Hello,

If you are looking for a way to use firmware.bin with cakesfw which is NOT available on NUS (NintendoUpdateServer) anymore, then this is the right tutorial for you! This guide is most useful for ppl with arm9loaderhax (a9lh) because you can coldboot homebrew with arm11 execution.

Explanation: Most CFWs don't use the firmware from your 3DS, instead they are loading a "firmware.bin" from sd card and patch it on the fly to make homebrew usage possible on the latest firmware. But there are two different firmware.bin you can get:
-The official one which hosts NUS [encrypted! First bytes inside the file are garbage]
-The decrypted one (e.g. AuReiNAND uses this) [First bytes inside the file say "FIRM"]

CakesFW uses always the former and not all firmware.bin are available for download. e.g. N3DS firmware.bin for 9.0 is missing. This is how we circumvent this issue without recompiling and alter with the sourcecode.

Pros and Cons:

+Coldboot homebrew with ARM11 execution (e.g. gateway/hbl); only way to do it otherwise is to use AuReiNAND and holding "L" while booting
+Plain simple push on/off button and boot homebrew
- You can't use CakesFW bootmenu anymore (else you have to make changes again)


Prerequisites:

-AuReinand CFW installed and running.
-CakesFW installed and running.
-the decrypted firmware.bin *
-Hexeditor of your choice

*=Legal way: If you can't find a decrypted firmware.bin for the firmware you seek, you can follow this tutorial to dump and decrypt your own from a 3DS:
http://gbatemp.net/threads/quick-tu...-any-system-titles.396247/page-2#post-6154106
Thank you @pakrett !
And instead of creating a d9titles folder you create "Decrypt9" and copy the firm.app in there. Use the option: Game Decrypter Options->NCCH/NCSD Decryptor
Note: For N3DS the app-folder inside the firmwareimage will be 20000002.
Method2: You can decrypt and extract the cia of the Downgrade-Pack to retrieve a decrypted copy.
** For a decrypted 9.0 N3DS firmware.bin you can use the "firm.7z" pack from AuReiNands github.


Guide:

1. copy the firmware.bin to the rei folder (sd0:/rei/) on your sd. Create an empty file there called "usepatchedfw"
2. Boot Aureinand once or hold "L" while booting to use the firmware90.bin
3. Configure Cakes so it autoboots cfw and uses the patches/settings you need.
4. Copy the config.dat to your pc
5. Now you need to know from which NATIVE_FIRM your firmware.bin is!
Look up the "3DS hex title contentID" on https://3dbrew.org/wiki/FIRM and remember it.
Example: For firmware 4.0 it will be "0x1D"
Note: I didn't find it for New3DS but there exist only 4 versions up today:
"0x04" stands for 9.0+
"0x0B" stands for 9.6+
"0x0F" stands for 10.2+
"0x1F" stands for 10.4+
6. Open up the config.dat in a hexeditor and on the right side you'll see a path to the patches you're applying.
e.g. "/cakes/patches/n3ds-0x1F/emunand.cake"
Replace the 0x1F with the "3DS hex title contentID" from the firmware.bin you want to use.
So for N3DS fw9.0 it will be "/cakes/patches/n3ds-0x04/emunand.cake"
7. Do this for all entries you see in your config.dat
8. Rename the patched_firmware.bin or patched_firmware90.bin from sd0:/rei/ to "firmware_patched.bin"
9. Move and replace the firmware_patched.bin from sd0:/rei/ to sd0:/cakes/
10. CakesFW should work now

For firmware.bin 9.0 user:
You can now configure the nand you are booting to with menuhax and boot for example gateway directly!

If it doesn't work for whatever reason (blackscreen) make sure you have all required Slot0xXXKeyXXX.bin files on sd0:/.

Hope this helps some people.

EDIT: 18.03.2016: Editing config.dat is not needed

 

[leonmagnus99]

great tutorial!

i have a somewhat off-topic question , i have recently installed A9LH on my og 3ds, and when i pressed R during boot it would boot me into sysNAND with sig. patch thingie.
and the L button would boot nothing just blank black screen.

i would like to know which way i am supposed to configure the menuhax to set L to boot into sysNAND with sig. patched.
i have managed to set R to boot into my CTR coldboot thingie, but i am stuck and dont know how to set L for sysNAND. could you help me with this please?
thanks in advance.

 

[GothicIII]

I screwed up. Wrong subforum Im sorry. Hope it will be moved soon.

@leonmagnus99 :

1st. You need to edit your boot_config.ini file so for example L will boot Reinand.Don't forget to get the files for Bootctr9, the bootmanager for arm9loaderhax.
This should look like this:
[KEY_L]
path = /a9lh/ReiNand.dat
screenEnabled = 1
delay = 200
offset = 0x12000
payload = -1

Then boot into Sysnand and then you need HBL to install menuhax.

 

[thaikhoa]

Will cakesfw boot on every firms? Even on 2.1.0 (0x0B)?

 

[GothicIII]

@thaikhoa : theoretically yes. But for sigpatches the folder must contain the patch for that specific fw. But I won't test it.

Edit: this applies to O3DS only. For running 2.1.0 on N3DS you need to modify cakesfw source code and compile it because cakes fw behaves differently on N3DS

 

[plasma]

wrong section lmao
needs to be in the 3DS tuts section.

 

[Aurora Wright]

HBL doesn't require 9.0 FIRM, you can even use it on 10.6... Just Gateway and D9/emunand9/whatever cfw do. D9 and cfws now work from A9LH directly, so the only real reason for 9.0 FIRM is gateway (that's why I'm keeping the 9.0 emuNAND currently).

 

[GothicIII]

@Plasma Shadow : I don't know what I should do. I already reported it but nobody cares.

@Aurora Wright : Yes you're right. But e.g. Fbi cia installation only works on 9.0fw and for me injection doesn't work (the app disappears from home menu). Maybe there is more home brew like gateway or ntr which depends on 9.0 FIRM.

 

[Aurora Wright]

@Plasma Shadow : I don't know what I should do. I already reported it but nobody cares.

@Aurora Wright : Yes you're right. But e.g. Fbi cia installation only works on 9.0fw and for me injection doesn't work (the app disappears from home menu). Maybe there is more home brew like gateway or ntr which depends on 9.0 FIRM.

With A9LH D9, you can now very easily inject FBI to Health and Safety of a 10.6 NAND. From there, you can install the real FBI cia, so you don't need an exploit to do it. Gateway needs a 9.0 NAND because they haven't (yet?) released an A9LH payload. NTR works on 10.6 if you use the 10.2/9.6 FIRM.
As I said, Gateway is the only real reason for 9.0 FIRM today.

 

[GBHAKC75]

Hello,

If you are looking for a way to use firmware.bin with cakesfw which is NOT available on NUS (NintendoUpdateServer) anymore, then this is the right tutorial for you! This guide is most useful for ppl with arm9loaderhax (a9lh) because you can coldboot homebrew with arm11 execution.

Explanation: Most CFWs don't use the firmware from your 3DS, instead they are loading a "firmware.bin" from sd card and patch it on the fly to make homebrew usage possible on the latest firmware. But there are two different firmware.bin you can get:
-The official one which hosts NUS [encrypted! First bytes inside the file are garbage]
-The decrypted one (e.g. AuReiNAND uses this) [First bytes inside the file say "FIRM"]

CakesFW uses always the former and not all firmware.bin are available for download. e.g. N3DS firmware.bin for 9.0 is missing. This is how we circumvent this issue without recompiling and alter with the sourcecode.

Pros and Cons:

+Coldboot homebrew with ARM11 execution (e.g. gateway/hbl); only way to do it otherwise is to use AuReiNAND and holding "L" while booting
+Plain simple push on/off button and boot homebrew
- You can't use CakesFW bootmenu anymore (else you have to make changes again)


Prerequisites:

-AuReinand CFW installed and running.
-CakesFW installed and running.
-the decrypted firmware.bin *
-Hexeditor of your choice

*=Legal way: If you can't find a decrypted firmware.bin for the firmware you seek, you can follow this tutorial to dump and decrypt your own from a 3DS:
http://gbatemp.net/threads/quick-tu...-any-system-titles.396247/page-2#post-6154106
Thank you @pakrett !
And instead of creating a d9titles folder you create "Decrypt9" and copy the firm.app in there. Use the option: Game Decrypter Options->NCCH/NCSD Decryptor
Note: For N3DS the app-folder inside the firmwareimage will be 20000002.
Method2: You can decrypt and extract the cia of the Downgrade-Pack to retrieve a decrypted copy.
** For a decrypted 9.0 N3DS firmware.bin you can use the "firm.7z" pack from AuReiNands github.


Guide:

1. copy the firmware.bin to the rei folder (sd0:/rei/) on your sd. Create an empty file there called "usepatchedfw"
2. Boot Aureinand once or hold "L" while booting to use the firmware90.bin
3. Configure Cakes so it autoboots cfw and uses the patches/settings you need.
4. Copy the config.dat to your pc
5. Now you need to know from which NATIVE_FIRM your firmware.bin is!
Look up the "3DS hex title contentID" on https://3dbrew.org/wiki/FIRM and remember it.
Example: For firmware 4.0 it will be "0x1D"
Note: I didn't find it for New3DS but there exist only 4 versions up today:
"0x04" stands for 9.0+
"0x0B" stands for 9.6+
"0x0F" stands for 10.2+
"0x1F" stands for 10.4+
6. Open up the config.dat in a hexeditor and on the right side you'll see a path to the patches you're applying.
e.g. "/cakes/patches/n3ds-0x1F/emunand.cake"
Replace the 0x1F with the "3DS hex title contentID" from the firmware.bin you want to use.
So for N3DS fw9.0 it will be "/cakes/patches/n3ds-0x04/emunand.cake"
7. Do this for all entries you see in your config.dat
8. Rename the patched_firmware.bin or patched_firmware90.bin from sd0:/rei/ to "firmware_patched.bin"
9. Move and replace the firmware_patched.bin from sd0:/rei/ to sd0:/cakes/
10. CakesFW should work now

For firmware.bin 9.0 user:
You can now configure the nand you are booting to with menuhax and boot for example gateway directly!

If it doesn't work for whatever reason (blackscreen) make sure you have all required Slot0xXXKeyXXX.bin files on sd0:/.

Hope this helps some people.

Amazing ! It would be nice to see a cake patch to quickly switch between firmwares

 

[samiam144]

Oh awesome! This will be really helpful while waiting for GW to support a9lh (if ever)!!

 

[ad1gjm]

HBL doesn't require 9.0 FIRM, you can even use it on 10.6... Just Gateway and D9/emunand9/whatever cfw do. D9 and cfws now work from A9LH directly, so the only real reason for 9.0 FIRM is gateway (that's why I'm keeping the 9.0 emuNAND currently).

need your help. I'm on AuReiNand A9LH & I really want use GW now. Already put firmware90.bin (from A9LH - n3ds) to rei folder. when boot to AuReiNand A9LH hold "L" button it shows "an error has occured. Hold down the power button to turn off the power. then turn it on and try again. For help, visit support.nintendo.com". what does it means?

 

[Aurora Wright]

need your help. I'm on AuReiNand A9LH & I really want use GW now. Already put firmware90.bin (from A9LH - n3ds) to rei folder. when boot to AuReiNand A9LH hold "L" button it shows "an error has occured. Hold down the power button to turn off the power. then turn it on and try again. For help, visit support.nintendo.com". what does it means?

You either have menuhax interfering, or 9.0 emunand is borked.

 

[ad1gjm]

You either have menuhax interfering, or 9.0 emunand is borked.

I use browserhax instead of menuhax when install arm9loaderhax
9.0 emunand borked? how to fix it?

 

[mid-kid]

OBJECTION!
If you enable autoboot, CakesFW just blindly boots whatever your firmware_patched.bin is (which is a decrypted firmware). No patching is done whatsoever. Editing the config.dat the way you do is exceedingly unnecessary. Keep in mind that replacing firmware_patched.bin is unsupported, though for the time being, as long as the patched_firmware.bin you replace it with is for the same console, you should be fine.
Also, since the patched firmware isn't touched, any settings you enable in CakesFW (aside from autoboot) will be ignored.
I really recommend just getting a proper firmware.bin instead. I posted a pack of o3ds firmwares a while back on the CakesFW thread on the iso site, and you can also extract them from update CIAs by using `ctrtool -p --meta=meta firm.cia`.

 

[GothicIII]

OBJECTION!
If you enable autoboot, CakesFW just blindly boots whatever your firmware_patched.bin is (which is a decrypted firmware). No patching is done whatsoever. Editing the config.dat the way you do is exceedingly unnecessary. Keep in mind that replacing firmware_patched.bin is unsupported, though for the time being, as long as the patched_firmware.bin you replace it with is for the same console, you should be fine.
Also, since the patched firmware isn't touched, any settings you enable in CakesFW (aside from autoboot) will be ignored.
I really recommend just getting a proper firmware.bin instead. I posted a pack of o3ds firmwares a while back on the CakesFW thread on the iso site, and you can also extract them from update CIAs by using `ctrtool -p --meta=meta firm.cia`.

Thank you for your suggestion.
Yes, about hexediting the config.dat you are completly right. I didnt test this carefully, I posted the tutorial as soon as it worked. I also posted the downside of this (that you cannot use the cakes menu).
I didn't know that you can extract encrypted files from a cia. You won't find information about this topic easily. I managed only to extract decryted content.
Also I tried it with ctrtool now and extracted the file. I checked the size and it is ok (994.304 Bytes) but cakesfw doesn't accept it and tells that it failed to decrypt arm9 firm.

 

[mid-kid]

but cakesfw doesn't accept it and tells that it failed to decrypt arm9 firm.

Make sure you have the proper slot0x11key96.bin (if it even gets to that point it means the firmware.bin is probably right).

 

[GothicIII]

@mid-kid I have else fw-files >9.5 wouldnt work

First 16Bytes of the firmware.bin from 9.0FIRM:

BA D4 CA 46 51 84 6B A3 30 07 68 04 59 44 F0 7E

@mid-kid no ideas anymore? I checked all files and its good. CRC32 of slot0x11key96.bin is 595856B6. I checked it with multiple sources.

 

[Skaterdie]

Has anyone got 2.1 emunand working?