yifan_lu
I read the main post again. Seems that the process ID and offsets are for 8.1.0-0J.
What are the process ID and the offsets required if I'm going to update 9.0.0-20U to 9.2.0-20U?
Thanks!
pid: 0x000dat00025, pname: nim, tid: 0004013000002c02, kpobj: fff7b7a0
> memlayout(0x25)
null
valid memregions:
00100000 - 00302fff , size: [B]00203000[/B]
08000000 - 08000fff , size: 00001000
0ffff000 - 0fffffff , size: 00001000
1ff80000 - 1ff81fff , size: 00002000
1ffaa000 - 1ffaafff , size: 00001000
end of memlayout.
> data(0x00100000, [B]0x203000[/B], filename='data.bin', pid=0x25)
null
packet: cmd = 9, dataLen = 2109440
dump saved into data.bin successfully
finished
> data(0x14E1BC, 0x3E, pid=0x25)
null
packet: cmd = 9, dataLen = 62
68 74 74 70 73 3A 2F 2F 65 63 73 2E 63 2E 73 68 6F 70 2E 6E 69 6E 74 65 6E 64 6F 77 69 66 69 2E 6E 65 74 2F 65 63 73 2F 73 65 72 76 69 63 65 73 2F 45 43 6F 6D 6D 65 72 63 65 53 4F 41 50
finished
write(0x14E1BC, tuple(map(ord, "http://YOURECOMMERCEURL/\0")), pid=0x25)
How to identify offsets
How to identify offsets:
SNIP
Use the data() command to get a full dump of nim's memory.
Code:> data(0x00100000, [B]0x203000[/B], filename='data.bin', pid=0x25) null packet: cmd = 9, dataLen = 2109440 dump saved into data.bin successfully finished
Notice that the first argument to the dump() function is the start of the largest memory block assigned to nim, and the second (in bold) is the size of the block. This will save the full block to a file 'data.bin' on your internal micro SD card.
Copy the dump to your computer and open it with your preferred hex editor (I will use HxD).
SNIP
Note that your URL must be shorter than the existing url and end in a \0, which signifies the end of a string.
When I do the data command to dump the memory addresses, it writes the file to the computer not to the internal SD card. I think you might just be mistaking the dumping of the process when you use the NTR menu.
Also couldn't the URL be the same size, as long as it's not any longer? Not saying the \0 isn't a great way to go, but it should work as long as it's the same length as the original.
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:nus="urn:nus.wsapi.broadon.com">
<SOAP-ENV:Body>
<nus:GetSystemCommonETicket xsi:type="nus:GetSystemCommonETicketRequestType">
<nus:Version>1.0</nus:Version>
<nus:MessageId>xxx</nus:MessageId>
<nus:DeviceId>xxx</nus:DeviceId>
<nus:RegionId>JPN</nus:RegionId>
<nus:CountryCode>JP</nus:CountryCode>
<nus:Language>ja</nus:Language>
<nus:SerialNo>xxx</nus:SerialNo>
<nus:TitleId>0004001000021200</nus:TitleId><nus:TitleId>0004001000021500</nus:TitleId><nus:TitleId>0004001000021700</nus:TitleId><nus:TitleId>0004001000021800</nus:TitleId><nus:TitleId>0004001000021B00</nus:TitleId><nus:TitleId>0004001000021E00</nus:TitleId><nus:TitleId>0004001000021F00</nus:TitleId><nus:TitleId>0004001000024000</nus:TitleId><nus:TitleId>0004009B00011402</nus:TitleId><nus:TitleId>0004009B00011602</nus:TitleId><nus:TitleId>0004009B00011D02</nus:TitleId><nus:TitleId>0004009B00011E02</nus:TitleId><nus:TitleId>0004009B00015302</nus:TitleId><nus:TitleId>0004001000021000</nus:TitleId><nus:TitleId>0004001000021100</nus:TitleId><nus:TitleId>0004001000021400</nus:TitleId><nus:TitleId>0004001000021900</nus:TitleId><nus:TitleId>0004001000021A00</nus:TitleId><nus:TitleId>000400100002C000</nus:TitleId><nus:TitleId>0004001020021300</nus:TitleId><nus:TitleId>0004001020021D00</nus:TitleId><nus:TitleId>0004001020024100</nus:TitleId><nus:TitleId>000400102002CF00</nus:TitleId><nus:TitleId>000400102002D100</nus:TitleId><nus:TitleId>000400102002D300</nus:TitleId><nus:TitleId>000400102002D500</nus:TitleId><nus:TitleId>0004003000008B02</nus:TitleId><nus:TitleId>0004003000008F02</nus:TitleId><nus:TitleId>0004003000009002</nus:TitleId><nus:TitleId>0004003000009202</nus:TitleId><nus:TitleId>0004003000009302</nus:TitleId><nus:TitleId>0004003000009602</nus:TitleId>
</nus:GetSystemCommonETicket>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
changing region possible? you guys gonna make an release for this?(probably not since not meant for noobs like me)
<nus:TitleId>0004003000009702</nus:TitleId><nus:TitleId>000400300000BD02</nus:TitleId><nus:TitleId>000400300000C802</nus:TitleId><nus:TitleId>000400300000C902</nus:TitleId><nus:TitleId>000400300000CB02</nus:TitleId><nus:TitleId>000400300000CC02</nus:TitleId><nus:TitleId>000400300000CE02</nus:TitleId><nus:TitleId>0004003020009402</nus:TitleId><nus:TitleId>000400302000C803</nus:TitleId><nus:TitleId>0004009B00012302</nus:TitleId><nus:TitleId>0004009B00013302</nus:TitleId><nus:TitleId>000400DB00017302</nus:TitleId><nus:TitleId>000400DB20016302</nus:TitleId>
connect('3ds ip', 8000)
write(0x14E4F4, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25)
write(0x14E1BC, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25)
write(0x14E533, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25)
Reminder that by not using your own server you send your console's serial, device id/token, etc... over the internet. I do not log them.
No trust issues but still trying to update to 9.2J.Is it okey server connected with debugger but some failed messages under that?
> connect('192.168.1.116', 8000)
null
Server connected.
> write(0x...
null
finished
> write(0x...
null
finished
> write(0x...
null
finished
patching smdh
starting applet: 0004001000020000
expand pool addr: 0700d000, size: 00005000
FSUSER_OpenDirectory failed, ret=c8804478
Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Server disconnected.
He already did release: https://gbatemp.net/threads/creating-a-north-american-non-xl-new-3ds.381775/page-8#post-5425577
My issue is that I don't have the client cert for getting the official NUS responses, so I can't make my own CommonETicket response.
Edit: Client cert was in the ram of the ssl process, that was kind of an obvious place for it...
*removed client cert
And the CommonETicket response for 9.2U:
-removed because partial
Edit2: After sending that response, I got another request for more CommonETickets...
Code:<nus:TitleId>0004003000009702</nus:TitleId><nus:TitleId>000400300000BD02</nus:TitleId><nus:TitleId>000400300000C802</nus:TitleId><nus:TitleId>000400300000C902</nus:TitleId><nus:TitleId>000400300000CB02</nus:TitleId><nus:TitleId>000400300000CC02</nus:TitleId><nus:TitleId>000400300000CE02</nus:TitleId><nus:TitleId>0004003020009402</nus:TitleId><nus:TitleId>000400302000C803</nus:TitleId><nus:TitleId>0004009B00012302</nus:TitleId><nus:TitleId>0004009B00013302</nus:TitleId><nus:TitleId>000400DB00017302</nus:TitleId><nus:TitleId>000400DB20016302</nus:TitleId>
Edit3: I have merged all of the required responses. http://pastebin.com/cVswFk4m
Offsets for 9.2J: 0x14E4F4, 0x14E1BC, 0x14E533
I have added the 9.2U files and etickets to my server.
Code:connect('3ds ip', 8000) write(0x14E4F4, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25) write(0x14E1BC, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25) write(0x14E533, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25)
Reminder that by not using your own server you send your console's serial, device id/token, etc... over the internet. I do not log them.
After running the update to 9.2U, my 3DS rebooted perfectly fine into 9.2J.
That's never going to happen. This is only for updating within the same region.
He already did release: https://gbatemp.net/threads/creating-a-north-american-non-xl-new-3ds.381775/page-8#post-5425577
My issue is that I don't have the client cert for getting the official NUS responses, so I can't make my own CommonETicket response.
Edit: Client cert was in the ram of the ssl process, that was kind of an obvious place for it...
*removed client cert
And the CommonETicket response for 9.2U:
-removed because partial
Edit2: After sending that response, I got another request for more CommonETickets...
Code:<nus:TitleId>0004003000009702</nus:TitleId><nus:TitleId>000400300000BD02</nus:TitleId><nus:TitleId>000400300000C802</nus:TitleId><nus:TitleId>000400300000C902</nus:TitleId><nus:TitleId>000400300000CB02</nus:TitleId><nus:TitleId>000400300000CC02</nus:TitleId><nus:TitleId>000400300000CE02</nus:TitleId><nus:TitleId>0004003020009402</nus:TitleId><nus:TitleId>000400302000C803</nus:TitleId><nus:TitleId>0004009B00012302</nus:TitleId><nus:TitleId>0004009B00013302</nus:TitleId><nus:TitleId>000400DB00017302</nus:TitleId><nus:TitleId>000400DB20016302</nus:TitleId>
Edit3: I have merged all of the required responses. http://pastebin.com/cVswFk4m
Offsets for 9.2J: 0x14E4F4, 0x14E1BC, 0x14E533
I have added the 9.2U files and etickets to my server.
Code:connect('3ds ip', 8000) write(0x14E4F4, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25) write(0x14E1BC, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25) write(0x14E533, tuple(map(ord, "http://us92.jp81to92update.tk/\0")), pid=0x25)
Reminder that by not using your own server you send your console's serial, device id/token, etc... over the internet. I do not log them.
After running the update to 9.2U, my 3DS rebooted perfectly fine into 9.2J.