Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

[gamesquest1]

No eShop anyway, if you are on an exploitable FW.

This. I ended up using some of my amazon credit for a JPN copy. I was lucky and got it for $43 with prime shipping. I wish it was still on the eShop.

its back on the eshop right.....in which case once this is released, you could update emunand to 9.5 (assuming this is released before nintendo possibly fix their encryption bug)....but assuming we have the tools to dump your tickets from emunand, you could probably buy it on 9.5 emunad, build yourself a legit for your specific console cia file....thus giving you a legit signed JPN cubic ninja eshop version playable in 9.0-9.2 sysnand and you could sell on your JPN retail cart....also make it more convenient

lots of ifs and buts, but should be possible

 

[Zedd91]

For users who do not know. KARL3DS = No 3DS Backups Load ok

 

[Rob Blou]

what would be great is if there was a way to dump a physical game, convert and install it as a cia ... if it's done in a way that we can't install any cia buy only our dumped games (and all the rest stated above of course). That way piracy is not really a question and we can all have our physical games in our N3DS

 

[gamesquest1]

what would be great is if there was a way to dump a physical game, convert and install it as a cia ... if it's done in a way that we can't install any cia buy only our dumped games (and all the rest stated above of course). That way piracy is not really a question and we can all have our physical games in our N3DS

until people just start renting/borrowing games installing them and returning the, then there is the people who would just have access to a lot of games, (be it owned or just working in a shop through friends and family etc) who could just install a whole bunch of games and sell the system "preloaded with all teh top gamez".......its pretty clear now, this is not going to have any systems in place that can be abused....but this is skirting too close to piracy debates, which are strictly forbidden from the thread

 

[Slushie3DS]

I just wanted to pop in and congratulate you on all of your progress. It is really great to see projects moving forward.

As previously stated, a developmental blog would be astounding, because we wouldn't have to read through great amounts of dispute to follow the project.

 

[Xenon Hacks]

until people just start renting/borrowing games installing them and returning the, then there is the people who would just have access to a lot of games, (be it owned or just working in a shop through friends and family etc) who could just install a whole bunch of games and sell the system "preloaded with all teh top gamez".......its pretty clear now, this is not going to have any systems in place that can be abused....but this is skirting too close to piracy debates, which are strictly forbidden from the thread

Was planning on doing that from the get go using gamefly for "legit signed content" installation.

 

[Ralph1611]

I want to ask a question about this so called KARL3DS and region changing...

Would it be a permanent region change? would it show was U instead of E on my system or would I need to keep running the exploit?

 

[shinyquagsire23]

I want to ask a question about this so called KARL3DS and region changing...

Would it be a permanent region change? would it show was U instead of E on my system or would I need to keep running the exploit?

You will need to run the exploit. Changing regions permanently is possible but risky since you have to transfer a SecureInfo_A from a valid US console to your console. Via sysNAND. And install multiple cias.

 

[VinsCool]

You will need to run the exploit. Changing regions permanently is possible but risky since you have to transfer a SecureInfo_A from a valid US console to your console. Via sysNAND. And install multiple cias.

This, THIS would benefit a lot of N3DS owners here

 

[Gadorach]

This, THIS would benefit a lot of N3DS owners here

100% agree, I have a 8.1.0-0J SSB3DS N3DSXL here, and can't wait for both solutions to come about. I also caved and grabbed a 9.0.0-20U N3DSXL, but I want to get this one going with my US games and the like as well, ha ha

 

[Zidapi]

We have ARM9, so we can grab full NAND dumps at this point. We will probably end up making a menu interface similar to how GW has one in order to dump NAND and create emuNAND partitions. Since most people already have an MT/GW emuNAND we'll probably stick to that format vs redNANDs.

What's the difference between emuNAND and redNAND?

I thought they were one and the same (that they are both red(irected)NANDs), and that emuNAND was just Gateway's name for redNAND.

 

[shinyquagsire23]

What's the difference between emuNAND and redNAND?

I thought they were one and the same (that they are both red(irected)NANDs), and that emuNAND was just Gateway's name for redNAND.

The first sector in GW's nand redirect is replaced with a dummy sector (for identification) with the actual first sector placed at the end of the NAND image. redNAND is just a straight copy of the NAND to the SD card.

 

[Gadorach]

What's the difference between emuNAND and redNAND?

I thought they were one and the same (that they are both red(irected)NANDs), and that emuNAND was just Gateway's name for redNAND.

They're referring to the structure of the SD cards EmuNAND partition, as well as the formatting of the NAND when installed to that partition. It's not as though the data is any different, it's just how it's stored. It's something akin to RARing a file instead of ZIPping it. Same information on the inside, just a different container on the outside.

 

[2Hack]

....but can you block sky3ds ....that would settle the "can sky3ds be blocked" debate

Nothing against sky users, but Oh God, that would be too funny to see :')

 

[WulfyStylez]

The first sector in GW's nand redirect is replaced with a dummy sector (for identification) with the actual first sector placed at the end of the NAND image. redNAND is just a straight copy of the NAND to the SD card.

Well, it has to deal with how FAT works. You need to have the first sector be the partition info, so you can't put your first NAND sector there. Yellows8 solves that by shifting everything by one, GW solves that by moving just the last sector and handling a case where the first sector is accessed.

 

[Zidapi]

-snip-

-snip-

-snip-

Thanks for the clarification and explanation folks.

No eShop anyway, if you are on an exploitable FW.

I thought Wulfy had mentioned that they could already bypass the need to be updated to access the eShop. No?

Here's hoping for this, too, since I originally picked up a Gateway before this project even existed on the hope that regionthree would have seen a port to N3DS for use with it, and if they did happen to release first, then I wouldn't have to invest in importing an already expensive copy of JPN Cubic Ninja :/

Gateway allows for region free gaming already, a regionthree port would be redundant.

what would be great is if there was a way to dump a physical game, convert and install it as a cia ... if it's done in a way that we can't install any cia buy only our dumped games (and all the rest stated above of course). That way piracy is not really a question and we can all have our physical games in our N3DS

Yes, and how would you stop sky3DS users from installing downloaded ROMs?

Perhaps there are ways to allow for the installation of legitimate backups like Devolution did for the Wii. Maybe using the cartridges header, checking it against an updatable black list that contained all the headers from sky3DS's template and popular public headers.

Maybe they could build upon Nintendo's existing demo system, allowing a legitimate backup to be played a set number of times. When the play count limit is reached the game is unable to be run and a menu pops up allowing you to either backup your save or reinsert the original cartridge at which point the play count limit is reset.

So there may be ways, but I don't think legitimate backup loading is likely to be looked at as a feature anytime soon.

 

[dubbz82]

Perhaps there are ways to allow for the installation of legitimate backups like Devolution did for the Wii. ~SNIP~

This is a pretty good way to get a whole bunch of people very upset with you long term, and causing them to effectively have to reinvent the wheel (nintendont in the case of Devolution). I'd rather not have rom loading at all, as opposed to being tied into a dev's draconian DRM system.

Yes, and how would you stop sky3DS users from installing downloaded ROMs?
~SNIP~

Ow. My head hurts from this one. Why would they even be concerned about this? The rom has already been pirated at that point. I mean I guess....but I'm not certain if you've ever gone through the process of installing CIA files to a console, it's rather time consuming, and I get the gut feeling that people with rom cards likely wouldn't want to sink hours (in cases of larger games) converting the games to CIA and installing when they have the game readily available and accessible to them.

Maybe they could build upon Nintendo's existing demo system, allowing a legitimate backup to be played a set number of times. When the play count limit is reached the game is unable to be run and a menu pops up allowing you to either backup your save or reinsert the original cartridge at which point the play count limit is reset.

No. Just no.

 

[WulfyStylez]

Daz is out doing stuff and hasn't pushed his changes yet, so here's me running my own nand dumping code I wrote in the meantime.

 

[Relys]

Guys the argument of being able to "backup your carts" honestly died last generation. If you want all your games stored on your SD card then buy them from the eshop. I don't care if some obscure games aren't available to purchase in that format or if you already own a billion carts. Game "backups" are just flat out something that we're just not interested in supporting and we are certainly not going to go out of our way to develop some crazy method of trying to "authenticate" that you actually purchased the cart. Why you may ask? Because we don't care enough about that feature for our own personal use to develop it. At the end of the day this project is about developing things we want to use. Why you may ask? Because nobody is paying us to develop things we could care less about. There is also not ETA for release. Why you may ask? Because we do this in our free time and nobody is paying us to develop these features outside of our own pace. There is also no guaranteed feature set or release. Why you may ask? Because nobody is entitled to anything we develop and choose not to release.

At the end of the day this project really boils down to three things that we think people should be able to do.

• Arm11 kernel access for RAM editing and debugging (already done)
• A region free solution for n3ds (being worked on).
• Possibly some sort of signed homebrew channel from home menu with access to services such as CSDN (for sound on n3ds)?

Also, I am sick and tired of hearing these piracy "debates":

1. It's not a moral issue it's an ethical and most important an legal issue.
2. Taking away revenue from developers is wrong. We have to eat too you know. If you don't like what we make, then don't play our games.
3. Trying to rationalize piracy by saying "oh it only hurts the big evil game corporations" is a crock of shit and just goes how little you know about business and economics.
4. Telling developers that they are hypocrites for not enabling piracy but personally downloading a movie, game etc. every once in awhile just goes to show how ignorant you are. Pirating for personal use and enabling piracy for millions is a completely different situation.
5. Insulting developers when you don't get your way isn't helping your case. It may work when your mommy won't buy you what you want, but we could care less about your "opinions".

 

[night_hawk]

SNIP
[/LIST]

Absolutely perfect post!!!
You just forgot a little thing to say: "if you don't agree with devs point of view, then DO IT YOURSELF, no one will stop you".

Now a technical question: Do you guys think that could be possible to have some kind of debug that will log handled and unhandled crashes of the browser? Maybe this could help for looking into a webkit browser exploit in the N3DS, or am I totally wrong?
Thank you.