Hacking How can I hack 1.0.0-0U 3ds?

[loco365]

i just wonder renting a sky from shop and dump nand
and update system by rom would be a cheaper choice

Yeah, Sky doesn't run homebrew directly, although you can use it to boot Cubic Ninja and dump your NAND since CN can run homebrew.

 

[nastys]

i just wonder renting a sky from shop and dump nand
and update system by rom would be a cheaper choice

Ninjhax requires a web browser in order to run, and you have none. Only online updates install the browser, so you can only dump the NAND via a hard-mod.
Use a cartridge to update to 4.x (better) or 6.x (cheaper, maybe).

 

[SpencerlyEverly]

Ninjhax requires a web browser in order to run, and you have none. Only online updates install the browser, so you can only dump the NAND via a hard-mod.
Use a cartridge to update to 4.x (better) or 6.x (cheaper, maybe).

I think people want to see the first-launch 1.0.0U juicy stuff rather than letting him update (It's not on Nintendo's CN), so...

Hard mod, it is. (I am NOT going to do the hard mod for him, because, I don't have the equipment and mind.)

Good luck on anyone that wants to help him do it!

 

[Normmatt]

Some of you can't read can you.... I already posted a way to run arm9 code on 1.0.0 with just cubic ninja. It doesn't require a hard mod and if its anything like my 1.0.0E it won't have anything interesting on it... but still be nice to confirm that.

 

[SpencerlyEverly]

Some of you can't read can you.... I already posted a way to run arm9 code on 1.0.0 with just cubic ninja. It doesn't require a hard mod and if its anything like my 1.0.0E it won't have anything interesting on it... but still be nice to confirm that.

Huh, okay. Where could it be? Oh yeah, this:

You can use cubic ninja to exploit 1.0.0E its not very stable but its enough to get basic arm9 control (after a few retries). Scan http://i.imgur.com/7Q35Tuy.png and it will load the file load.bin into fcram at 0x23F00000 and start execution (size is limited to 0x3000 bytes)

I think everybody didn't really pay attention.

Oh well.

 

[Jwiz33]

At first I thought this said 10.0.0-0.

 

[zoogie]

Huh, okay. Where could it be? Oh yeah, this:

I think everybody didn't really pay attention.

Oh well.

Trouble is finding someone with CN and a 1.0 3ds. Both of them are rare these days. Together, they're rarer than a cat who sells insurance.
Then there's the issue of a 12K nand dumper not existing.

 

[nastys]

Some of you can't read can you.... I already posted a way to run arm9 code on 1.0.0 with just cubic ninja. It doesn't require a hard mod and if its anything like my 1.0.0E it won't have anything interesting on it... but still be nice to confirm that.

Sorry, I thought it required a browser

 

[SpencerlyEverly]

Trouble is finding someone with CN and a 1.0 3ds. Both of them are rare these days. Together, they're rarer than a cat who sells insurance.
Then there's the issue of a 12K nand dumper not existing.

I wonder how much 12k could get to, anyway?

 

[xdrz]

You can use cubic ninja to exploit 1.0.0E its not very stable but its enough to get basic arm9 control (after a few retries). Scan http://i.imgur.com/7Q35Tuy.png and it will load the file load.bin into fcram at 0x23F00000 and start execution (size is limited to 0x3000 bytes)

This is how to retrieve the framebuffer addresses:
*(volatile uint32_t*)0x80FFFEC = *(volatile uint32_t*)0x23FFFF18;
*(volatile uint32_t*)0x80FFFC0 = *(volatile uint32_t*)0x23FFFE00; // framebuffer 1 top left
*(volatile uint32_t*)0x80FFFC4 = *(volatile uint32_t*)0x23FFFE04; // framebuffer 2 top left
*(volatile uint32_t*)0x80FFFC8 = *(volatile uint32_t*)0x23FFFE08; // framebuffer 1 top right
*(volatile uint32_t*)0x80FFFCC = *(volatile uint32_t*)0x23FFFE0C; // framebuffer 2 top right
*(volatile uint32_t*)0x80FFFD0 = *(volatile uint32_t*)0x23FFFE10; // framebuffer 1 bottom
*(volatile uint32_t*)0x80FFFD4 = *(volatile uint32_t*)0x23FFFE14; // framebuffer 2 bottom
*(volatile uint32_t*)0x80FFFD8 = *(volatile uint32_t*)0x23FFFE18; // framebuffer select top
*(volatile uint32_t*)0x80FFFDC = *(volatile uint32_t*)0x23FFFE1C; // framebuffer select bottom

uint32_t topScreenSelect = *(volatile uint32_t*)0x080FFFD8;
uint8_t* topScreen_left = (uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC0 + 4*(topScreenSelect&1)));
uint8_t* topScreen_right = (uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC8 + 4*(topScreenSelect&1)));

uint32_t bottomScreenSelect = *(volatile uint32_t*)0x080FFFDC;
uint8_t* bottomScreen = (uint8_t*)(*(uint32_t*)0x080FFFD0 + 4*(bottomScreenSelect&1));

I have scaned the qr code in CN
and the upper screen blackened with no reply
what i the next step to dump the nand?

 

[neobrain]

In https://github.com/archshift/Decrypt9/blob/master/source/draw.h#L22 and https://github.com/archshift/Decrypt9/blob/master/source/draw.h#L17 , try replacing each of the four lines with

#define TOP_SCREEN0 ((uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC0 + 4*((*(volatile uint32_t*)0x080FFFD8)&1))))
#define BOT_SCREEN0 ((uint8_t*)(*(uint32_t*)0x080FFFD0 + 4*((*(volatile uint32_t*)0x080FFFDC)&1)))
#define TOP_SCREEN1 ((uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC8 + 4*((*(volatile uint32_t*)0x080FFFD8)&1))))
#define BOT_SCREEN1 BOT_SCREEN0

That should give you some screen output at least.

 

[xdrz]

sorry i can't get what is talking about,
how can i replace that and...
what should i do with these code?
I can't change anything on the website...

 

[xdrz]

Alright,
I have change the Decrypt9 code in the notepad but how to use it?

 

[zoogie]

Alright,
I have change the Decrypt9 code in the notepad but how to use it?

Compile it. But before you do that, you need to figure out how to pare down the binary from 55K to 12K.
Good luck with that if you're not an experienced programmer.

 

[xdrz]

Compile it. But before you do that, you need to figure out how to pare down the binary from 55K to 12K.
Good luck with that if you're not an experienced programmer.

HaHa...
How to 'compile it? Any tool do I need? (Is it Brahma or devkitARM?)
And what is the 'binary'?
I am really getting lost

 

[EmceeKerser]

HaHa...
How to 'compile it? Any tool do I need? (Is it Brahma or devkitARM?)
And what is the 'binary'?
I am really getting lost

If you dont know how to compile then dont bother

 

[xdrz]

If you dont know how to compile then dont bother

Sorry
even I don't know but I want to know how to 'compile'

 

[EmceeKerser]

Run the makefile

But as Zoogie said, you need to make changes to the program. If you cant compile a program, theres no hope that you can get it to function like you want it to

 

[xdrz]

Run the makefile

But as Zoogie said, you need to make changes to the program. If you cant compile a program, theres no hope that you can get it to function like you want it to

it ask me to choose a program to run the 'makefile',
what should I choose?
btw I have download and install devkitPro, is it useful?

 

[zoogie]

it ask me to choose a program to run the 'makefile',
what should I choose?
btw I have download and install devkitPro, is it useful?

Seriously, just give up. For your sake and our sanity.