3ds.guide explanation

Discussion in '3DS - Flashcards & Custom Firmwares' started by Uumas, Apr 25, 2017.

  1. Uumas
    OP

    Uumas GBAtemp Advanced Fan

    Member
    662
    178
    Sep 17, 2016
    Finland
    This thread is trying to explain exactly what each step in https://3ds.guide/ does. This is NOT a guide, but something to help people who are interested to understand what all the things are. There will probably be some mistakes there, so please tell me if you notice wrong information or have other ideas how to make this thread better. I will credit everyone.

    Terms used:
    nand = 3ds internal memory
    downgrade = installing lower version system titles (opposite of update)
    a9lh = arm9loaderhax
    arm11 = the 3ds main cpu
    arm9 = the 3ds security cpu
    cfw = custom firmware
    arm9 payload = executable file which can be launched by the arm9 processor (SafeCTRTransfer, GodMode9 etc.)
    CIA= CTR Importable Archive (CTR is 3ds model name. Usually CIAs are installed to home menu. for example: All installable games, FBI, even the home menu itself)

    Homebrew Launcher (Soundhax)
    SafeCTRTransfer (Homebrew Launcher)
    Installing arm9loaderhax

    Credits:
    3dbrew for a lot of information
    @Plailect for the guide
    @Dionicio3 for correcting me about cias
    @PabloMK7 for correcting me about arm9 payloads
    @addi33 for giving better explanations for many things (Post #8)
     
    Last edited by Uumas, May 1, 2017
    pelago, DeoNaught and Acrux like this.


  2. Uumas
    OP

    Uumas GBAtemp Advanced Fan

    Member
    662
    178
    Sep 17, 2016
    Finland
    reserved
     
  3. Dionicio3

    Dionicio3 GBATemp's Official Skiddo™ | Founder of Skiddoism

    Member
    2,832
    3,671
    Feb 26, 2017
    United States
    Hollister, CA
    That is not entirely true, CIAs can be for system updates, keyboards, the home menu itself, and hidden system apps.
     
  4. Acrux

    Acrux Advanced Member

    Newcomer
    66
    162
    Apr 20, 2017
    Canada
    Earth
    Very helpful when noobs like me just start getting into hacking and see those terms but dont know what they exactly mean lol^_^.
     
  5. PabloMK7

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    993
    Feb 21, 2014
    World -1
    An arm9 payload not only can be launched with a9lh, but also with arm9 exploits (safehax)
     
    Uumas and Dionicio3 like this.
  6. addi33

    addi33 GBAtemp Advanced Maniac

    Member
    1,640
    701
    Sep 12, 2016
    Gambia, The
    CIA = CTR Importable Archive ( NOT 3ds App)
    CTR = Nintendo 3DS Unit Model Name
    Importable = something then can be injected into something else
    Archive = (in this case) Compressed files

    =

    CIA = CTR Importable Archive = Nintendo 3DS compatible, injectible bunch of compressed files.

    xD
     
  7. Uumas
    OP

    Uumas GBAtemp Advanced Fan

    Member
    662
    178
    Sep 17, 2016
    Finland
    Yes, I know, but couldn't find a way to explain it understandably. That's what they basically are after all. If someone can think of a way to explain it shortly so anyone would understand, please let me know.
     
  8. addi33

    addi33 GBAtemp Advanced Maniac

    Member
    1,640
    701
    Sep 12, 2016
    Gambia, The
    @Uumas I think I managed to fix your crappy explanations

    Terms used:
    nand = 3ds internal memory
    downgrade = installing lower version system titles
    a9lh = arm9loaderhax
    arm11 = the 3ds main cpu
    arm9 = the 3ds security cpu
    cfw = custom firmware
    arm9 payload = executable file which can be launched by the arm9 processor.
    cia
    = CTR Importable Archive


    • The Homebrew Starter Kit includes the Homebrew Launcher which is used to launch .3dsx executable files by having arm11 userland access
    • Soundhax is the arm11 userland exploits which launches the boot.3dsx executable
    • The otherapp payload is a payload file using ROP mechanics to bypass the Data Execution prevention and achieve arm11 userland access

    • 2.1.0 CTRTransfer image is a ctrnand partition dumped from another 3ds to overflash the current ctrnand partition
    • This is needed to get your 3ds' unique OTP file, which is required to install a9lh
    • SafeCTRTransfer will install the CTRTransfer image to your 3ds
    • safehax is an arm9 exploit needed to gain arm9 code execution to launch SafeCTRTransfer and achieve NAND R/W access
    • udsploit is an arm11 kernel exploit which is needed by safehax

    1. Launching udsploit achieves arm11 kernel access
    2. Get back to homebrew launcher
    3. Launching safehax will achieve arm9 access

    • aeskeydb.bin contains the private AES keys
    • data_input_v3.zip contains secret sector.bin plus firm0/firm1
    • arm9loaderhax is a persistant low level system exploit, exploiting a flaw in the consoles arm9loader to produce a garbarge kernel entrypoint using a bruteforced key which will let the arm9loader jump to a user placed arm9 executable file and launch it
    • Luma3DS is a signature patcher, which patches the systems signature checks to allow the installation of unsigned titles and also patching a lot more stuff, for example the syscall that overrwrites firm0/firm1 at system update. said syscall will return true without having performed its action, leaving our haxx payload secured on top of firm0
    • hblauncher_loader is an application that achieves arm11 userland exploit using ROP and launches a .3dsx executable file
    • GodMode9 is an AIO encryption/decryption tool, that ca access any partition on the systems nand and read / write (not all) from/to them
    • Luma3DS Updater is an application that replaces the arm9loader.bin payload using one of the current luma payloads
    • FBI is an application that manages titles, by taking advantage of the arm11 kernel
    • The Old 3DS 11.2.0-35 otherapp payload is needed because aurora wright simply used the best working ROP payload to gain arm11 userland by the hbl loader cia and implemented that into luma

    Section II - Installing arm9loaderhax


    1. web exploit to achieve arm9 kernel access to launch the safea9lhinstaller payload


    3. it will now dump your OTP to /a9lh/ folder and flash the haxx payload on top of the consoles firm0 partition
    (writes the haxx payload on top of firm0 to trigger the flaw in the arm9loader which causes said loader to jump to our arm9 payload (arm9loaderhax.bin))


    Section III - Configuring Luma3DS

    You'll get black screen or error, because Luma doesn't support 2.1 nfirm

    Section IV - Restoring the System

    1. The chainloader menu allows you to boot to some other arm9 payload instead of the firmware
    Section V - Injecting FBI
    1. Going to GodMode9 again
    2. This time we'll replace stock Health & Safety .app with FBI'S .app file which exchanges the applications core
    Section VII - Restore Health and Safety
    1. Going to GodMode9 once again
    2. Now we'll restore stock Health & Safety's .app file and copy Luma3ds's arm9 payload to the root of the ctrnand partition
     
    Last edited by addi33, Apr 25, 2017
    Dionicio3 and Uumas like this.
  9. Uumas
    OP

    Uumas GBAtemp Advanced Fan

    Member
    662
    178
    Sep 17, 2016
    Finland
    Thanks. When I get to my computer (probably tomorrow), I will update the OP
     
    addi33 likes this.
  10. Majickhat55

    Majickhat55 Jabberwocky Slayer

    Member
    2,840
    1,325
    Mar 28, 2016
    United States
    Underland
    While I think things like this may be useful, too many of you go into way too much detail when it comes to explaining vs in laymans terms. If you're going to make an explanation post, you need to do it in a way that's not going to lead to more confusion. I.e. They don't need to know how it works, only what it can/can't do and why they may or may not have a use for it.

    It's starting to get to the point where when half of you are trying to help the noobs you make it worse by confusing them further. Most of them have no idea what you're talking about, nor do they care. They only want to know what things do, and how they can use them. Telling them about the Arm9 sys protocols and how they work is doing nothing. Sorry I used your post as a vent, BUT it's getting to the point where every other post ends up in "dev talk" as I call it, vs trying to explain things in the simplest way for the majority to understand.
     
    McWhiters9511 likes this.
  11. Uumas
    OP

    Uumas GBAtemp Advanced Fan

    Member
    662
    178
    Sep 17, 2016
    Finland
    I said in the beginning of the OP that this is for people who are interested
     
  12. Majickhat55

    Majickhat55 Jabberwocky Slayer

    Member
    2,840
    1,325
    Mar 28, 2016
    United States
    Underland
    You know like instead of saying things like NAND = 3DS internal memory, you can say NAND = System OS/ EmuNAND = Copy of System OS. See? Now people know what you mean, regardless if they understand what it is and how it works. That isn't necessary if they aren't asking for more detail, and while it may be not be the exact definition (Sig Patcher vs CFW) it's understood as the same thing by noobs in the community.

    — Posts automatically merged - Please don't double post! —

    Alright well, in that case your explanations were too bare bones to explain anything. Why not go into full detail about what they are, what they do, and how they work vs saying "this is this, that is that"?
     
  13. GerbilSoft

    GerbilSoft GBAtemp Addict

    Member
    2,023
    2,221
    Mar 8, 2012
    United States
    Except that's wrong. The 3DS NAND *is* the internal memory. The system itself calls it "System Memory".

    NAND = internal memory. This is where the OS and important files are located.
    EmuNAND = copy of NAND located on the SD card.
     
    gnmmarechal likes this.
  14. Uumas
    OP

    Uumas GBAtemp Advanced Fan

    Member
    662
    178
    Sep 17, 2016
    Finland
    The thing is you can either explain it in a very easy to understand way or exactly correct way. I have decided to go with correct, but if anyone wants to do one that's easier to understand, I have nothing against that
     
  15. Majickhat55

    Majickhat55 Jabberwocky Slayer

    Member
    2,840
    1,325
    Mar 28, 2016
    United States
    Underland
    I never said it was correct in those terms, yes it IS the internal memory but the OS is still installed to the NAND so for noobs sake they CAN be considered the same as the OS. That's the point I was making. Also same reason why I compared it to the sig patcher/CFW argument. Splitting hairs for the sake of it, isn't helping noobs. If the threads purpose was to explain in detail, it didn't do that well either. Sorry I'm just confused on the target audience of this post....
     
  16. gnmmarechal

    gnmmarechal Kirigiri > Naoto

    Member
    GBAtemp Patron
    gnmmarechal is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,477
    2,663
    Jul 13, 2014
    Portugal
    https://gs2012.xyz
    a CTR Importable Archive is an importable/installable package for the 3DS. That is all it is. I believe that is more accurate of an explanation.

    No, it can't. You can't teach noobs wrong definitions just because they're noobs.
     
  17. Majickhat55

    Majickhat55 Jabberwocky Slayer

    Member
    2,840
    1,325
    Mar 28, 2016
    United States
    Underland
    It's not wrong per se, the OS is installed to the NAND which is the internal memory. Regardless, a noob is going to understand it AS the OS, and nothing more. If they were more curious or tech savvy, they may be interested further. To help a noob you have to think like one, half of them don't even know what the root of their SD card is, I don't expect them to care one way or the other. That's why I was asking. As long as they know what things DO, and what they can do with them, very little care about the how. So no, I wasn't saying give misinformation on purpose, I was saying give half-information until they understand enough to go into full detail.
     
  18. GerbilSoft

    GerbilSoft GBAtemp Addict

    Member
    2,023
    2,221
    Mar 8, 2012
    United States
    And this is why we end up with people who think the hard drive is the "operating system" - or worse: the hard drive is the computer tower. (Source: /r/talesfromtechsupport)
     
    Nisem0n0, gnmmarechal and TheKingy34 like this.
  19. Majickhat55

    Majickhat55 Jabberwocky Slayer

    Member
    2,840
    1,325
    Mar 28, 2016
    United States
    Underland
    I was just saying, most people just use things, they don't care how they work. It's better to call a cottonmouth a snake rather than Agkistrodon piscivorus and expect people to know what you're talking about.
     
  20. vinstage

    vinstage ラメ?

    Member
    452
    683
    Jan 24, 2017
    United Kingdom
    You can't teach noobs wrong terms because they're noobs. That literally defies the purpose of this thread, helping them understand, not teaching them wrong things.
    If you teach someone something that's wrong then, what's the point of teaching them at all?
    The target audience is well met imo, and it helps clear up some definitions on what certain items are. Also, it states for people interested... some people will only want to follow the guide and use their CFW, others may want to understand it a little more. Teaching them something wrong isn't going to help that from my perspective.
     
    gnmmarechal likes this.