ROM Hack Trouble running custom .code

[JustPingo]

Hello everyone!

So, I'm having trouvle using HANS. So, I extracted properly code.bin using ctrtool and those commands :

ctrtool --contents=contents myCIA.cia
ctrtool -p --exefs=exefs.bin contents.0000.WHATEVER
ctrtool -t exefs --exefsdir=exefs --decompresscode exefs.bin

My CIA is a homebrew that has nothing to do with any of the app I'm trying to inject it into, but it doesn't have any romFS, so I guess its .code could run alone (it's a simple homebrew).
So then, I wanted to inject it on the eShop to try, so I renamed it and placed it like this:

sd:/hans/00022900.code

In HANS, I set the region to EUR because my console is EUR, no special language, O3DS-type clock speed, Code to YES, Romfs to NO, Save to NO. Then I start. But I get this, and can't figure out why:

Spoiler

(sorry for the terrible quality, the last line is invalidated icache)

I tried with other apps to inject in, changing the name in the hans folder, but same error. When there is no .code, it just gets back to homebrew menu so the .code is detected. It is 544KB by the way.

Do you guys have any idea?
Thanks in advance!

 

[Mrrraou]

That's something I tried too, and I couldn't get it to work either. At the moment, HANS is closed source, so it doesn't help.

 

[JustPingo]

Up, I guess...

 

[MRJPGames]

Possibly intentionally so we can't pirate with this...

Did you remove the first 1000 or so bytes of data(Search Smea's Twitter for the actual amount)? Just try that, shouldn't make a difference but might be worth the shot?

 

[Mrrraou]

Possibly intentionally so we can't pirate with this...

Did you remove the first 1000 or so bytes of data(Search Smea's Twitter for the actual amount)? Just try that, shouldn't make a difference but might be worth the shot?

0x1000 bytes isn't 1000 bytes, but 4096 bytes (Hexadecimal -> decimal) And these instructions are only for the romfs, but I'll try.

 

[MRJPGames]

0x1000 bytes isn't 1000 bytes, but 4096 bytes (Hexadecimal -> decimal) And these instructions are only for the romfs, but I'll try.

I only vaguely remembered from Twitter, actually pretty proud I got the amount of zero's right XD

 

[Mrrraou]

I only vaguely remembered from Twitter, actually pretty proud I got the amount of zero's right XD

However, I still don't think that it would work, because the .code file is ARM compiled code.

--------------------- MERGED ---------------------------

Still the same crash even with removing the 0x1000 first bytes.

 

[MRJPGames]

However, I still don't think that it would work, because the .code file is ARM compiled code.

--------------------- MERGED ---------------------------

Still the same crash even with removing the 0x1000 first bytes.

As I said: "shouldn't make a difference but might be worth the shot", but yeah I hoped it would work however unlikely it was...

 

[Mrrraou]

As I said: "shouldn't make a difference but might be worth the shot", but yeah I hoped it would work however unlikely it was...

Yeah. However, I'm still actively looking to do it.
And smea just said that he won't release the source soon: https://twitter.com/smealum/status/659103610932822016

 

[JustPingo]

The thing is that we don't even have a proper explanation on what it does, even without the details. So we can't even try to do stuff and we get blocked by any difficulty because we're completely blind on what's going on behind the scene.

 

[Mrrraou]

The thing is that we don't even have a proper explanation on what it does, even without the details. So we can't even try to do stuff and we get blocked by any difficulty because we're completely blind on what's going on behind the scene.

That's the whole problem, and nobody would explain us how to do that.

 

[shinyquagsire23]

It's most likely compressed. I believe ctrtool or 3dstool has an option to decompress on extracting. Also, the sections have to line up to the original, so update code bins can't be loaded (easily).

Edit: probably not compressed actually, could be borked on the HANS side though.

 

[Mrrraou]

It's most likely compressed. I believe ctrtool or 3dstool has an option to decompress on extracting. Also, the sections have to line up to the original, so update code bins can't be loaded (easily).

Edit: probably not compressed actually, could be borked on the HANS side though.

By sections, I'm not sure what are you talking about exactly.
Is there a way we can modify a game .code to run an homebrew instead ? Even if we have to do it manually, how can we do that ?

 

[Mrrraou]

How do we know the section locations in the .code file ? And do you know a good ARM disassembler ?

 

[hippy dave]

And do you know a good ARM disassembler ?

https://www.hex-rays.com/products/ida/

 

[Mrrraou]

https://www.hex-rays.com/products/ida/

Yup, but the .code file isn't readable. So I don't know what to do.

 

[RainThunder]

How do we know the section locations in the .code file ?

It's stored inside exheader. Braindump currently doesn't support dumping it, so you have to use rxTools or Decrypt9.

 

[Mrrraou]

It's stored inside exheader. Braindump currently doesn't support dumping it, so you have to use rxTools or Decrypt9.

Thanks a lot, I'm going to try that.

 

[nallar]

Had a (probably stupid) idea relating to code replacement:

HANS can edit the eshop. Does the eshop have access to the service needed to install .cia files? If so, you could edit the eshop exefs with something which could install "legit" CIAs, which won't fail the signature check.

 

[Mrrraou]

Had a (probably stupid) idea relating to code replacement:

HANS can edit the eshop. Does the eshop have access to the service needed to install .cia files? If so, you could edit the eshop exefs with something which could install "legit" CIAs, which won't fail the signature check.

We can. That's what I'm trying to do. But we can even do better.