Hacking Official [Release] CakesFW

[thaikhoa]

unitinfo patch from icing, in case anyone else's interested. Good for 11.4 on O3DS. Can't say about N3DS, someone else would have to check because I don't have one, but if my assumption that the offsets haven't changed since at least 10.2 was correct, then it should also work there.

Hi, while you're around
Does the current cake support the latest 3DS firmware?
Thanks.

 

[BaamAlex]

Hi, while you're around
Does the current cake support the latest 3DS firmware?
Thanks.

I don't think so. All upcoming releases are in .firm format. Which this CFW doesn't use i think. And the only thing which B9S reads is a boot.firm on your SD Card or otherwise from the CTRNand if no SD Card is present. Or you install A9LH (which is not longer supported) on a lower Firmware.

 

[Ryccardo]

I don't think so. All upcoming releases are in .firm format. Which this CFW doesn't use i think.

The very newest versions of Cakes were compiled as .firm - however it wasn't updated for 11.8+ kernels (it may work anyway if the patches still line up but it's far from a given)

 

[Deleted-236924]

I can't do N3DS, so this is the most you'll get out of me.

Sauce, if anyone wants to use it as a base to add N3DS support later. Commit is a lie, I did some minimal testing, so I assume everything works. TWL and AGB patches don't need an update. I haven't touched 3ds_injector. For the time being, it's not ideal, but you can get region-free by using unitinfo patch with testmenu, or by using region-changed emunands (unitinfo patch should be working, haven't checked to see if 11.8 emunand works.)

Forgot to mention, this is the url for 11.8 O3DS firm.
You might be able to get the latest official release to work on 11.8+ by loading a 11.4 firm instead, but I can't guarantee that everything will work, especially for games or apps that could potentially be expecting 11.8 firm.

Edit: Just noticed that I fucked up the svcBackdoor patch for 11.8 earlier, I still haven't tested it in any way but anyone who got it should probably re-download it.

[Edit2: Latest version with 11.12 support on Github]

 

[0X29Adecay]

I can't do N3DS, so this is the most you'll get out of me.

Pretty sure this is the 11.8 N3DS firm.

 

[Deleted-236924]

Pretty sure this is the 11.8 N3DS firm.

Yes, but firmtool.py doesn't work with it, and since I don't have a N3DS I couldn't even begin to try and figure out offsets without it. So O3DS is the best I can do.

 

[Deleted-236924]

k, turns out N3DS firm has additional encryption that O3DS can't decrypt on its own. If I can work that out (or if someone else does it for me), I might be able to do something about it.

 

[0X29Adecay]

k, turns out N3DS firm has additional encryption that O3DS can't decrypt on its own. If I can work that out (or if someone else does it for me), I might be able to do something about it.

Tell me what to do and I will do it for you, I have a N3DS and I need this N3DS support.

--------------------- MERGED ---------------------------

k, turns out N3DS firm has additional encryption that O3DS can't decrypt on its own. If I can work that out (or if someone else does it for me), I might be able to do something about it.

Also, you might want to join the GodMode9 Discord server

 

[Deleted-236924]

Ok, put the 00000035 file in the cakes folder at the root of your SD, rename it to firmware.bin, and include the cetk in that same folder (rename any existing firmware.bin/firmkey.bin, if some are already present.)

When you boot Cakes, it should decrypt the firm and output firmware_unsupported.bin <-- On O3DS the additional layer of encryption is left untouched, on N3DS this *should* fully decrypt it.

Install Python 3 (I have 3.7.4) and get this Python script.

Place the firmware_unsupported.bin file in the same folder as the script. Open cmd (or terminal if you're on Linux) and navigate to the folder where you saved the script. Run "firmtool.py firmware_unsupported.bin search_native"

Copy the output and paste it on here.


I'm not able to decrypt it on GM9, even though I have the required files to deal with the encryption, so until that either gets fixed or I figure out what I'm doing wrong, I can't decrypt it on my own.

 

[0X29Adecay]

Ok, put the 00000035 file in the cakes folder at the root of your SD, rename it to firmware.bin, and include the cetk in that same folder (rename any existing firmware.bin/firmkey.bin, if some are already present.)

When you boot Cakes, it should decrypt the firm and output firmware_unsupported.bin <-- On O3DS the additional layer of encryption is left untouched, on N3DS this *should* fully decrypt it.

Install Python 3 (I have 3.7.4) and get this Python script.

Place the firmware_unsupported.bin file in the same folder as the script. Open cmd (or terminal if you're on Linux) and navigate to the folder where you saved the script. Run "firmtool.py firmware_unsupported.bin search_native"

Copy the output and paste it on here.


I'm not able to decrypt it on GM9, even though I have the required files to deal with the encryption, so until that either gets fixed or I figure out what I'm doing wrong, I can't decrypt it on my own.

Section:
    Offset: 0x00080700
    Address: 0x08028000
    Size: 0x0006DA54
Section:
    Offset: 0x00000200
    Address: 0x1FF00000
    Size: 0x00035800
    Hash: {0xC7, 0x09, 0x7B, 0x62, 0xB0, 0xFF, 0x5F, 0xCF, 0x75, 0xDC, 0xEF, 0x98, 0x50, 0xB4, 0xF0, 0x27, }
Section:
    Offset: 0x00035A00
    Address: 0x1FF80000
    Size: 0x00034000
    Hash: {0xF2, 0x3F, 0x31, 0x0E, 0xED, 0x9F, 0xB3, 0x13, 0x66, 0x5F, 0xFA, 0x40, 0xF8, 0x40, 0xC9, 0x28, }
Section:
    Offset: 0x00069A00
    Address: 0x08006000
    Size: 0x0008A400
    Hash: {0x03, 0xE2, 0x1F, 0x98, 0x1C, 0x8C, 0x76, 0xE7, 0x83, 0xAF, 0xBC, 0x9F, 0xD8, 0xC8, 0xEE, 0xDA, }

Signatures:
    patch1: 0x08062EF0
    patch2: 0x0805C62C
Emunand:
    sdmmc: 0x080F0AF0
    patch2: 0x0801B3D4
    patch3: 0x08077F40
    patch4: 0x08077F80
Reboot:
    patch1: 0x08084EA8
    fopen: 0x0805A070
    rebc: 0x0817F4FC
    patch2: 0x080947F4
Firmprot:
    patch1: 0x0804406E
Slot0x25keyX:
    setkey: 0x08056680
    unk: 0x0805ED54
    patch2: 0x080282F8

 

[Deleted-236924]

Cool stuff, that should be all I need.

 

[Deleted-236924]

Alright, @0X29Adecay please test as much of this as you can. Everything is completely untested for N3DS 11.8

For O3DS 11.8, reboot/signatures/unitinfo definitely work, the rest is untested. All of the main patches should in theory work, but unitinfo and svcBackdoor are not a guarantee.

I also included the patches for AGB and TWL, because why not.

 

[0X29Adecay]

Alright, @0X29Adecay please test as much of this as you can. Everything is completely untested for N3DS 11.8

It boots, sort of! I get the "mid-kid forgot to update the keydata again" message when I try to actually boot into the patched 3DS system software, though.

 

[Deleted-236924]

That makes a lot of sense, that being said I'm not sure how much I can do about it without having access to either a N3DS, or perhaps a few decrypted firms to look at.

So I'm going to take a gamble and hope that the offsets are still the same as they were on 11.4, so try this and see if it works. If it doesn't work, then I'll probably have to get my hands on a few decrypted firms of different versions at some point, so I can look at them.

 

[0X29Adecay]

That makes a lot of sense, that being said I'm not sure how much I can do about it without having access to either a N3DS, or perhaps a few decrypted firms to look at.

So I'm going to take a gamble and hope that the offsets are still the same as they were on 11.4, so try this and see if it works. If it doesn't work, then I'll probably have to get my hands on a few decrypted firms of different versions at some point, so I can look at them.

Unfortunately, no dice; it actually tries to boot into the patched 3DS system software, but it never actually loads.

 

[Deleted-236924]

Yeah, in that case the keys must be at a different offset. This is kind of a problem.

On the bright side, it looks like it's checking offsets in the firmware file itself, instead of checking memory offsets, so if I could get my hands on a few different firms, it might be as easy as comparing them.

But since that would take a while, you might as well try this one first, just in case my wild guess actually works. Probably won't, but hey, if it does, that'll be really cool.

 

[0X29Adecay]

But since that would take a while, you might as well try this one first, just in case my wild guess actually works. Probably won't, but hey, if it does, that'll be really cool.

While it would've been cool had it worked, your wild guess does not.

 

[Deleted-236924]

Unfortunate, but expected. btw I have no idea how any of this works, I'm only making guesses and hoping that it'll work. Let's see if we can figure this out.

 

[Deleted-236924]

I guess now I'll also have to update for 11.12, top kek. Nice timing.

 

[Deleted-236924]

O3DS 11.12 firm support, don't count on N3DS for now.

reboot, signatures, firmprot, and unitinfo should be working, the rest is untested. I've also retroactively checked, and 11.8 firmprot works, so yay.

Forgot to mention again, here is the url for 11.12 O3DS firm.

[Edit2: Latest version with 11.12 support on Github]