Homebrew [Request] CTRAging (3ds debug app) research.

trainboy2019 · Feb 9, 2017

Does anyone know what the 32kEEPROM.bin in the romfs is for?

y0shim@ri0 · Feb 13, 2017

I have a nand dump of a o3ds xl that was on 6.0-6.3, What are the chances of it having ctraging? Ill check anyway when i get the time.

PabloMK7 · Feb 13, 2017

y0shim@ri0 said:
I have a nand dump of a o3ds xl that was on 6.0-6.3, What are the chances of it having ctraging? Ill check anyway when i get the time.

There's no way to know.

y0shim@ri0 · Feb 14, 2017

This is going to take me awhile, i just found my backup, and now i have to flash it to my system, generate my xorpads, and see if its there.

y0shim@ri0 · Feb 14, 2017

Well, i got my xorpads and stuff, running the bat gets to the fff.exe and it says invalid xorpad...

piratesephiroth · Feb 14, 2017

You don't need to reflash a backup to generate a xorpad. The encryption is console-unique.
It doesn't matter how many times you format the console, your xorpad will always be valid and you'll be able to decrypt any dumped CTRNAND partition.

y0shim@ri0 · Feb 14, 2017

The xorpads that i made always throw up an error saying that the program expected 000000000, but got ffffffff, and tbh i didnt know that lol
Edit: it seems like it did get decrypted, but theres no reference of the ctraging app, or its title id.

Derek1199 · Sep 30, 2017

Dumping o3ds CTRAging is relevant again. And it is now maybe possible to get a clean one. Beforehand you would need to find a never used o3ds that has never been turned on even, and then you would need to hardmod it, dump the nand, install b9s, dump the xorpad, then decrypt the nand dump, then use HxD, and then poke around the decrypted nand dump using fffuck. Problem is not many could get hardmods. Most can't solder which is why they can't. However, now people can use NTRBoot with an compatible NTRBoot flashcart. With this you can launch GodMode9 via NTRBoot before even turning it on for the first time, and dump the nand and xorpad with it. And do the aforemented steps up there. Or, there's another method now for decrypting nand dumps. You can use Stary's tools. Which do not require an xorpad. You need your boot9 and otp dumped, and your nand.bin and NAND CID to use Stary's tools. Note: Getting your boot9 dumped requires having b9s installed. Dump the nand before installing it though still. Point is, now it is possible to dump it.

zoogie · Sep 30, 2017

Derek1199 said:
Dumping o3ds CTRAging is relevant again. And it is now maybe possible to get a clean one. Beforehand you would need to find a never used o3ds that has never been turned on even, and then you would need to hardmod it, dump the nand, install b9s, dump the xorpad, then decrypt the nand dump, then use HxD, and then poke around the decrypted nand dump using fffuck. Problem is not many could get hardmods. Most can't solder which is why they can't. However, now people can use NTRBoot with an compatible NTRBoot flashcart. With this you can launch GodMode9 via NTRBoot before even turning it on for the first time, and dump the nand and xorpad with it. And do the aforemented steps up there. Or, there's another method now for decrypting nand dumps. You can use Stary's tools. Which do not require an xorpad. You need your boot9 and otp dumped, and your nand.bin and NAND CID to use Stary's tools. Note: Getting your boot9 dumped requires having b9s installed. Dump the nand before installing it though still. Point is, now it is possible to dump it.

I think instead of hoping for a clean one from a single 3ds (long shot), we should maybe stitch together a working copy from multiple samples.
As to how you would organize such an endeavor, I have no idea.

Deleted member 423843 · Jan 3, 2018

So... I looked around in the RomFS and found some interesting sound files, most of them from Mario Kart (7?).
I wonder why they did not use any .bcstr files ( or other .bcXXX files ), they just used .wav files and one .bcsar called "simple.bcsar" containing data garbage.

https://clyp.it/mbzd0zwr# | The first 4 seconds of the 3DS Settings BGM, wrong sampled ( 2s L, 2s L+R ). ( Internal File name: Ctr_Mset_BGM_4sec.wav )

https://clyp.it/00q34ae5 | The fanfare you hear when a Mario Kart race begins. ( Internal file name: fanfare_16bit_fs32kHz_1ch.wav )

https://clyp.it/mszydsqf | A sound Yoshi makes sometimes in Mario Kart when racing. Internal: wihaho_16bit_fs22kHz_1ch.wav

https://clyp.it/pg11y5au | Yoshi calling his name, I assume it's from Mario Kart too. Internal: yoshi_16bit_fs16kHz_1ch.wav

There are more sound files, which aren't that special to upload them:

HARPC5.wav | It is what the name tells you. A harp playing a C5 note.

ok.wav | The sound playing when some tests pass.

ng.wav | The sound playing when some tests fail.

L-sin440Hz_R-sin660Hz_8bit_fs44kHz_2ch.wav | A sinus 440 Hz sound at L speaker, 660 Hz at R Speaker

camera.wav | A crappy and loud camera sound.

But I still dont know where it stores the BGM from the GPU test

EDIT:

I assume that the reason why they used MK sounds is because Aging was developed at the time when MK was only one of the few finished games.

------------

Update: I found out something strange... After some tests, my first wireless network that I configured was overwritten.
The SSID changed to N-WAP0001, Security to WPA2-PSK (AES). MTU = 0. I'll look for the reason why this happened.

bOLA1pcBA-aEBTyWD9swi2R0wYNuv7eqYBG35Np_j2nc-6GIlttA9Qamtnai_b_LNoZfyXWLdO0zEl_0M-_iNGmqNfKzk7jNbe_RbHvTKtaajiYKKLPnvmZOmUpaumc3qxG_iM45pZjE1nDX0FjZWe2-_zUH4CqmOWo3ec3uicRjJ7Oisd8ft3lkPA_Tjk9mr06Pk5xHUnOhrTNeKYJH6rWhdFAqCj2WnITzibqmqJ3TLdBdv_Rycj-SdiMn81WjkIlJRgjTHhy0Ju6NNpJKB0a6ULyrkQPAEUWuZXcXW-mc3shxC77CetGFkIEymP4rzf40jOtw1i0p73lPdtbXP1URP6xmhS3Y2OegmeGhHU3HZeggj2oQZYgiDrBR-uvlDAdpea5HlC1S1OSPQ_ztZHcmb0WytBp8GDRgOwQkMydJR3AfPD3-_6mi6xPNc1IcySD_rHnfMWcYotffjTEa6n3VBTpQuYIRsqj9cOAtDLJOHL0SBbZaetvk_UicXJKZ2sC7qFKgvahZ6sZI2xYZFxrUUd8PAaZvcD8bNNtJaAIyUrcDl1d3imQXScc-AMknRsM03SwbP6LG0xJEaTGg6lO-TtjEHelhLnibZAE=w738-h984-no

lol, aging put the ir lamp on

Deleted member 423843 · Jan 3, 2018

SD Write Test is writing 1024B of ASCII characters at sdroot:/uji/. uji is japanese for "testing"

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

btw I found this in a memory dump I made in CTR Aging:

Code:

$#*-pw~ylkbeHOFATSZ]àçîéüûòõØßÖÑÄÃÊÍ—ž™Œ‹‚…¨¯¦¡´³º½ÇÀÉÎÛÜÕÒÿøñöãäíê·°¹¾«¬¥¢ˆ†“”š' ).;<52

This looks quicy, especially the "-pw"
edit: found out, it's part of an audio compiler, probably libflac

Alan Treecko · Jan 3, 2018

maxim7w said:
So... I looked around in the RomFS and found some interesting sound files, most of them from Mario Kart (7?).
I wonder why they did not use any .bcstr files ( or other .bcXXX files ), they just used .wav files and one .bcsar called "simple.bcsar" containing data garbage.

https://clyp.it/mbzd0zwr# | The first 4 seconds of the 3DS Settings BGM, wrong sampled ( 2s L, 2s L+R ). ( Internal File name: Ctr_Mset_BGM_4sec.wav )

https://clyp.it/00q34ae5 | The fanfare you hear when a Mario Kart race begins. ( Internal file name: fanfare_16bit_fs32kHz_1ch.wav )

https://clyp.it/mszydsqf | A sound Yoshi makes sometimes in Mario Kart when racing. Internal: wihaho_16bit_fs22kHz_1ch.wav

https://clyp.it/pg11y5au | Yoshi calling his name, I assume it's from Mario Kart too. Internal: yoshi_16bit_fs16kHz_1ch.wav

There are more sound files, which aren't that special to upload them:

HARPC5.wav | It is what the name tells you. A harp playing a C5 note.

ok.wav | The sound playing when some tests pass.

ng.wav | The sound playing when some tests fail.

L-sin440Hz_R-sin660Hz_8bit_fs44kHz_2ch.wav | A sinus 440 Hz sound at L speaker, 660 Hz at R Speaker

camera.wav | A crappy and loud camera sound.

But I still dont know where it stores the BGM from the GPU test

EDIT:

I assume that the reason why they used MK sounds is because Aging was developed at the time when MK was only one of the few finished games.

the BGM from the GPU test is midi, which is stored in /snd/simple.bcsar. bcsars are like the 3ds version of midi and theres no way to 100% extract them with their sounds intact afaik

EDIT: read it again and you mentioned it being garbage data. it's not.

BCSAR_TOOL.exe simple.bcsar
Little endian detected!
Let's move on...
STRG succesfully parsed, gonna parse file names now.
Type of the file?: 7937
Offset: 472
Size: 15
Type of the file?: 7937
Offset: 487
Size: 18
Type of the file?: 7937
Offset: 505
Size: 17
Type of the file?: 7937
Offset: 522
Size: 9
Type of the file?: 7937
Offset: 531
Size: 12
Type of the file?: 7937
Offset: 543
Size: 10
Type of the file?: 7937
Offset: 553
Size: 14
Type of the file?: 7937
Offset: 567
Size: 10
Type of the file?: 7937
Offset: 577
Size: 10
Type of the file?: 7937
Offset: 587
Size: 10
Type of the file?: 7937
Offset: 597
Size: 13
Type of the file?: 7937
Offset: 610
Size: 14
Type of the file?: 7937
Offset: 624
Size: 16
Type of the file?: 7937
Offset: 640
Size: 9
Type of the file?: 7937
Offset: 649
Size: 9
Type of the file?: 7937
Offset: 658
Size: 9
Type of the file?: 7937
Offset: 667
Size: 9
Type of the file?: 7937
Offset: 676
Size: 12
Type of the file?: 7937
Offset: 688
Size: 10
Type of the file?: 7937
Offset: 698
Size: 15
Type of the file?: 7937
Offset: 713
Size: 10
Type of the file?: 7937
Offset: 723
Size: 8
Type of the file?: 7937
Offset: 731
Size: 8
Type of the file?: 7937
Offset: 739
Size: 16
Type of the file?: 7937
Offset: 755
Size: 16
Type of the file?: 7937
Offset: 771
Size: 14
Type of the file?: 7937
Offset: 785
Size: 16
Type of the file?: 7937
Offset: 801
Size: 14
Type of the file?: 7937
Offset: 815
Size: 17
Type of the file?: 7937
Offset: 832
Size: 13
Type of the file?: 7937
Offset: 845
Size: 10
Type of the file?: 7937
Offset: 855
Size: 10
Type of the file?: 7937
Offset: 865
Size: 8
Type of the file?: 7937
Offset: 873
Size: 9
Type of the file?: 7937
Offset: 882
Size: 9
Type of the file?: 7937
Offset: 891
Size: 12
Type of the file?: 7937
Offset: 903
Size: 9
Type of the file?: 7937
Offset: 912
Size: 10
Type of the file?: 7937
Offset: 922
Size: 15
Beginning to parse names!
Name: STRM_MARIOKART.bcstm
Name: STRM_MARIOKART_FB.bcstm
Name: STRM_MULTI_TRACK.bcstm
Name: SE_YOSHI.bcstm
Name: SE_YOSHI_FB.bcstm
Name: SE_WIHAHO.bcstm
Name: SE_WIHAHO_AUX.bcstm
Name: SE_SQUARE.bcstm
Name: SE_SIN440.bcstm
Name: SE_STEREO.bcstm
Name: SE_STEREO_FB.bcstm
Name: SE_3D_DOPPLER.bcstm
Name: SE_3D_NODOPPLER.bcstm
Name: SEQ_COIN.bcstm
Name: SEQ_JUMP.bcstm
Name: SEQ_LOOP.bcstm
Name: SEQ_CALL.bcstm
Name: SEQ_CALL_FB.bcstm
Name: SEQ_PORTA.bcstm
Name: SEQ_PORTA_TIME.bcstm
Name: SEQ_SWEEP.bcstm
Name: SEQ_MOD.bcstm
Name: SEQ_TIE.bcstm
Name: SEQ_MOVE_VOLUME.bcstm
Name: SEQ_SUPER_MARIO.bcstm
Name: SEQ_OPENTRACK.bcstm
Name: SEQ_BANK_SELECT.bcstm
Name: SEQ_MARIOKART.bcstm
Name: SEQ_MARIOKART_FB.bcstm
Name: WSDSET_VOICE.bcstm
Name: WSDSET_SE.bcstm
Name: SEQSET_SE.bcstm
Name: BANK_SE.bcstm
Name: BANK_SE2.bcstm
Name: BANK_BGM.bcstm
Name: WARC_SAMPLE.bcstm
Name: WARC_BGM.bcstm
Name: GROUP_BGM.bcstm
Name: DEFAULT_PLAYER.bcstm
Done!

theres a few effects, samples, and sequences there, including the mario kart theme you mentoned

PabloMK7 · Jan 3, 2018

The mario kart sounds are from Mario Kart 64

Deleted member 423843 · Jan 3, 2018

Alan Treecko said:
EDIT: read it again and you mentioned it being garbage data. it's not.

Thank you for correcting me, the tool I used gave me empty wave files.

Deleted member 423843 · Jan 4, 2018

I'll do some research with the WiFi-Test now. I'll rename my WiFi and check, what you can do there.

Update:
The test connects with WiFi ( S: N-WAP0001, P: N-WAP0000 ) and then tries to connect to TCP 192.168.11.2. This IP should belong to some debug hardware. I'll keep looking for a way to bind this IP adress in my network.

Deleted User · Jan 20, 2018

trainboy2019 · Jan 20, 2018

Doesn't that violate the NDA?

SirNapkin1334 · Jan 20, 2018

Yes! I have a pre-system initialization NAND backup of my N2DSXL (I mean that I have a backup made with NTRBoot & GM9 before turning the system on for the first time). I'll search through it. If we get the file from the NAND backup, and D9 says it's okay, what should we do?

PabloMK7 · Jan 20, 2018

SirNapkin1334 said:
Yes! I have a pre-system initialization NAND backup of my N2DSXL (I mean that I have a backup made with NTRBoot & GM9 before turning the system on for the first time). I'll search through it. If we get the file from the NAND backup, and D9 says it's okay, what should we do?

Posting your results here

SirNapkin1334 · Jan 21, 2018

PabloMK7 said:
Posting your results here

Okay. Will do it soon tomorrow morning.

Homebrew [Request] CTRAging (3ds debug app) research.

Well-Known Member

Well-Known Member

Red Yoshi! ^ω^

Well-Known Member

Well-Known Member

I wish I could read

Well-Known Member

Member

playing around in the end of life

Member

Member

GBATemp's official fanfiction disposer

Red Yoshi! ^ω^

Member

Member

Attachments

Deleted User

Guest

Well-Known Member

Renound Aritst

Red Yoshi! ^ω^

Renound Aritst

Similar threads

Popular threads in this forum