Hacking Official [Release] CakesFW

mid-kid · Aug 15, 2015

Wintice said:
If I dump it from the sysnand 9.1 and succeed to extract firm0. It can't be used for 9.5 emuNand, right?

Yes. It can only be used for 9.1 sysnand or emuNAND (not 9.5).

--------------------- MERGED ---------------------------

bache said:
Forgive me for the spoonfeeding, but how would I go about viewing the filesystem of my NAND dump? Is there a program that allows for this already, or would it need to be made from scratch? I ask as I don't own a copy of CN, so I can't dump the CTR partitions, at least not until rxTools fixes their decryption tools for N3DS users.

There's no filesystem I'm aware of (except the fat16 partition, but that's a whole other thing), but the firm0 partiton is located at a specific location in the file (or the location can be calculated). I don't know where exactly, though.

Wintice · Aug 15, 2015

mid-kid said:
Yes. It can only be used for 9.1 sysnand or emuNAND (not 9.5).

--------------------- MERGED ---------------------------

There's no filesystem I'm aware of (except the fat16 partition, but that's a whole other thing), but the firm0 partiton is located at a specific location in the file (or the location can be calculated). I don't know where exactly, though.

Thanks a lot.

jasjeet · Aug 15, 2015

Whats code.bin for?

This is what i have done so far, hope im on the right track. I have a 9.2-20EU 3DS XL, i dont own any flashcarts/cubic ninja/OoT.

Cakes files:
3ds folder
cakes folder: patches, firmkey.bin
Cakes.dat
firmware.bin
slot0x25KeyX.bin
Launcher.dat (Gateway)

1.
Open your 3DS/2DS internet Browser and go to http://go.gateway-3ds.com/
Then, navigate to "backup system nand" and make your nand backup.
Then, turn off your 3DS and copy your nand.bin from the SD card to somewhere safe on your PC!
Then, make a copy of your whole SD card onto your pc. (If you don't do this you will lose all your save data, downloads, etc. on your SD card!)

2.
Open your 3DS/2DS internet Browser and go to http://go.gateway-3ds.com/ again.This time go to "Format Emunand". Let it complete, may take a few minutes (no more than 10 minutes).
Once it is complete, turn off your 3DS/2DS.

3.
Copy the backup of the SD Card taken in step 1 back to the SD Card.

Now i need to boot CakesCFW using Spider exploit in the web browser. What do i do from there? I believe i saw an option to boot it into EmuNAND. Will this initiliase EmuNAND and then run the CFW inside that? This is a safety net as i understand?

Wintice · Aug 15, 2015

mid-kid said:
Yes. It can only be used for 9.1 sysnand or emuNAND (not 9.5).

--------------------- MERGED ---------------------------

There's no filesystem I'm aware of (except the fat16 partition, but that's a whole other thing), but the firm0 partiton is located at a specific location in the file (or the location can be calculated). I don't know where exactly, though.

I am trying to get the firm0, but it's much larger than the firmware.bin used for o3ds, one is 8MB and the other is 943KB.
I got the firm0 according to :http://3dbrew.org/wiki/Flash_Filesystem
Did I misunderstand something?

jasjeet · Aug 15, 2015

Also is there any indication like RXTools that you are in EmuNAND before updating?

How do i do the equivalent of this in Cakesfw? There is hardly any info!

Step 11: Almost done! Now we just need to setup the app/package so that we can actually install roms/eshop games/dlc onto our emuNAND!
Get to the rxtools menu by using method mentioned in step 7. Hold R when the splashscreen pops up to get into the menu.
Go to advanced options ->Install FBI -> emuNAND -> Check TMD Only. Note down the Region and TMD Version it shows here.
Turn off 3DS now, we need to transfer some files onto SD card.
Go to the rxtools folder "fbi_injection/[YOUR region]/[YOUR TMD version]" folder and copy the "fbi_inject.app" and "fbi_inject.tmd" files to the SD card root dir.
We also need to put the FBI.cia file from the FBI we downloaded earlier into the SD card.

Specifically, how do i get into this special menu (like in rxtools you hold R)?

b1l1s · Aug 15, 2015

jasjeet said:
Whats code.bin for?

That's for installing the NVRAM rop for the profile settings exploit using spider. See the op for the link/QR to use it.

jasjeet said:
Also is there any indication like RXTools that you are in EmuNAND before updating?

There's none. This is a CFW for the brave ones (for now)

jasjeet said:
How do i do the equivalent of this in Cakesfw? There is hardly any info!

No one is nice enough to write one for us, though the steps in the OP should be enough.

jasjeet said:
Specifically, how do i get into this special menu (like in rxtools you hold R)?

There is no special menu, if you've never booted CakesFW before or haven't setup autoboot, the normal patch selection menu will always show up.
As for FBI installation you'll have to use rxTools for now there's just no way around it.

Wintice said:
I am trying to get the firm0, but it's much larger than the firmware.bin used for o3ds, one is 8MB and the other is 943KB.
I got the firm0 according to :http://3dbrew.org/wiki/Flash_Filesystem
Did I misunderstand something?

Did you got it from rxTools? Yeah the size is larger since rxTools dump the whole partition.

Now here's the thing, our loader loads the encrypted FIRM but a dump/extraction from nand is decrypted. So you'll have to encrypt it first before using it. Another problem is that the loader expects an ncch containing the FIRM but the one from the partition is the actual FIRM. So using the FIRM from a nand dump is not as easy as it sounds.

thaikhoa · Aug 15, 2015

Hi @b1l1s
Cakes_85 is the latest compiled version of CakesFW, isn't it? Thanks for keep making Cakes.

Wintice · Aug 15, 2015

b1l1s said:
That's for installing the NVRAM rop for the profile settings exploit using spider. See the op for the link/QR to use it.

There's none. This is a CFW for the brave ones (for now)

No one is nice enough to write one for us, though the steps in the OP should be enough.

There is no special menu, if you've never booted CakesFW before or haven't setup autoboot, the normal patch selection menu will always show up.
As for FBI installation you'll have to use rxTools for now there's just no way around it.

Did you got it from rxTools? Yeah the size is larger since rxTools dump the whole partition.

Now here's the thing, our loader loads the encrypted FIRM but a dump/extraction from nand is decrypted. So you'll have to encrypt it first before using it. Another problem is that the loader expects an ncch containing the FIRM but the one from the partition is the actual FIRM. So using the FIRM from a nand dump is not as easy as it sounds.

I've noticed the description about "encrypted" firm.So actually I'm trying to extract firm0 from a original nand image bin. Does this way work?
And I've read the pm, thanks a lot.

b1l1s · Aug 15, 2015

thaikhoa said:
Hi @b1l1s
Cakes_85 is the latest compiled version of CakesFW, isn't it? Thanks for keep making Cakes.

It is the latest yes.

Wintice said:
I've noticed the description about "encrypted" firm.So actually I'm trying to extract firm0 from a original nand image bin. Does this way work?
And I've read the pm, thanks a lot.

It's a different encryption, the one that CakesFW strips out is the cdn encryption (which is why we require the firm key). The one you're talking about is the nand's encryption. Both uses different methods and keys.

*For anyone who wants to get their own firm (for collection/archiving or for use with CakesFW) a method that is easier is probably by using rxTools system title dumper. The firmware should be included inside the ncch. So you just have to encrypt it with the firm key (the one we are using for CakesFW works, AES-CBC, iv: all zeroes see 3dbrew for more info).

Wintice · Aug 15, 2015

b1l1s said:
It is the latest yes.

It's a different encryption, the one that CakesFW strips out is the cdn encryption (which is why we require the firm key). The one you're talking about is the nand's encryption. Both uses different methods and keys.

*For anyone who wants to get their own firm (for collection/archiving or for use with CakesFW) a method that is easier is probably by using rxTools system title dumper. The firmware should be included inside the ncch. So you just have to encrypt it with the firm key (the one we are using for CakesFW works, AES-CBC, iv: all zeroes see 3dbrew for more info).

Oh, so silly I am...All right.Let me try it.

Shadowtrance · Aug 15, 2015

b1l1s said:
It is the latest yes.
*For anyone who wants to get their own firm (for collection/archiving or for use with CakesFW) a method that is easier is probably by using rxTools system title dumper. The firmware should be included inside the ncch. So you just have to encrypt it with the firm key (the one we are using for CakesFW works, AES-CBC, iv: all zeroes see 3dbrew for more info).

You can get it from the respective title cia file too as i found out the other day.

this command does the trick... ctrtool.exe -p -t cia --contents=content "ciafile.cia"

Wintice · Aug 15, 2015

Shadowtrance said:
You can get it from the respective title cia file too as i found out the other day.
this command does the trick... ctrtool.exe -p -t cia --contents=content "ciafile.cia"

Oh really? Another way to try...I've got the cia files earlier.

b1l1s · Aug 15, 2015

Shadowtrance said:
You can get it from the respective title cia file too as i found out the other day.
this command does the trick... ctrtool.exe -p -t cia --contents=content "ciafile.cia"

Yup. If you have the cia backed up this is the easiest.

Wintice said:
Oh really? Another way to try...I've got the cia files earlier.

Don't delete them ever.

jasjeet · Aug 15, 2015

b1l1s said:
That's for installing the NVRAM rop for the profile settings exploit using spider. See the op for the link/QR to use it.

There is no special menu, if you've never booted CakesFW before or haven't setup autoboot, the normal patch selection menu will always show up.
As for FBI installation you'll have to use rxTools for now there's just no way around it.

Ok i just use rxtools instead of cakesFw now. Works fine. Now whats NVRAM and ROP lol. So many assumptions are taken in 90% of these guides. Its worse than the linux forums hah.

thaikhoa · Aug 15, 2015

My 2DS can't run Cakes_85 says "Unsupported EmuNand" (Cakes_50 and rxTools work fine)

Wintice · Aug 15, 2015

It works!I can use CakesFW on my N3DS now.
Thanks to @b1l1s,@Shadowtrance ,@mid-kid. I got my "firmware.bin" finally.

A little problem is that: in the emuNand system, I luanch the "Option" app, just to see the version number as "VerXXXXX", NOT "CakesXXXXX"(which surprise me

and makes the cfw not cute enough,lol).

Zap Rowsdower · Aug 15, 2015

b1l1s said:
@Zap Rowsdower I added a new cake (addresses from @Reisyukaku), which should do what you asked, albeit with a more troublesome method than what you're probably used to.
The cake allows you to boot an n3ds 9.2 firmware.bin (if you can find it ) into sysnand. You'll have to wait until the next release though. Hopefully by that time I can add a way to load the native firm from the firm partition (if @mid-kid agrees) or pasta-style firm patch+reboot. Again no promises that either will be implemented.

I kept a full NUS 9.2 N3ds update, so hopefully I can figure it out through ctrtool and eventually get Ninjhax 1.1 running. Thanks again to you guys and Reisyukaku for everything you've done!

b1l1s · Aug 15, 2015

thaikhoa said:
My 2DS can't run Cakes_85 says "Unsupported EmuNand" (Cakes_50 and rxTools work fine)

What's your nand type?
We modified the emunand detection for compatibility with n3ds, the current one reads the nand size and uses that to figure out where your emunand ncsd header is. Admittedly it's a new way of doing it so we could have missed something.

Zap Rowsdower said:
I kept a full NUS 9.2 N3ds update, so hopefully I can figure it out through ctrtool and eventually get Ninjhax 1.1 running. Thanks again to you guys and Reisyukaku for everything you've done!

Lucky you have the full update

. Please check with @bache if you need the new build with 9.2 support.

Zap Rowsdower · Aug 15, 2015

b1l1s said:
Lucky you have the full update . Please check with @bache if you need the new build with 9.2 support.

Yea I was pretty happy when I saw that I had kept that. I imagine I'll probably be sending that somewhere at some point... erm, I mean NOT doing that... because that would be wrong.

I figured as much with bache. I've been waiting for a response from him, but I went ahead and I think got my firmware.bin ready, and I compiled the latest commit, but just haven't tried it yet.

Zap Rowsdower · Aug 16, 2015

Close, but no cigar. Getting 'failed to decrypt firmware.bin' after I ran that .cia through that ctrtool command. So, I'm going to have to wait.

Hacking Official [Release] CakesFW

GBAtemp spamBOT

Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum