ROM Hack Question XCI hacking problem - should I also patch npdm file?

[SwitchMods]

As a fun project I've written an homebrew (a simple hello world) with the intent to inject it inside a XCI.
So what I did:
1) compiled my code and obtained my main.nso
2) using hactool I've extracted one of my XCI
3) still using hactool I've extracted the exefs/romfs from the corresponding NCA
4) I've deleted the original main (nso) and I've put my main (nso)
5) I've rebuilt the NCA using hacpack
6) I've rebuild the XCI using hacbuild

Now, I can mount the XCI without any problem, but when I start it I get a generic error. I've the suspect that I've to path the main.npdm file inside the exeFS, but there might be more to patch elsewhere. Or maybe I've to generate some meta for the new NCA?

Any informations to share? thanks

 

[Bigjokker]

For a working XCI/NSP you need a minimum 3 NCAs a Control, Program and a meta.

 

[SwitchMods]

For a working XCI/NSP you need a minimum 3 NCAs a Control, Program and a meta.

How is the meta nca generated? Maybe I need to generate a new meta for my customized program nca. Also are the name of ncas meaningful?

 

[Bigjokker]

Using hacpack-GUI select the meta nca tab. Select the Program NCA browse button and select your Program NCA. Select the Control NCA browse button and select your Control NCA. Then Build Meta NCA.

I never changed the NCA name but if I had to guess it would cause some problems.

 

[JRoad]

4 for an xci, but i did put a fix in my topic https://gbatemp.net/threads/xci-builder.516977/page-10
And will post an updated version of hacbuild during the weekend that will do more than 4nca in secure.
And you actually can build with 2nca, although it'll be a placeholder. I'll add a placeholder function to my builder too.

Take into mind that this is a quick fix that won't go in the main line since i'll update my builder during the weekend.

 

[SwitchMods]

Thanks both @Bigjokker and @JRoad for your replies!

The XCI I'm working on have 4 NCAs in the secure partition (one is EXEFS/ROMFS, one is meta, and idk what are the other two). How can I find which one is the Control NCA?

Many thanks!

EDIT: Nvm, I found that I can check the content type using the -i option in hactool!

So the NCAs are:

1) ExeFS/RomFS
2) RomFS
3) Control
4) Manual

When using hackpack to build the meta: Program NCA is the first one, Control NCA in the 3rd one. Then is "Legal Informations" NCA the 4th one? and is "Data NCA" the 2nd one?

 

[JRoad]

Thanks both @Bigjokker and @JRoad for your replies!

The XCI I'm working on have 4 NCAs in the secure partition (one is EXEFS/ROMFS, one is meta, and idk what are the other two). How can I find which one is the Control NCA?

Many thanks!

EDIT: Nvm, I found that I can check the content type using the -i option in hactool!

So the NCAs are:

1) ExeFS/RomFS
2) RomFS
3) Control
4) Manual

When using hackpack to build the meta: Program NCA is the first one, Control NCA in the 3rd one. Then is "Legal Informations" NCA the 4th one? and is "Data NCA" the 2nd one?

Data is for the dlcs.
1. Program
2. Control
3. Manual/Legal
4. Meta > linking the other 3.

 

[SwitchMods]

Data is for the dlcs.
1. Program
2. Control
3. Manual/Legal
4. Meta > linking the other 3.

Yeah it was obvious xD Sorry for not having figured out immediately! Thanks you

Anyway I've an update:
I tryied to extract the exefs, romfs, etc, then repack them and generate a new meta (but without editing the contents of exefs) and after repacking the xci, I can boot it successfully
The problem now is when I swap the original main (nso) with my own main (nso) in exefs... after doing this, the xci refuse to boot.......
I have the suspect that I can't just swap the main executable without generating a valid main.npdm file... right?

 

[JRoad]

Data is for the dlcs.
1. Program
2. Control
3. Manual/Legal
4. Meta > linking the other 3.

exefs/romfs is the program one. You didn't check the nca types when extracting?

Yeah it was obvious xD Sorry for not having figured out immediately! Thanks you

Anyway I've an update:
I tryied to extract the exefs, romfs, etc, then repack them and generate a new meta (but without editing the contents of exefs) and after repacking the xci, I can boot it successfully
The problem now is when I swap the original main (nso) with my own main (nso) in exefs... after doing this, the xci refuse to boot.......
I have the suspect that I can't just swap the main executable without generating a valid main.npdm file... right?

Yeah I think you need a new .npdm but I can't help you with that one.

 

[SwitchMods]

exefs/romfs is the program one. You didn't check the nca types when extracting?

Yeah I did, but was in a hurry this afternoon sorry

Yeah I think you need a new .npdm but I can't help you with that one.

Okay I'm going to study a method to generate a valid .npdm... What about the other files in exeFS: rtld, sdk and subsdk0? should I patch them too?

When I'll be done, I think I'll write a tutorial so other ppl can mod/hack their xcis too

 

[Bigjokker]

Okay I'm going to study a method to generate a valid .npdm... What about the other files in exeFS: rtld, sdk and subsdk0? should I patch them too?

When I'll be done, I think I'll write a tutorial so other ppl can mod/hack their xcis too

To get you started Switch-tools-https://github.com/switchbrew/switch-tools can be used to create your npdm file.

rtld, sdk and subsdk0 files belong to the original games Main. You can just delete them.

 

[SwitchMods]

To get you started Switch-tools-https://github.com/switchbrew/switch-tools can be used to create your npdm file.

Thanks. I've compiled the source, and I've figured out that it needs a json to build a npdm. I've dumped the original game npdm to json (using hactool) but now I don't know how to proceed. There is a list of permissions and a list of syscalls, but idk which one my helloworld homebrew requires. Uhmmm..

Also, as a side note, I've found that there is also another folder called "normal" that contains another copy of the game manual nca and a meta nca (I've replaced this one with the one that I've generated and copied to secure, right?)

EDIT: I was thinking.... is there anything that I should patch/edit inside the control nca also? (I'm asking this because I saw a .nacp file inside this nca, and libnx generated a .nacp file for me when I biult my homebrew)

 

[Bigjokker]

Thanks. I've compiled the source, and I've figured out that it needs a json to build a npdm. I've dumped the original game npdm to json (using hactool) but now I don't know how to proceed. There is a list of permissions and a list of syscalls, but idk which one my helloworld homebrew requires. Uhmmm..

Also, as a side note, I've found that there is also another folder called "normal" that contains another copy of the game manual nca and a meta nca (I've replaced this one with the one that I've generated and copied to secure, right?)

If your don't have the game installed on your system then you can keep the same titleID in the npdm and not have to rebuild one. The normal folder can be empty. Just delete and put everything in the secure folder.

You can open the control.nacp file with a hex editor and rename the game title to "Hello World" and the icon_AmericanEnglish.dat is just a 256x256 jpg. You can change that to any pic you like.

 

[SwitchMods]

If your don't have the game installed on your system then you can keep the same titleID in the npdm and not have to rebuild one. The normal folder can be empty. Just delete and put everything in the secure folder.

You can open the control.nacp file with a hex editor and rename the game title to "Hello World" and the icon_AmericanEnglish.dat is just a 256x256 jpg. You can change that to any pic you like.

@Bigjokker thank you. All your help is really appreciated. So the nacp file is not "crucial" for booting the game... I'll leave it as it is for the moment. And I'm glad that you confirmed that the normal folder is correctly configured.

If your don't have the game installed on your system then you can keep the same titleID in the npdm and not have to rebuild one.

Uhm, I haven't understood this part. The game I'm hacking is currently installed on my switch, and when I try to boot with the hacked xci I get memory permission error (matching my error code with the switchbrew list), so well I think that npdm need to be patched...
I can ofcourse try to remove the original game from my switch and run it with the hacked xci, but I doubt I'll be able to boot without a patched npdm

I know that I'm abusing your patience, but do you know if there is a way to autogenerate an npdm with only my main.nso? Thank you very much

 

[Bigjokker]

@Bigjokker thank you. All your help is really appreciated. So the nacp file is not "crucial" for booting the game... I'll leave it as it is for the moment. And I'm glad that you confirmed that the normal folder is correctly configured.

The only crucial thing about the nacp file is it contains the titleID in it(in little-endian). If the titleIDs don't match up then you will run into errors.

Uhm, I haven't understood this part. The game I'm hacking is currently installed on my switch, and when I try to boot with the hacked xci I get memory permission error (matching my error code with the switchbrew list), so well I think that npdm need to be patched...
I can ofcourse try to remove the original game from my switch and run it with the hacked xci, but I doubt I'll be able to boot without a patched npdm

I know that I'm abusing your patience, but do you know if there is a way to autogenerate an npdm with only my main.nso? Thank you very much

What I mean is if the Original game is already installed on your system then that titleID is being used for that game. You can't install your hello world program with that titleID because it will conflict with the game.

As long as the titleID is not being used you should be able to use npdm.

 

[SwitchMods]

The only crucial thing about the nacp file is it contains the titleID in it(in little-endian). If the titleIDs don't match up then you will run into errors.

I haven't touched the original nacp file so I should be good (I've just swapped the main.nso with my own main.nso, and afaik the nso have no titleid nor check the titleid)

What I mean is if the Original game is already installed on your system then that titleID is being used for that game. You can't install your hello world program with that titleID because it will conflict with the game.

As long as the titleID is not being used you should be able to use npdm.

Well, I'm usign XCI here (not nsp) so what I can do is removing the software from the horizon main screen. Anyway I've already done that, and I still get the same error as before (that is according to switchbrew "
Process already started/Wrong memory permission?"). I'm still convinced that the problem is in the npdm that I'm using (the original one), because ofcourse the original nso have different permissions/attributes than my homebrew. I think that the only way to be able to boot is to create a proper npdm.

Well, thank you very much for all your help @Bigjokker ! I really appreciated it

 

[SwitchMods]

A quick update for all ppl that are following this adventure.

I was eventually able to generate a valid npdp (and I'm 100% sure that it is working because I tried it with the original nso), but the kernel panic is still there (when using my nso). So I tried many other nso from other homebrews, and every one gave me the same kernel panic. Uhmmmm.....

Well tomorrow I'll try to create an xci from scratch using an nso from an actual NSP game. If I'll succeed, then I'll raise my suspect that there might be some bug in libnx that generate invalid/corrupted NSO and that's the reason of the kernel panic. We will see...

 

[SwitchMods]

Good news: I managed to make it to boot! I mean, I used the executable o metal slug injected in street fighter and it works!

No, the bad news: I'm almost sure now that there is a bug in the NSO generated by libnx (devkitpro), because these are the only executables that cause the kernel panic when booting.

@Bigjokker what do you think we should do? Should we report this bug to libnx devs?