Homebrew [Project] Injecting any app into Health and Safety?

[d0k3]

NEWS: If you want to try this now, check out this post! Keep in mind that you have to compile my Decrypt9 version yourselves to try it. We're still working on streamlining this, and there might even be a GUI later on.

----------------------------------------------------------------------------------------------------

Well, a lot of people know that problem - you just setup a brand new EmuNAND, just to notice, moments later, that you forgot about installing a CIA manager. Now you're out of luck, and the only choice you've got left is setting up your SysNAND (via PastaCFW / ReiNAND Sys / rxTools dev) with a CIA manager and formatting your EmuNAND anew.

One solution for that problem is injecting FBI into the H&S app. There's the FBI inject generator by Riku, and rxTools FBI injector uses the exact same files generated by that. Riku's tool uses the TMD to identify the H&S version and selects from a range of "precompiled" FBI inject files. Two problems with that: [1] you can't inject a recent version of FBI and [2] this is not available for N3DS. Add to that [3], it might make sense to inject apps other than FBI over H&S now or in the future.

So, what if we could create valid inject files for any app?

I started this over at 4DSdev.org, and, basically, with a lot of help from @Syphurith, we have already figured out what to do. Check out my post here. The thread is pretty short, so you can also read it completely.

Well, I can explain why it is identical with the one from rxTools - that's because rxTools uses Riku's inject files

. Also, RomFS is not empty - it contains a dummy file to reach the desired file size (same size as H&S).

The remaining mystery now is the ExHeader - when comparing the proper inject ExHeader with the one gained from the FBI 1.3.8 CIA content 0 ExHeader, this is what is different:
0x000 - Application title ("safe" instead of "FBI", from H&S)
0x00E - Remaster version (has to be same as .app/.tmd number)
0x1C8 - Jump ID (has to be same as ACI program id, see below)
0x200 - Access control info (ACI) program id (taken from H&S)
0x248 - ACI file system access info (FBI + H&S permissions combined)
0x600 - ACI2 program id (taken from H&S)
0x648 - ACI2 file system access info (FBI + H&S permissions combined)

Info taken from 3Dbrew.org. Mystery solved? I think so! We need to try this, though, and coding this won't be simple.

Continuing from yesterday... The actual NCCH header only has the offsets, sizes and hashes for ExeFS and RomFS modified (which is understandable) + the hash for the ExtHeader.

Now, what do we need to do?
1. Build new (valid, hashes need to be correct) ExeFS with .code from FBI, all other files H&S
2. Build new (valid, hash needs be correct) RomFS with a dummy file (this is so that the resulting app is the exact same size as H&S
3. Create the ExtHeader as I wrote above
4. Adapt the NCCH header from H&S as I wrote above
5. Take plain region & logo region from H&S
6. Adapt the hashes in the H&S .TMD
7. Put all that stuff together

I guess CTRtool & Makerom will be able to do a lot of that stuff, and for the remainder, a small program I'll code will do. I didn't get your fix TMD code to work, though. Any more ideas?

Now, the problem left is - how to streamline the process? Asking GBAtemp members here. it is not simple to do, and the known tools (Makerom/CTRtool/3DStool) won't do the trick - at least not on their own. Any help is appreciated! If you don't know how to do all that stuff, even if you know how to streamline it in part will help.

 

[d0k3]

I might add to that, what I see as the main sources of trouble right now, is creating the new ExeFS / RomFS, and making sure all those hashes are correct while still modifying the original H&S NCCH header and TMD as little as possible. Just building a new app with Makerom won't do the trick. Best way would be to just inject the new ExeFS and new RomFS (the tool doing this would have to take care of the hashes/sizes/offsets in the NCCH header as well), the remaing adaptions are pretty easy. We also need to make sure that the resulting .CXI has the same size as the original H&S app.

Plus, it would be best if we could find a way to streamline the process so that a single .BAT file could manage all of it.

 

[MsMidnight]

Will this be 9.2 and below ?

 

[d0k3]

Will this be 9.2 and below ?

You need a CFW to run unsigned code, so yup, you're out of luck above 9.2.

 

[Shadowtrance]

Should be interesting if this actually happens.
Not that i can be of much help haha I can probably eliminate the need for a batch file though and replace it with a nice GUI in C# (winforms). I'm getting pretty good at that.

Pity riku seems totally against sharing source for ANYTHING he creates/shares though

@d0k3 don't know if you're still having issues getting the tmdfixer to compile or not but i fixed it by creating a folder called build in the same folder and it worked.
After that it doesn't complain about any files for me (originally complained about msys-20.dll).

 

[101239]

E
X
c
I
T
E
M
E
N
Expectations---_-__---__- T --_--__---___--
!

 

[d0k3]

Should be interesting if this actually happens.
Not that i can be of much help haha I can probably eliminate the need for a batch file though and replace it with a nice GUI in C# (winforms). I'm getting pretty good at that.

Pity riku seems totally against sharing source for ANYTHING he creates/shares though

@d0k3 don't know if you're still having issues getting the tmdfixer to compile or not but i fixed it by creating a folder called build in the same folder and it worked.
After that it doesn't complain about any files for me (originally complained about msys-20.dll).

Thanks a ton! You wouldn't believe, but I was just about to ask you exactly this . Anyways, I'm already pretty far. I think by tomorrow we'll have something that hopefully works and is ready to test.

 

[Syphurith]

--Snip--

Sorry for an incomplete build script. Now I've uploaded a new version including source there, it accepts arguments, so you don't need to always use fbi_inject.* as the name.
Eh.. about the exheader, have you already made any tool for it? If so at least you can have a batch/shell script version to try first.

 

[Syphurith]

@d0k3 Now, as I've made the exheader merge tool, you can get it there.
http://4dsdev.org/thread.php?pid=648#648 Source code and usage explanation included.
I've tested with the 1.3.8 fbi exheader, and old h&s one, version 2050. Merged result as expected.
Now i would like to check the ver.1024. Hope you can take usage of this.

 

[d0k3]

Alright, big progress here, thanks to @Syphurith. I've put together a batch file to handle the full process, get it from here:
http://wikisend.com/download/350650/UniversalInjectGen_v0.1.zip

Howto:

• Put H&S app & tmd into apptmd_hs/ folder (names do not matter) / H&S app needs to be decrypted
• Put CIA of app to inject into cia_inject/ folder (name does not matter
• Run go.bat

The only thing missing from this is encryption, but I'm sure we can handle this. Not for noobs atm because of that specific reason, though. Also: experimental! So keep backups of your NAND and be sure to be safe.

 

[Shadowtrance]

Alright, big progress here, thanks to @Syphurith. I've put together a batch file to handle the full process, get it from here:
http://wikisend.com/download/350650/UniversalInjectGen_v0.1.zip

Howto:

• Put H&S app & tmd into apptmd_hs/ folder (names do not matter)
• Put CIA of app to inject into cia_inject/ folder (name does not matter
• Run go.bat

The only thing missing from this is encryption, but I'm sure we can handle this. Not for noobs atm because of that specific reason, though. Also: experimental! So keep backups of your NAND and be sure to be safe.

Eww bat file! haha
I'll have to do something about that at some point, although it'll be windows only as i don't know how to make cross platform winforms.

 

[d0k3]

Eww bat file! haha
I'll have to do something about that at some point, although it'll be windows only as i don't know how to make cross platform winforms.

A .BAT file is not cross plattform either .

 

[Shadowtrance]

A .BAT file is not cross plattform either .

This is true. haha
Is there even linux/mac versions of the programs needed anyway?

 

[The Real Jdbye]

This is true. haha
Is there even linux/mac versions of the programs needed anyway?

Technically, C# is cross platform (with Mono)

 

[Shadowtrance]

Technically, C# is cross platform (with Mono)

True, but I've no idea how to make the gui's created with winforms work on other platforms. (i is still a noob with all this haha).
Doesn't really help if there isn't non windows versions of the underlying programs though.

 

[The Real Jdbye]

True, but I've no idea how to make the gui's created with winforms work on other platforms. (i is still a noob with all this haha).

It should work out of the box: http://www.mono-project.com/docs/gui/winforms/

 

[d0k3]

It should work out of the box: http://www.mono-project.com/docs/gui/winforms/

The tools used in this are Windows only, so just making a portable GUI wouldn't be enough.

This is true. haha
Is there even linux/mac versions of the programs needed anyway?

Well, ask the OS X / Linux users . While I understand them completely, I do not need OS X or Linux compatible versions.

 

[Shadowtrance]

The tools used in this are Windows only, so just making a portable GUI wouldn't be enough.

Well, ask the OS X / Linux users . While I understand them completely, I do not need OS X or Linux compatible versions.

Yeah neither do i, was just thinking out aloud really.

 

[DiegitusXD]

So this is for users below 9.2,no?

 

[d0k3]

So this is for users below 9.2,no?

Well...

Will this be 9.2 and below ?

You need a CFW to run unsigned code, so yup, you're out of luck above 9.2.

if you're willing to test (asking the pros / people with hardmods here), here's a new version:
http://wikisend.com/download/715352/UniversalInjectGen_v0.2.zip

This should fix:
* the wildcard issue for CTRtools
* the size issue (output size should be correct now)
* processing the logo.bin for .apps that have it

From what I see this will generate an app identical to Riku's inject files, save for the RomFS. The difference in RomFS is only due to us using a different content for the dummy file, so no problem.

Also, keep in mind that the resulting .app/.tmd is unencrypted. Might work, or it might not. I'm unsure atm. Encryption wouldn't be too difficult to add, though.