Homebrew Download Play modification?

[CeeDee]

Is there any way to modify and send CIAs temporarily to other users or something of the like, via Download Play? I know modification is possible, like CTGP-7 for example, which works fine on sstems without signature patches, but I'm unsure just how much can be changed.

 

[Khangaroo]

Better yet, a Homebrew Launcher exploit through download play.

 

[Halvorsen]

Is there any way to modify and send CIAs temporarily to other users or something of the like, via Download Play? I know modification is possible, like CTGP-7 for example, which works fine on sstems without signature patches, but I'm unsure just how much can be changed.

The only reason CTGP works is because it clones certain files to the child 3DS, the integrity of it doesn't really matter. Either way, the answer is yes, it's definitely possible to send modified data to a user's 3DS, the question is, to what extent.

 

[endoverend]

The possible size of a download play title is waaaayyy too small to fit a CIA or anything of the sort. It gets temporarily stored in the 3DS NAND.

 

[CeeDee]

The only reason CTGP works is because it clones certain files to the child 3DS, the integrity of it doesn't really matter. Either way, the answer is yes, it's definitely possible to send modified data to a user's 3DS, the question is, to what extent.

Yeah, most files (all but the actual course data, it seems) aren't modified whatsoever in CTGP, so I don't know how much you can do with it.

The possible size of a download play title is waaaayyy too small to fit a CIA or anything of the sort. It gets temporarily stored in the 3DS NAND.

Not even a fairly small one? I'm not thinking "full 1GB game" but rather "30MB-ish 3D classic/virtual console game"

Better yet, a Homebrew Launcher exploit through download play.

That'd be cool! If it's even possible...

 

[endoverend]

It was possible to load homebrew on the DS via setting up a download play beacon with a very specific model of Wi-Fi adapter chipset, and even then you had to first patch the DS firmware via a GBA flash cart, and games didn't work because it had to be copied to the DS internal memory. We'd have to figure out how to set up a similar beacon for the 3DS, or to reverse engineer the download play app and figure out how to patch the 3DS firmware to accept an unsigned package as download play, AND it would all have to be small enough to fit in the 3DS nand.

 

[CeeDee]

figure out how to patch the 3DS firmware to accept an unsigned package as download play

If it needs to be signed, then how does stuff like CTGP work?

 

[dpad_5678]

Is there any way to modify and send CIAs temporarily to other users or something of the like, via Download Play? I know modification is possible, like CTGP-7 for example, which works fine on sstems without signature patches, but I'm unsure just how much can be changed.

The 3DS has an RSA Sig check for material received via DL Play. Same thing as DS / Lite / i / i XL

 

[endoverend]

If it needs to be signed, then how does stuff like CTGP work?

Different kind of signature. All CTGP is is a game mod, meaning it just patches the game's file structure to load certain files from the SD card. Nothing needs to be signed.

 

[BruceJackieJetLeeLiChan]

Even if this were possible. I've tried a download play of Mario Kart 7 and it took about 10 minutes just to finish downloading just for the multiplayer part, it doesn't download the whole game. Actually downloading a full game would take a really long time through Download Play.

--------------------- MERGED ---------------------------

 

[ultramario1998]

Different kind of signature. All CTGP is is a game mod, meaning it just patches the game's file structure to load certain files from the SD card. Nothing needs to be signed.

(Just throwing out ideas here) could we then just patch Mario Kart 7 in a similar fashion so that it runs a payload instead of the game?

 

[endoverend]

(Just throwing out ideas here) could we then just patch Mario Kart 7 in a similar fashion so that it runs a payload instead of the game?

Well considering you have to run a payload to be able to patch the game in the first place, that wouldn't really make sense.

 

[Halvorsen]

-snip-

 

[CeeDee]

Different kind of signature. All CTGP is is a game mod, meaning it just patches the game's file structure to load certain files from the SD card. Nothing needs to be signed.

But the CTGP download play still works even without CTGP files on the receiver's SD card.

 

[endoverend]

But the CTGP download play still works even without CTGP files on the receiver's SD card.

All ctgp has to do is save the downloaded files, not run them. To run a binary through download play it has to be signed.

 

[PabloMK7]

Mario Kart 7 sends the course files (szs) from its main romfs when they are needed to the child, instead of the download play cfa. CFA is signed, so it won't work if modified, but courses are just data files, which are sent each time a course is loaded. It may be possible to make an exploit by sending corrupted szs files with a payload. They use yaz0 and sarc compression. You would need to use another 3DS with modded MK7 in order to make it work.