Hacking GATEWAY 3.2 ULTRA PUBLIC BETA

zoogie

zoogie

playing around in the end of life
Developer
Level 24
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,000
Country
Micronesia, Federated States of
Just a note for developers mainly (and very good news). The msetforboss rop chain on ROPinstaller.nds works for dumping mset RAM memory for both old3ds and new3ds on 9.x (assuming a 4.5 downgraded mset). Use the 4x ram dumper here,
https://github.com/WinterMute/ROPInstaller
(this is the repo N3DS_ropinstaller is based on, included with the app)

with msetforboss 4x chain for old 3ds. It works. I dumped 3MB of mset memory for old3ds (2DS) and n3ds on 9.x.
 
  • Like
Reactions: Margen67
motezazer

motezazer

Well-Known Member
Member
Level 8
Joined
Feb 6, 2015
Messages
1,214
Trophies
0
Age
24
XP
1,442
Country
France
MrJason005 said:
When will be able to get the keys from our own purchased eShop games, inject them to a general release, so we can boot them from sysNAND?
Click to expand...

Well, you see, tickets for eShop stuff includes your console id and are signed, so... without Nintendo's private keys, never.
 
motezazer

motezazer

Well-Known Member
Member
Level 8
Joined
Feb 6, 2015
Messages
1,214
Trophies
0
Age
24
XP
1,442
Country
France
MrJason005 said:
Would it be possible to purchase, say zelda from the shop (in emuNAND), dump it with funkyCIA, and install it on sysNAND and then inject the custom save to it?
Click to expand...

It would be actually faster to download the game directly in sysNAND...
Anyway. It is possible. Not easy (at all), but possible.
 
  • Like
Reactions: Margen67
MrJason005

MrJason005

√2
Member
Level 9
Joined
Nov 26, 2014
Messages
2,521
Trophies
0
Location
Κάπου
XP
1,609
Country
Greece
guitarheroknight said:
Nope, the game needs to be signed.
Click to expand...
Doesn't the eShop generate keys for the game that match your console while it is downloading it?
motezazer said:
It would be actually faster to download the game directly in sysNAND...
Anyway. It is possible. Not easy (at all), but possible.
Click to expand...
But then you would need to mess with the NAND tickets, no?
 
gamesquest1

gamesquest1

Nabnut
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
MrJason005 said:
Would it be possible to purchase, say zelda from the shop (in emuNAND), dump it with funkyCIA, and install it on sysNAND and then inject the custom save to it?
Click to expand...
the GW save doesnt work with the eshop version, their save is hardcoded to load the exploit payload at a specific offset on the games save chip.....so even if you install the exploit you would need a cart in with the exploit injected at 0x1E000.....doesnt even need to be zelda :P
 
retrospect

retrospect

Well-Known Member
Member
Level 7
Joined
May 17, 2008
Messages
571
Trophies
1
XP
1,194
Country
motezazer said:
Well, you see, tickets for eShop stuff includes your console id and are signed, so... without Nintendo's private keys, never.
Click to expand...

I was thinking that, and then I thought "Hey, wait. PGP works the other way round." According to the PGP model, to sign/encrypt stuff just for you, Nintendo would use the Public Key for your 3DS. And to validate that key, your console would use the corresponding Private Key, included when the firmware was written. Many key systems allow you to generate the Public Key from the Private Key. I'm not aware of a key system that works the other way round, but I'm no expert on the topic. Maybe today I will learn new things.
 
MrJason005

MrJason005

√2
Member
Level 9
Joined
Nov 26, 2014
Messages
2,521
Trophies
0
Location
Κάπου
XP
1,609
Country
Greece
gamesquest1 said:
the GW save doesnt work with the eshop version, their save is hardcoded to load the exploit payload at a specific offset on the games save chip.....so even if you install the exploit you would need a cart in with the exploit injected at 0x1E000.....doesnt even need to be zelda :P
Click to expand...
Oh, there goes my idea of getting rid of the physical cartrdige...
And CN was taken from the eShop, so, we'll stick with cartridges.
 
motezazer

motezazer

Well-Known Member
Member
Level 8
Joined
Feb 6, 2015
Messages
1,214
Trophies
0
Age
24
XP
1,442
Country
France
retrospect said:
I was thinking that, and then I thought "Hey, wait. PGP works the other way round." According to the PGP model, to sign/encrypt stuff just for you, Nintendo would use the Public Key for your 3DS. And to validate that key, your console would use the corresponding Private Key, included when the firmware was written. Many key systems allow you to generate the Public Key from the Private Key. I'm not aware of a key system that works the other way round, but I'm no expert on the topic. Maybe today I will learn new things.
Click to expand...

No. Your console id is included in the ticket, (the whole ticket is signed with Nintendo private key), and your 3DS checks if the console id in te ticket is the same than the console id of the console.
 
gamesquest1

gamesquest1

Nabnut
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
MrJason005 said:
Oh, there goes my idea of getting rid of the physical cartrdige...
And CN was taken from the eShop, so, we'll stick with cartridges.
Click to expand...
well if they re-worked their exploit it *should* be possible to load from a files stored in the save like how CN works by reading "GW3DS.BIN" stored in the save rather than at a specific offset on the save chip
 
retrospect

retrospect

Well-Known Member
Member
Level 7
Joined
May 17, 2008
Messages
571
Trophies
1
XP
1,194
Country
retrospect said:
I can't get DevMenu.3ds to run at all. I've downloaded it from three different places now, but when I run it in GW Mode on sysNAND the screens just go black. Anyone got any theories?
Click to expand...

I've still not got this DevMenu.3ds to work in GW Mode in sysNAND. I've tried 4 MicroSD cards of sizes 1GB, 4GB, 32GB and 64GB, all formatted fully with SD Formatter and Windows; and several different copies of DevMenu.3ds. Any other .3ds file works fine, it's just DevMenu that won't.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Hardware  New Nintendo 3DS XL Louvre

What's the best 3DS emulator (especially after Citra's shutdown)?

So what's the current state of hacking and freeshop?

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

Accidentally snapped sd card in half, what to do now?

Hacking Homebrew  3DS System Transfer Questions

General chit-chat
Help Users
  • BakerMan
    I rather enjoy a life of taking it easy. I haven't reached that life yet though.
  • SylverReZ @ SylverReZ:
    @mthrnite, Cheetah Girls, the sequel to Action 52's Cheetah Men.
     +2
  • Psionic Roshambo @ Psionic Roshambo:
    Pokemon Black I played that one a lot
  • K3Nv2 @ K3Nv2:
    Honestly never messed with Pokémon on ds much
  • mthrnite @ mthrnite:
    I played pokemon once, was bored, never tried again
  • Psionic Roshambo @ Psionic Roshambo:
    Oh Dragon Quest IX
  • K3Nv2 @ K3Nv2:
    Spent like 5 hours on switch one never touched it again
  • Psionic Roshambo @ Psionic Roshambo:
    Sentinel of the stary skies
  • K3Nv2 @ K3Nv2:
    Ds is 20 years old this year
  • Psionic Roshambo @ Psionic Roshambo:
    So MJ no longer wants to play with it?
  • K3Nv2 @ K3Nv2:
    He put it down when the 3ds came out
  • K3Nv2 @ K3Nv2:
    https://youtube.com/shorts/eTlZ0qcSZf4?si=0vpkdIWplaLMFVqv
  • K3Nv2 @ K3Nv2:
    https://youtu.be/40XQ8L9wsCA?si=GzpPBaHQQLU0plt_ Neat
  • SylverReZ @ SylverReZ:
    @K3Nv2, RIP Felix does great videos on the PS3 yellow-light-of-death.
  • Jayro @ Jayro:
    Eventhough the New 3DS XL is more powerful, I still feel like the DS Lite was a more polished system. It's a real shame that it never got an XL variant keeping the GBA slot. You'd have to go on AliExpress and buy an ML shell to give a DS phat the unofficial "DS Lite" treatment, and that's the best we'll ever get I'm afraid.
     +1
  • Jayro @ Jayro:
    The phat model had amazingly loud speakers tho.
     +1
  • SylverReZ @ SylverReZ:
    @Jayro, I don't see whats so special about the DS ML, its just a DS lite in a phat shell. At least the phat model had louder speakers, whereas the lite has a much better screen.
     +1
  • SylverReZ @ SylverReZ:
    They probably said "Hey, why not we combine the two together and make a 'new' DS to sell".
  • Veho @ Veho:
    It's a DS Lite in a slightly bigger DS Lite shell.
     +1
  • Veho @ Veho:
    It's not a Nintendo / iQue official product, it's a 3rd party custom.
     +1
  • Veho @ Veho:
    Nothing special about it other than it's more comfortable than the Lite
    for people with beefy hands.
     +1
  • Jayro @ Jayro:
    I have yaoi anime hands, very lorge but slender.
  • Jayro @ Jayro:
    I'm Slenderman.
  • Veho @ Veho:
    I have hands.
  • Veho @ Veho:
    king-shark-hand.gif
    +1
  • BakerMan @ BakerMan:
    imagine not having hands, cringe
    BakerMan @ BakerMan: imagine not having hands, cringe