CIA is not an executable format, it's an archive used for installation.
http://3dbrew.org/wiki/CIA
If you want to modify the binary, you'll have to extract it from the archive.
http://3dbrew.org/wiki/CIA
If you want to modify the binary, you'll have to extract it from the archive.
Ok so, I compiled ctrtool and tried to extract it from the .cia but it doesn't seems to work.
That's the .cia info:
I tried different method and flags but the only thing I was able to get using exefs is an empty rc.bin file.
Is there a way to extract it?
I've detailed the process of decryption/extraction two times already, and I won't do it again. I still have to make a real tutorial out of it, but I'm too lazy, so if someone else can do that, it's appreciated.
If you want to rebuild the thing, and it's a "gameapp" CIA, I recommend following the process in the first link, and then unpacking/rebuilding the .3ds with any of the tutorials available on this site (mine, of course). Just stop the process of rebuilding when you have decrypted the romfs.bin, extract it with "ctrtool --romfsdir=romfs -t romfs romfs.bin", edit the files, and use 3dstool to rebuild the romfs (it's the only command-line tool I could find which does that. I wanted to include it in a script): "3dstool -c -f romfs.bin -t romfs --romfs-dir romfs". If it's the code.bin which you want to edit, you can find it in exefs.
If you want to rebuild the thing, and it's a "gameapp" CIA, I recommend following the process in the first link, and then unpacking/rebuilding the .3ds with any of the tutorials available on this site (mine, of course). Just stop the process of rebuilding when you have decrypted the romfs.bin, extract it with "ctrtool --romfsdir=romfs -t romfs romfs.bin", edit the files, and use 3dstool to rebuild the romfs (it's the only command-line tool I could find which does that. I wanted to include it in a script): "3dstool -c -f romfs.bin -t romfs --romfs-dir romfs". If it's the code.bin which you want to edit, you can find it in exefs.
Thanks for the useful links, I tried to just ciatoccia with makerom as mentioned on your first link, but instead of the fail to decrypt CIA content I got this error:
I don't even know what's the reason about that error which is so generic, google didn't help too, so I tried to get the keys for it with rxTools anyway, following your suggestions and this tutorial: https://gbatemp.net/threads/how-to-dump-and-backup-eshop-games-and-dlc.375586/
I was able to print all my keys, but there are no keys for my homemade rc.cia listed.
If I check it on the SD with Title Manager on the 3DS the .cia is seen both as .cia in SDMC both as installed in Program as Patch for Unique Id 0x011d7 which is confirmed in the CIA title ID: 0004000E0011D700
I tryed FunkyCIA too and it was able to rebuild all the cia's and give me the raw's too, writing all the keys on different .txt (otherTitles, systemTitles.txt, updateTitles.txt etc. etc.) but even so there are not keys for the one I'm looking for.
Is there anything else I can do?
Before using ciatocci, you have to install the CIA, get the SD decryption keys (These are xorpads), decrypt the .app files (with padxorer), look what kind of files they are (application, manual or dlp), and rebuild the CIA with those files (It's all explained in the link). Now you have a decrypted CIA which can be converted to CCI no problem.
Even if you're not going to rebuild it into a CCI (You can skip that part, but given most tools out there are made to convert .3ds to .cia *cough*rsfgen.py*cough*, I find it more easy), you're going to need to decrypt those .app files. Those files can also be gotten by: "ctrtool --meta=.app file.cia", but you will need to install the CIA anyway to get the xorpads.
I did it and I got the 2 decrypted app files, ctrtool says 04 is the application, 05 is the manual, but when I try to remake the .cia I got this error:
EDIT: In fact if I check decrypted_00000004.app ctrtool says "Error, program id mismatch. Wrong key?" at the end.
Those "Wrong key?" messages you can mostly ignore. I've mostly had exheader hash mismatch, but I don't think this is much different.
Huh, that's weird.
What kind of .cia are you even trying to extract? If it's not a "gameapp" cia, I don't think the -ciatocci option will even work.
In any case, make sure it's really the correct file, and you've decrypted it with the correct xorpad. If you're sure, I'd carry on unpacking the "application" .app, by treating it as if it's a .3ds file, and the manual.app as if it's the manual.cfa (no need to use rom_tool to extract it, since it's not inside the app.app). Rsfgen will put weird values in the UniqueId, CompanyCode, and ProductCode fields. Fix that yourself.
If it's not a "gameapp" cia, i'd really recommend using exinjector after the fact.
The .cia is a rom hack made with own code and part of modified original game code in 1.0 exefs and packed as .cia which install itself as a game patch with same title id.
ctrtool sees it as:
Since the author dismissed the project long ago and source code is not available I wanted to tweak a couple of things by myself to make it better.
The two .app files are decrypted correctly, I can see some plain text like product code in offset 0x150 on both files for example, but still they are decrypted but not decompiled, and I tried to unpack the content in various ways with different tools but I always get corrupted errors somehow.
3DSExplorer can see the correct file structure if treated as .3ds but can't extract the .cxi executables from the NCCH containers.
Isn't there just a way to decompile directly the .app back to plain text source so I can modify and then rebuild from there?
Can we extract all the files/data from a DSiWare CIA to somehow make a functional CIA in sysNAND for it?
The .app contains 3 different partitions: romfs, exefs and exheader. You are looking for unpacking romfs, and possibly the code.bin in exefs. To do this, do what I said, treat is as a .3ds file and follow any of the tutorials on this site. That means the following process:
- Generate xorpads for the partitions
- Extract/Decrypt the partitions
- Extract the romfs ("ctrtool --romfsdir=romfs romfs.bin")
It's all detailed in the links I've sent earlier, and over the whole forum.
I treated it as .3ds and did it all over again, generated ncchinfo.bin, generated xorpads, but I only got 2 files:
0004000E0011D700.Main.exheader.xorpad
0004000E0011D700.Main.exefs_norm.xorpad
There's not a 0004000E0011D700.Main.romfs.xorpad
I was following this tutorial: https://gbatemp.net/threads/how-to-unpack-repack-3ds-roms.380726/ and even the included batch is expecting a *main.romfs.xorpad, so I edited it and I was only able to get decrypted exefs.bin and exheader.bin, romfs.bin is obviously empty.
Dinner time in here, I'll look into that with more attention later or tomorrow.
Looks like it's a ctrKeyGen problem.
If I use the new ctrKeyGen.py Python 2.7 it creates a ncchinfo.bin with only 2 entries for me:
*Main.exheader.xorpad
*Main.exefs_norm.xorpad
If I use the old ctrKeyGen.exe it creates a ncchinfo.bin twice larger and with more entries, including romfs.
But if I try to generate xorpads with newer launchers.dat or rxTools I'm getting "Too many/few entries, or wrong version ncchinfo.bin"
If I use older launcher.dat o3ds freezes.
If I use the new ctrKeyGen.py Python 2.7 it creates a ncchinfo.bin with only 2 entries for me:
*Main.exheader.xorpad
*Main.exefs_norm.xorpad
If I use the old ctrKeyGen.exe it creates a ncchinfo.bin twice larger and with more entries, including romfs.
But if I try to generate xorpads with newer launchers.dat or rxTools I'm getting "Too many/few entries, or wrong version ncchinfo.bin"
If I use older launcher.dat o3ds freezes.
There's different formats of ncchinfo.bin, each tool that generates the xorpads has their own tool to generate the ncchinfo.bin (ctrKeyGen.py), so just keep to that. There are three options: SD-devryptor-void, Decrypt9 and rxTools. I'd say try them all.
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Xdqwerty:
something about ea reverse engineering the genesis so they could make their games there+1 -
-
@
BakerMan:
if they get permission from 4j (the studio who helped put minecraft on consoles), they could put the console edition tutorial worlds in the game, as seeds+1
and i mean all of them (if not, maybe a few highlights, like TU1, TU31, and TU69) -
-
-
-
-
