Hacking Official Corbenik - Another CFW for advanced users (with bytecode patches!)

  • Thread starter Thread starter chaoskagami
  • Start date Start date
  • Views Views 287,534
  • Replies Replies 2,153
  • Likes Likes 60
That makes sense, I suppose, considering they're just title keys.
If you take the URLs on your github page for the 11.0 NATIVE_FIRM and replace the last part of the url with cetk, you get an encrypted titlekey (I think) for the firmware. Run it though dump_ticket_keys.py, then Decrypt9, then chop off all but the last 16 bytes of the result.

I was able to check my process by comparing with an O3DS key I still had from an old version of the hack.


Edit: I found how it all works from the Cakes instructions thread.
 
Last edited by Kirtai,
If you take the URLs on your github page for the 11.0 NATIVE_FIRM and replace the last part of the url with cetk, you get an encrypted titlekey (I think) for the firmware. Run it though dump_ticket_keys.py, then Decrypt9, then chop off all but the last 16 bytes of the result.

I was able to check my process by comparing with an O3DS key I still had from an old version of the hack.

Yes, that gets you an encrypted titlekey rather than a decrypted titlekey (which is what we need) As it stands, it's possible to have D9 directly decrypt the firmware, as well as convert encTitleKeys to decTitleKeys.

There's multiple ways to get the firmkey (which is a decrypted titlekey for the FIRM.) I'll probably revise the readme next version to include a few non-download ways.
 
Yes, that gets you an encrypted titlekey rather than a decrypted titlekey (which is what we need) As it stands, it's possible to have D9 directly decrypt the firmware, as well as convert encTitleKeys to decTitleKeys.
Urgh, so I could have just decrypted the firmware directly instead of messing with the key? Now I feel dumb...
 
Urgh, so I could have just decrypted the firmware directly instead of messing with the key? Now I feel dumb...

Aw, don't feel bad. That's recent. Like, just made fully working ~10days ago.

And having keys is always useful.
 
Aw, don't feel bad. That's recent. Like, just made fully working ~10days ago.

And having keys is always useful.
True, if nothing else it means I don't have to mess around with decrypting different firmware revisions or keep track of old/new, encrypted/decrypted & different versions of firmware files.
...
Suddenly I'm glad I got the keys :)

Also, others can use the same technique to get their keys. (TWL & AGB keys can be obtained exactly the same way from the cetk files of course)
 
  • Like
Reactions: chaoskagami
As long as I hit no severe bugs in my usage tomorrow, I'll be releasing end-of-day another version.

As for @Orkna - if you're still having speed issues when recompiling the latest git, something is wrong with your system. I'm rate limiting keypresses to an approximate human measured limit - somewhere around ~4 per second.

Next release will be a while after the next unless anything severe happens. I'm currently sitting here staring at radare2 and doing something utterly insane. I'll refrain from saying what I'm doing unless I actually finish. :sleep:
 
Last edited by chaoskagami,
  • Like
Reactions: astronautlevel
It would seem that region free home patch is broke :/ tried installing two other region games with the freeshop homebrew and they did not appear.

In git? Not for me. I haven't made a release yet either.
 
it's broke in the latest release where you fixed the agb bootscreen patch.

Which is buggy at this point, and why I am making another release soon. It should work fine unless you forgot to enable loader and save the config. Either way, I'm not able to repro that (for real) since I have >10 OOR games dumped without region flag hacks and I would know since I'm working my way through one.
 
Last edited by chaoskagami,
Which is buggy at this point, and why I am making another release soon. It should work fine unless you forgot to enable loader and save the config. Either way, I'm not able to repro that (for real) since I have >10 OOR games dumped without region flag hacks and I would know since I'm working my way through one.
Enabling loader does fix the problem.
 
  • Like
Reactions: chaoskagami
Enabling loader does fix the problem.

No duh. You can't load userland patches without loader. That's not a bug.

EDIT: Apologies if I seem hostile above. Kinda tired at the moment, and I would have thought this would be pretty clear from the README (apparently not). :sleep:
 
Last edited by chaoskagami,
No duh. You can't load userland patches without loader. That's not a bug.

EDIT: Apologies if I seem hostile above. Kinda tired at the moment, and I would have thought this would be pretty clear from the README (apparently not). :sleep:
I've been busy all day so my head isn't working fully anymore x.x
 
  • Like
Reactions: chaoskagami
Reverse engineering NTR or some system firmware perchance?

I will say it isn't NTR, since it's unclean in the way it takes things over and I have no interest in how it does things. It's closed source too, which is mutually incompatible with GPLv3. There's no value in reversing it to me. Not to mention patois already did that on v2.0.

Either way, it's going to be slow and I'd rather not get people's hopes up without anything to show yet. It won't slow development any on Corbenik, considering I'm doing it for a reason.
 
  • Like
Reactions: astronautlevel
I will say it isn't NTR, since it's unclean in the way it takes things over and I have no interest in how it does things. It's closed source too, which is mutually incompatible with GPLv3. There's no value in reversing it to me. Not to mention patois already did that on v2.0.
Wew, that means my project for the summer isn't going to be lost yet.
 
  • Like
Reactions: chaoskagami
Wew, that means my project for the summer isn't going to be lost yet.

Power to you, then. NTR doesn't interest me in the slightest considering it'll hit the same NFIRM issue as RxTools eventually, as well as many other reasons.

EDIT: It's also an order of magnitude larger than what I'm going to RE.
 
Last edited by chaoskagami,
6?
Corbenik
Luma
Salt
Reinand
New RxTools
...
hmm, which am I missing?
Corbenik
CakesFW
SaltFW
Luma3DS
Mizuki
ReiNand

It would seem that region free home patch is broke :/ tried installing two other region games with the freeshop homebrew and they did not appear.
I just installed an EU game through freeShop and it's showing up and working on my US system.
I even reboot my system and did a full shutdown. Game was still there and working.
I used Ecco 3D EU to test this on the latest version.
 
Last edited by The Catboy,

Site & Scene News

Popular threads in this forum