Homebrew Official [Download] Decrypt9 - Open Source Decryption Tools (WIP)

d0k3 · Mar 2, 2016

OctopusRift said:
Nope. Absolute black.

Okay, then I did something wrong... @dark_samus3, maybe you can take a look at that? Still having trouble with those framebuffers :/.

EDIT: Just to be clear, that is a problem with A9LH only, all the other entry points should work.

Shadowtrance · Mar 2, 2016

d0k3 said:
Okay, then I did something wrong... @dark_samus3, maybe you can take a look at that? Still having trouble with those framebuffers :/.

I just compiled it myself after your version didn't boot like others have said and it now boots and i get...
Initialization Failed! (1/1:/13)
(<A> to continue)

--------------------- MERGED ---------------------------

All i changed was the screen part in draw.h (to the same as the GW part) and built for bootstrap.

Code:

#ifdef EXEC_GATEWAY
    #define TOP_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFC0 + 4 * (*(u32*)0x080FFFD8 & 1)))
    #define BOT_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFD0 + 4 * (*(u32*)0x080FFFDC & 1)))
    #define TOP_SCREEN1 TOP_SCREEN0
    #define BOT_SCREEN1 BOT_SCREEN0
#elif defined(EXEC_BOOTSTRAP)
    #define TOP_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFC0 + 4 * (*(u32*)0x080FFFD8 & 1)))
    #define BOT_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFD0 + 4 * (*(u32*)0x080FFFDC & 1)))
    #define TOP_SCREEN1 TOP_SCREEN0
    #define BOT_SCREEN1 BOT_SCREEN0
    //#define TOP_SCREEN0 (u8*)(0x20000000)
    //#define TOP_SCREEN1 (u8*)(0x20046500)
    //#define BOT_SCREEN0 (u8*)(0x2008CA00)
    //#define BOT_SCREEN1 (u8*)(0x200C4E00)
#else
    #error "Unknown execution method"
#endif

d0k3 · Mar 2, 2016

Shadowtrance said:
I just compiled it myself after your version didn't boot like others have said and it now boots and i get...
Initialization Failed! (1/1:/13)
(<A> to continue)

--------------------- MERGED ---------------------------

All i changed was the screen part in draw.h (to the same as the GW part) and built for bootstrap.

Code:

#ifdef EXEC_GATEWAY #define TOP_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFC0 + 4 * (*(u32*)0x080FFFD8 & 1))) #define BOT_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFD0 + 4 * (*(u32*)0x080FFFDC & 1))) #define TOP_SCREEN1 TOP_SCREEN0 #define BOT_SCREEN1 BOT_SCREEN0 #elif defined(EXEC_BOOTSTRAP) #define TOP_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFC0 + 4 * (*(u32*)0x080FFFD8 & 1))) #define BOT_SCREEN0 (u8*)(*(u32*)((uint32_t)0x080FFFD0 + 4 * (*(u32*)0x080FFFDC & 1))) #define TOP_SCREEN1 TOP_SCREEN0 #define BOT_SCREEN1 BOT_SCREEN0 //#define TOP_SCREEN0 (u8*)(0x20000000) //#define TOP_SCREEN1 (u8*)(0x20046500) //#define BOT_SCREEN0 (u8*)(0x2008CA00) //#define BOT_SCREEN1 (u8*)(0x200C4E00) #else #error "Unknown execution method" #endif

Well, I compiled for GW and just provided the .bin, so there's the problem. If only that framebuffer would work on Brahma 2, too... I'm annoyed too hell with all the different framebuffers. Bootstrap and GW compatibility is nor more required, but Brahma is still one of the most important entrypoints.

Anyways, the problem here, with that error message is either (1) you don't access to the NAND CID or (2) the keyslots for CTRNAND decryption are not set. Both are very likely on A9LH. For the NAND CID, there is a workaround, but for the keyslots there is not.

You will need to use one of the other entrypoints.

MassExplosion213 · Mar 2, 2016

@d0k3 As far as CTRNAND keys, the method to set them could be found via REing the arm9loader or the FIRM, whichever sets said keys.

d0k3 · Mar 2, 2016

MassExplosion213 said:
@d0k3 As far as CTRNAND keys, the method to set them could be found via REing the arm9loader or the FIRM, whichever sets said keys.

REing? :? The keys are set by the bootrom afaik.

A9LH is not the most important thing on the list right now, though. Stability is muss more important.

MassExplosion213 · Mar 2, 2016

d0k3 said:
REing? :? The keys are set by the bootrom afaik.

A9LH is not the most important thing on the list right now, though. Stability is muss more important.

If the keys are set by bootrom, they will always be set, regardless of A9LH or not. A9LH runs at the same step in the boot process as NATIVE_FIRM does on O3DS.

d0k3 · Mar 2, 2016

MassExplosion213 said:
If the keys are set by bootrom, they will always be set, regardless of A9LH or not. A9LH runs at the same step in the boot process as NATIVE_FIRM does on O3DS.

So, the NAND CID access is most likely the problem... I will add a workaround. TWL keys are set by NATIVE_FIRM hard-boot. Guess there is nothing much that can be done about them?

MassExplosion213 · Mar 2, 2016

d0k3 said:
So, the NAND CID access is most likely the problem... I will add a workaround. TWL keys are set by NATIVE_FIRM hard-boot. Guess there is nothing much that can be done about them?

You could RE the process, since the OTP section needed to generate them is still in memory.

DjoeN · Mar 2, 2016

d0k3 said:
View attachment 41022

GodMode9 testers' release is ready!
...
What you should try / what I want to know:

Try the arm9loaderhax.bin on A9LH - no guarantees if anything will work, but it has the alternate CTR calculation in place.

Does the permission system work correctly (ie, no writing to the EmuNAND / SysNAND before unlocking it)?

What about writing to the SysNAND / EmuNAND - does everything work as it should?

Any bugs? Anything not working as it should?

Also, how do you like the user interface? Any ideas how to improve it? And no, eye candy is out of question for this.

Looking forward to your feedback!

I know it's already said, still just to let you know it freezes right away (black screens)
O3DS Latest A9LH

d0k3 · Mar 2, 2016

DjoeN said:
I know it's already said, still just to let you know it freezes right away (black screens)
O3DS Latest A9LH

Only if you load it via Arm9LoaderHax... you need to use another entrypoint, 3DSX or CakeHax for example. A9LH is a bigger problem here because of decryption issues.

DjoeN · Mar 2, 2016

d0k3 said:
Only if you load it via Arm9LoaderHax... you need to use another entrypoint, 3DSX or CakeHax for example. A9LH is a bigger problem here because of decryption issues.

@d0k3
Some test info on GodMode9
- Booting A9LH -> Freezes (black screens)
- Booting Cakes A9LH Emunand -> Homebrew Launcher CIA and then GodMode9.3dsx -> Reboots back into HL (or crashes back to HL)
- Booting AuReiNAND A9LH SysNand -> Homebrew Launcher CIA and then GodMode9.3dsx -> Reboots back into HL (or crashes back to HL)
- Booting AuReiNAND A9LH EmuNand with normal Firmware -> Homebrew Launcher CIA and then GodMode9.3dsx -> Reboots back into HL (or crashes back to HL)
- Booting AuReiNAND A9LH EmuNand with Firmware90.bin -> Homebrew Launcher CIA and then GodMode9.3dsx -> Works perfect

[0:] SDCARD
- Marking files work
- Deleting files work - Rename doesn't seem to work (X+R)
- Copy/Paste works Create Dir doesn't seem to work (Y+R)
- Screenshots ??? (what file am i looking for that contains the screenshots? )
- Clear/Restore ClipBoard works

I can browse all folders from Sysnand CTRNAND/TWLN/TWLP and EmuNAND CTRNAND/TWLN/TWLP
Copy / Paste -> wel that's fucked up in Sysnand

-> copy ??? -> Paste the file somewhere else, lotsa garbage on screen (See pictures below

So what i did sysnand TWLN
Copy TWLFontTable.dat (blahblahblah about write permission, so i gave it

)
Pasted it in the tmp folder (that was empty)
Result was a screen full with garbage folders and from :GJ...... it are files, 145.3MB/2.3GB/163.5MB/2.7GB/2.5GB last files is even 3.3GB according to your app

So i rebooted (since it's a tmp folder i suppose nothing bad will happen

) back into AurEiNand A9LH Emunand with firmware90.bin
that worked fine but all files/folders where still in the tmp folder under sysnand TWLN :/

[EDIT]
Booting back in my normal config -> AuReiNand A9LH Autoboot Sysnand 10.6 works fine, no errors or problems

(that's why i used the tmp folder, it's for temp stuff anyway

I didn't wipe any files yet, to late have to do that tomorrow evening

--------------------- MERGED ---------------------------

@d0k3

I compiled Decrypt9WIP, an A9LH part isn't included yet? or is that a seperate git i can compile?

shadowofdarkness · Mar 2, 2016

I was wondering if it would be possible to get decrypt9 fully working without a full 9.2 install if you could firm launch firmware90.bin to set the keys then have it just load decrypt9 and not the rest of the 9.2 system files. Which would be hopefully not needed at all.

I don't know actually know the boot process but it seems like something that could happen. By either changing the process to start decrypt9 instead of home menu or have decrypt9 pretend to be the home menu.

I'm just trying to have my dream working system up a updated sysnand and updated region changed emunand without a extra 9.2 emunand on a separate card.

d0k3 · Mar 2, 2016

DjoeN said:
@d0k3
Some test info on GodMode9
- Booting A9LH -> Freezes (black screens)
- Booting Cakes A9LH Emunand -> Homebrew Launcher CIA and then GodMode9.3dsx -> Reboots back into HL (or crashes back to HL)
- Booting AuReiNAND A9LH SysNand -> Homebrew Launcher CIA and then GodMode9.3dsx -> Reboots back into HL (or crashes back to HL)
- Booting AuReiNAND A9LH EmuNand with normal Firmware -> Homebrew Launcher CIA and then GodMode9.3dsx -> Reboots back into HL (or crashes back to HL)
- Booting AuReiNAND A9LH EmuNand with Firmware90.bin -> Homebrew Launcher CIA and then GodMode9.3dsx -> Works perfect

[0:] SDCARD
- Marking files work
- Deleting files work - Rename doesn't seem to work (X+R)
- Copy/Paste works Create Dir doesn't seem to work (Y+R)
- Screenshots ??? (what file am i looking for that contains the screenshots? )
- Clear/Restore ClipBoard works

I can browse all folders from Sysnand CTRNAND/TWLN/TWLP and EmuNAND CTRNAND/TWLN/TWLP
Copy / Paste -> wel that's fucked up in Sysnand -> copy ??? -> Paste the file somewhere else, lotsa garbage on screen (See pictures below

So what i did sysnand TWLN
Copy TWLFontTable.dat (blahblahblah about write permission, so i gave it )
Pasted it in the tmp folder (that was empty)
Result was a screen full with garbage folders and from :GJ...... it are files, 145.3MB/2.3GB/163.5MB/2.7GB/2.5GB last files is even 3.3GB according to your app

So i rebooted (since it's a tmp folder i suppose nothing bad will happen ) back into AurEiNand A9LH Emunand with firmware90.bin
that worked fine but all files/folders where still in the tmp folder under sysnand TWLN :/

[EDIT]
Booting back in my normal config -> AuReiNand A9LH Autoboot Sysnand 10.6 works fine, no errors or problems (that's why i used the tmp folder, it's for temp stuff anyway

I didn't wipe any files yet, to late have to do that tomorrow evening

Thanks a ton!

Creating dirs and renaming files is not implemented yet - it's a early testers version after all.

Regarding the entry point, of course you need the Firmware90.bin, because of the exploit that is required for this. So, I'm not surprised that it doesn't work with the other methods. Screenshots are stored on the SD card as snap???.bmp. As for writing to TWLNAND - it seems that something is wrong with the low level writing functions there. I will find out, though. A corrupt TWLN won't have any averse effects on your system in any case, and you can just restore it. Copying files from the NAND to the SD card works fine, though.

DjoeN said:
I compiled Decrypt9WIP, an A9LH part isn't included yet? or is that a seperate git i can compile?

Not yet, I'm working on it, also on reducing the special cases in the Makefile. Guess that will still need some time.

BTW, regarding booting from A9LH - it is unsure if we'll ever have full functionality with this, because in A9LH some stuff that is otherwise required for D9 / G9 does not work (yet).

--------------------- MERGED ---------------------------

shadowofdarkness said:
I was wondering if it would be possible to get decrypt9 fully working without a full 9.2 install if you could firm launch firmware90.bin to set the keys then have it just load decrypt9 and not the rest of the 9.2 system files. Which would be hopefully not needed at all.

I don't know actually know the boot process but it seems like something that could happen. By either changing the process to start decrypt9 instead of home menu or have decrypt9 pretend to be the home menu.

I'm just trying to have my dream working system up a updated sysnand and updated region changed emunand without a extra 9.2 emunand on a separate card.

Good idea! A9LH is still very young, so stuff like that is not out of reach. It will take some time until something like that comes up, though.

Deleted User · Mar 3, 2016

dark_samus3 · Mar 3, 2016

d0k3 said:
Well, I compiled for GW and just provided the .bin, so there's the problem. If only that framebuffer would work on Brahma 2, too... I'm annoyed too hell with all the different framebuffers. Bootstrap and GW compatibility is nor more required, but Brahma is still one of the most important entrypoints.

Anyways, the problem here, with that error message is either (1) you don't access to the NAND CID or (2) the keyslots for CTRNAND decryption are not set. Both are very likely on A9LH. For the NAND CID, there is a workaround, but for the keyslots there is not.

You will need to use one of the other entrypoints.

I'll clear some stuff up, with your current addition of NAND CID dumping, I dumped a valid one from my NAND, booted from arm9loaderhax (latest code on github compiled with the draw.h changes... I'll show you how best to make your framebuffers compatible with all entrypoints soon too

) and dumped firm0 and CTRNAND successfully (mounted CTRNAND as a loop device in linux and verified the firm0 against a dump I had) everything looks good so far from that side of it

EDIT: Normmatt decided to get around to getting the NAND CID from sdmmc, here's the code he posted: https://gist.github.com/Normmatt/889fdb870a07aec0eb05 we can just remove the memory scanning part now, this way is much better

dark_samus3 · Mar 3, 2016

@d0k3 so I finally got around to testing GodMode9, I changed the framebuffers to make it display, all I get is "initialising failed! (1/1:/13) (<A> to continue)"

d0k3 · Mar 3, 2016

MyLegGuy said:
I'm using the latest release, and this just boots to a black screen for me on the 3dsx version. I'm on 9.2 n3ds using themehax.

Boot failures are still possible (there is no 100% boot rate with this exploit). What launcher are you using to run this? I suggest you try again, though.

dark_samus3 said:
I'll clear some stuff up, with your current addition of NAND CID dumping, I dumped a valid one from my NAND, booted from arm9loaderhax (latest code on github compiled with the draw.h changes... I'll show you how best to make your framebuffers compatible with all entrypoints soon too ) and dumped firm0 and CTRNAND successfully (mounted CTRNAND as a loop device in linux and verified the firm0 against a dump I had) everything looks good so far from that side of it

EDIT: Normmatt decided to get around to getting the NAND CID from sdmmc, here's the code he posted: https://gist.github.com/Normmatt/889fdb870a07aec0eb05 we can just remove the memory scanning part now, this way is much better

Good to hear! I'd also be interested in wether TWLN/TWLP can be dumped. Can it? As for that code by Normatt... I'd happily throw out the clunky NAND CID dumping routines, but Normatt only provided the code to get the SD CID, not the NAND CID here. I fear there might also be no other way of obtaining the NAND CID other than the one I'm using here, but never say never

.

For the framebuffers, well I tried throwing out the GW and bootstrap build goals (replaced bootstrap by a new arm9payload goal) yesterday, and to reduce the two cases to one by using the bootstrap (.ld, .s) files with the GW (which are also CakeHax) framebuffers. That did break Brahma, though. I could use Brahma with the CakeHax chainloader and I'm almost sure it would work that way, but that''s still somewhat clunky.

dark_samus3 said:
@d0k3 so I finally got around to testing GodMode9, I changed the framebuffers to make it display, all I get is "initialising failed! (1/1:/13) (<A> to continue)"

That is due to (you wouldn't have guessed it

) us being unable to obtain the NAND CID on arm9loaderhax. I'll put the workaround in and make a new testers version today.

nero99 · Mar 3, 2016

So what would happen if I were to use this tool to copy my 9.2 emunand over to my sysnand that is on 4.2? Would it brick it or be on 9.2 with no problems? Only asking because I have no way to update to 9.0-9.2 as sliderhax does not work on 4.X which means I can't use sysupdater..

morph95 · Mar 3, 2016

Decrypt9WIP-CIA can be installed on emunand 10.6 with BBM? My sysnand is 4.2.

Februarysn0w · Mar 3, 2016

DjoeN said:
@d0k3
-sniff-

-sniff-

looks so cool!!!

--------------------- MERGED ---------------------------

morph95 said:
Decrypt9WIP-CIA can be installed on emunand 10.6 with BBM? My sysnand is 4.2.

it's will not work. you need emunand FW <=9.2

Homebrew Official [Download] Decrypt9 - Open Source Decryption Tools (WIP)

3DS Homebrew Legend

Well-Known Member

3DS Homebrew Legend

.

3DS Homebrew Legend

.

3DS Homebrew Legend

.

Captain Haddock!

3DS Homebrew Legend

Captain Haddock!

Well-Known Member

3DS Homebrew Legend

Deleted User

Guest

Well-Known Member

Well-Known Member

3DS Homebrew Legend

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum