compiled.

Yes I was sorry, I did a topic some pages ago http://gbatemp.net/threads/4-x-only-cia-cfw-complete-guide.373532/page-8#post-5145479

I only got the one error for game in images .


I see thanks, that's what we need a topic on this separate

Sorry I'm not 100% up to speed

 

[ilollo360]

I'm trying to obtain Luigi's Mansion 2 Xorpads from 3DS but it is very slow. It is stuck on Reading Info... is it normal?

 

[mocalacace]

I'm trying to obtain Luigi's Mansion 2 Xorpads from 3DS but it is very slow. It is stuck on Reading Info... is it normal?

There should be a percentage number in the top right. It will go pretty slow for larger games.

 

[Misiel]

will this cfw be able to use redNand in latest firmwares in the future?
i dont have the money to buy a gateway
and they just released v2.6 with devmenu suport but i need their card to use emunand
i have been since 2.2 without an updated emunand.

 

[CalebW]

If you encounter an error saying "[ROMFS ERROR] Invalid RomFS Binary.", then remove the "-romfs romfs.bin" from the command.

If you remove "-romfs romfs.bin" from the command, then the romfs file is not included in the resulting cia file and will not run as the romfs contains the bulk of the data.

Well, I removed the "-romfs dec_romfs.bin" from the makerom command and makerom successfully compiled the cia, so the problem has something to do with importing the romfs into the cia. (And yes, I believe my dec_romfs.bin is successfully decrypted).

Why does makerom have a problem with romfs? Any insight would be appreciated.

 

[Arnold0]

Guys anyone have a link for what to do when you have the xorpads. I dont get the good files what I get is this...

EDIT : Sorry I had an error while running the tool I retried and now I have the good decrypted files sorry D:

 

[palantine]

If you remove "-romfs romfs.bin" from the command, then the romfs file is not included in the resulting cia file and will not run as the romfs contains the bulk of the data.

Well, I removed the "-romfs dec_romfs.bin" from the makerom command and makerom successfully compiled the cia, so the problem has something to do with importing the romfs into the cia. (And yes, I believe my dec_romfs.bin is successfully decrypted).

Why does makerom have a problem with romfs? Any insight would be appreciated.

In my case, ctrtool creates a 0 KB file for romfs when you try to extract it from a rom that doesn't have a romfs region. Therefore it complains because it sees an invalid file.

To see information about the romfs the following command should work.

ctrtool -t romfs romfs.bin

For example when I run that on my empty romfs I get this error:

Error, IVFC segment corrupted
Error, RomFS corrupted

 

[ilollo360]

Is there any simple tutorial to convert .3ds to .cia?

 

[kamo]

Can we have "Convert Own .3DS to .CIA files" topic here ?

We need more games then just the few available , don't ya think...

I'm not much good on opening righting a topic xd .

Could you please list which games work?

 

[CalebW]

In my case, ctrtool creates a 0 KB file for romfs when you try to extract it from a rom that doesn't have a romfs region. Therefore it complains because it sees an invalid file.

To see information about the romfs the following command should work.


For example when I run that on my empty romfs I get this error:

Well, when I try to view the encrypted romfs I get your above error(but the file size in 467MB), but when I try to view the decrypted romfs I get:

$ ctrtool -t romfs dec_romfs.bin
 
IVFC:
Header:                IVFC
Id:                    00010000
 
Level 0:           
Data offset:          0x000000001c00e000
Data size:            0x0000000000008000
Hash offset:          0x0000000000000060
Hash block size:      0x00001000
 
Level 1:           
Data offset:          0x000000001c016000
Data size:            0x0000000000381000
Hash offset:          0x000000001c00e000
Hash block size:      0x00001000
 
Level 2:           
Data offset:          0x0000000000001000
Data size:            0x000000001c00d000
Hash offset:          0x000000001c016000
Hash block size:      0x00001000
 
RomFS:
Header size:            0x00000028
Section 0 offset:      0x00001028
Section 0 size:        0x000000D4
Section 1 offset:      0x000010FC
Section 1 size:        0x00000794
Section 2 offset:      0x00001890
Section 2 size:        0x00001E74
Section 3 offset:      0x00003704
Section 3 size:        0x00020DE4
Data offset:            0x000244F0

Is there any simple tutorial to convert .3ds to .cia?

There's one at page 29 of this thread.

 

[CalebW]

double post

 

[mocalacace]

Well, when I try to view the encrypted romfs I get your above error(but the file size in 467MB), but when I try to view the decrypted romfs I get:

I used the 3ds explorer tool to extract the exheader, romfs, and exefs. Then decrypted them with a batch script.

 

[palantine]

Is there any simple tutorial to convert .3ds to .cia?

Check the first post.

 

[Henceforth]

3DS 4.4 >
(4.x only) CIA CFW Complete Guide by palantine
> Programs Used : GW Launcher (2.5) in SD, Homebrew in MicroSD,Giovanni Devmenu.

Step one: Change in SD>id0>id1>dbs , title.db and import.db with new ones.
Step two: Use microSD, hombrew launcher.
Step Three: Options>management data press delete, "now you can use eshop".
Step Four: Profile SD, at the same time press "L", gets to emunand.
Step Five: Connect internet, wait for "Uptade" press cancel, in the pc press "run.bat". Press enter to close the msdos windows.
Step Six: Got error command-index: 1 , go to internet browse some page, back to the 3ds, now a gift has appear.

SD in format fat32 because is more of 2gb, 7gb here.
Runs smoothle with the 2GB SD card, but then i can install any game i need more space.