Hacking Pasta CFW - A CFW that allows unsigned CIA to be installed on Old and New 3DS! (required ninjhax)

[dkabot]

Quick question would this fuck my GW functionality? I want to check out dsiware and stuff.

Unless you launch GW with CN, no (and even then you'd just overwrite your means to launch GW).
Just note you can't use CN from GW because of how GW works, so you need legit CN (or Sky or 4.X I guess)

 

[kheldar]

Unless you launch GW with CN, no (and even then you'd just overwrite your means to launch GW).
Just note you can't use CN from GW because of how GW works, so you need legit CN (or Sky or 4.X I guess)

I have a legit CN copy. So I'd need to rescan the qr image to be able to launch gw from CN if I use this.. Hm is there a work around to this?

 

[dkabot]

I have a legit CN copy. So I'd need to rescan the qr image to be able to launch gw from CN if I use this.. Hm is there a work around to this?

Since you're launching GW from CN I can safely presume it's a N3DS, so you could downgrade MSET and use that exploit for GW.

 

[kheldar]

Since you're launching GW from CN I can safely presume it's a N3DS, so you could downgrade MSET and use that exploit for GW.

Yeah I don't want to use MSET since It modifies sysnand..

 

[dkabot]

Yeah I don't want to use MSET since It modifies sysnand..

Using Pasta to install any CIAs modifies SysNAND far worse than downgrading MSET does.
A lower version of MSET is still legitimate software, DSiWare/GBA installed through means like this are installed with a wrong ticket which prevents that NAND from ever being able to get it legitimately without reverting or (painfully, from what I hear) editing it out manually.
(as it stands we can't run DSiWare/GBA on an EmuNAND)

 

[Nollog]

Please understand, I'm making experience on 3DS while working, I'm not a super expert dev like the 3DBrew guys.

It's on the back-burner. Now people have something to tell others who will undoubtedly ask every 4 posts.
Thanks for the clarity.

 

[thekarter104]

Using Pasta to install any CIAs modifies SysNAND far worse than downgrading MSET does.
A lower version of MSET is still legitimate software, DSiWare/GBA installed through means like this are installed with a wrong ticket which prevents that NAND from ever being able to get it legitimately without reverting or (painfully, from what I hear) editing it out manually.
(as it stands we can't run DSiWare/GBA on an EmuNAND)

But can't you install stuff on the SD card with FBI? Or isn't that possible with GBA games?

 

[gamesquest1]

But can't you install stuff on the SD card with FBI? Or isn't that possible with GBA games?

pretty sure they dont work unless they are installed to nand....but even if they did the tickets would still be installed to sysnand, so the whole argument of "i want to keep my sysnand 100% clean" is a bit flawed, truth is installing the 4.x MSET is sfer as if you ever did update sysnand the 4.x MSET ticket would be overwrote when you update....the fake tickets wouldnt unless you restore a nand backup first

 

[urherenow]

pretty sure they dont work unless they are installed to nand...

Not the case at all. In fact, only a couple of the ambassador games installed to NAND even on my old ambassador 3DS. All others went to SD.

Edit: and my ticket.db is over 35MB... are you sure new versions even bother overwriting the older tickets? Seems like they simply get added on or something... I don't know how to look at the file and separate it by individual ticket. Guess it would be nice to know though, in case I need to blank one out or something. Or would that mess up a signature and cause a black screen brick

 

[kheldar]

Another question after installing cias to sysnand do i need to launch the cfw each time I need to launch em?

 

[metroid maniac]

Another question after installing cias to sysnand do i need to launch the cfw each time I need to launch em?

Unless they're legit, yes.

 

[gamesquest1]

Not the case at all. In fact, only a couple of the ambassador games installed to NAND even on my old ambassador 3DS. All others went to SD.

Edit: and my ticket.db is over 35MB... are you sure new versions even bother overwriting the older tickets? Seems like they simply get added on or something... I don't know how to look at the file and separate it by individual ticket. Guess it would be nice to know though, in case I need to blank one out or something. Or would that mess up a signature and cause a black screen brick

yeah just had a look and they do install to SD, guess its just DSiware that installs to nand ....but in regards to checking the title.db file, you can simply search for the titleID in a hexeditor, so for example if i search, 0004001000022000 (EU MSET) i only find one ticket for it, and directly after the titleID there will be the version number (in hex) so in my case its says 0C03 which is 3075....so if i update it will replace that with the updated ticket

 

[Apache Thunder]

The ticket.db file is pre-allocated to a fixed size. It's not related to tickets being removed or not. A fresh system will have a ticket.db of the same file size as one that has a bunch of installed stuff on it.

 

[nyder]

I can just use my Gateway to boot into sysnand and install cia's that way? Then boot up pasta to run them? That should work right?

 

[Stoned]

I can just use my Gateway to boot into sysnand and install cia's that way? Then boot up pasta to run them? That should work right?

You can Complete use Pasta Install Cia´s and Play Cia´s

 

[jaceyen]

pretty sure they dont work unless they are installed to nand....but even if they did the tickets would still be installed to sysnand, so the whole argument of "i want to keep my sysnand 100% clean" is a bit flawed, truth is installing the 4.x MSET is sfer as if you ever did update sysnand the 4.x MSET ticket would be overwrote when you update....the fake tickets wouldnt unless you restore a nand backup first

So even if I delete unlegit dsiware in data management the wrong ticket will still remain in my ticket.db?

 

[megazero1x1]

Gadgets are small pieces of code already loaded in ram. ROP (Return Oriented Programming) put a sequences of addresses on the stack and create program made of this small chunks of code (ROP chain). They are like LEGO bricks used to build what you want.

Executing this kind of code the program jumps on different locations of the memory instead of following a linear path.

This is used because on modern systems if you write something in memory you can't execute it untill a kenell process marks it as executable.

If you don't have kernel access (like in a Hack) with this kind of programming you can execute complex code joining instruction already in RAM.

The bad thing is that at every change of memory (i.e. for differtent FW) there are different things in RAM. So you have to collect different sets of gadget for every possible memory configuration.

Hope it's clear enough, this is a complex matter and I explained it in a very simplified (and not complete) way.

I don't think I have ever seen a simpler explanation.......

 

[The Real Jdbye]

I have a legit CN copy. So I'd need to rescan the qr image to be able to launch gw from CN if I use this.. Hm is there a work around to this?

What you can do is install a CIA of CN in Pasta and install the GW payload in that. It's an extra step to get into GW mode but it should work.
Wouldn't it be great if someone found an exploit in one of the games available as legit CIA

 

[The Real Jdbye]

Just got my Cubic Ninja today, did a system transfer, PastaCFW working fine. I can finally transfer all my cartridge saves to the GW

 

[dimmidice]

i have a(nother) question for you folk. i have omega ruby retail cartridge. but it's not up to date. i can't access the nintendo e-shop. can i update it using a cia update? if so how do i do that? just install it with the retail cart in or what?