ROM Hack 3DS ROM Tool: rom_tool

3DSGuy

No longer in scene
OP
Member
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
What Is rom_tool?

'rom_tool' is a tool designed to check/manipulate CTR Cartridge Image (CCI) files, mainly for use with Gateway 3DS and associated clones. CCI files are better known to the 3DS Scene as 3DS ROM Dumps, but as "CCI" is the correct term, I'll be using it in place of "ROM".

What Can Be Done With rom_tool?

Main uses:
  1. Read CCIs, and print information about them, including actual CCI data size, and minimum required 3DS FW etc.
  2. Reduce the size of CCIs, by removing unused bytes (CCI Trimming), and be able to restore them again (CCI Restoring).
  3. Extract the partitions from CCIs.
CCI trimming and un-trimming is tested(to trim and un-trim correctly), and works with all CCI sizes, large(4GB) and small(128MB).

NOTE: You can remove about 30MB extra from a CCI by removing the update data(in versions prior to rom_tool 3.0, this was referred to as "Super Trimming"). However unlike regular CCI trimming, this is a PERMANENT modification, and cannot be reversed. So use with caution and only when space is scarce. CCIs which have had their update data removed will only work with Gateway3DS v1.1 and above.

Predicting CCI Compatibility with 3DS Flashcards (R4i Gold 3DS Deluxe 2.0 / Gateway Firmware 1.2):
Use rom_tool to view CCI Info. If any of the following are true, then the CCI will not work:
  1. If "Media Type:" is "CARD2" (Flashcards can currently only emulate cards of type CARD1)
  2. If "SDK Version:" is "5.0.0 Release" or greater. (Firmwares < 5.0.0-11X, fail with the new format)
Predicting CCI Compatibility with 3DS Flashcards (R4i Gold 3DS Deluxe 3.0 / Gateway Firmware 2.0B1):
Use rom_tool to view CCI Info. If any of the following are true, then the CCI will not work:
  1. If "Media Type:" is "CARD2" (Flashcards can currently only emulate cards of type CARD1)
Using rom_tool

As rom_tool is a command line tool, you need to put "rom_tool" into the same directory as your CCI dumps. Then you need to open a command window (or terminal if your using MAC OS X) in that directory (search google for how to do this). Once you've done that you are ready to use rom_tool. Command line usage:

View CCI Info:
rom_tool -i Test.3ds

View CCI Partition Info:
rom_tool -p Test.3ds

Extract CCI Partitions:
rom_tool -x <directory for extracted files> Test.3ds

Trim CCI:
rom_tool -t Test.3ds

Restore CCI (Untrim):
rom_tool -r Test.3ds

Remove Update Data from CCI:
rom_tool -u Test.3ds

GUI - 3DSExplorer

Eli Sherer already implemented the basic features of rom_tool into 3DSExplorer. But I decided to implement all of rom_tool v3.1, and decided to improve 3DSExplorer while I was doing it. I based it on Eli Sherer's most recent release which has unfortunately has broken Ticket/TMD code, which I noticed after finishing the modifications. Using 3DSExplorer is easy, if you can get access to CCI dumps, you will be able to use 3DSExplorer.

Executable package and source code links are in the download section. My C# isn't the best, I mainly write in C, so don't be surpised if you find some hacky work a rounds in there.
* Automatic detection of CSU/CCI and CXI/CFA
* Writable Region can be saved from full sized CCI CARD2 dumps.
* The logo can be saved from SDK 5.0.0+ CXIs
* "CCI" Tab only appears if the CCI can be trimmed/restored
* Detects NCSD/NCCH data in the same way as rom_tool
* CIA displays Meta Dependency list properly.
* Various NCSD/NCCH Structures updated
* ICN Flags read properly.
Donwload Links

rom_tool (command line tool):
Executable (Windows 32/64-bit and Mac OS X): FileTrip (v3.1 Released: 8/11/13)
Source Code: GitHub

Modified 3DSExplorer (GUI):
Executable (Windows 32/64-bit): Dropbox
Source Code: GitHub

Release Notes
  1. rom_tool currently fails on Linux.
  2. When compiling on Windows, use MinGW.
Screenshots

32469-MacScreen1.png
32469-WindowScreen1.png
 

Devin

"Local Hardware Wizard"
Member
Joined
Aug 17, 2009
Messages
5,954
Trophies
1
Age
27
Location
The Nexus
XP
4,133
Country
United States
Wow, so this could be used to patch the 3DS roms so that once newer ones with a newer firmware comes out we could patch them and not have to update?

If so sweet, if not still pretty neat. Bookmarked.
 
  • Like
Reactions: Margen67

3DSGuy

No longer in scene
OP
Member
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
Wow, so this could be used to patch the 3DS roms so that once newer ones with a newer firmware comes out we could patch them and not have to update?

If so sweet, if not still pretty neat. Bookmarked.
Well since you're getting a review copy, you'll be able to test the ROM trimming and "required FW patch" features, before any of us.
 

3DSGuy

No longer in scene
OP
Member
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
Will do. Also out of curiosity what other bits of the ROM aren't covered by the header signature?
Data from 0x200 - 0x1200 in the ROM image. So that would be(for retail ROMs):
  1. Card Info
  2. Size of ROM actually used
  3. CVer TitleID
  4. CVer Title version
  5. Data relating to the First partition in the ROM (executable partition)
 

PsyBlade

Snake Charmer
Member
Joined
Jul 30, 2009
Messages
2,204
Trophies
0
Location
Sol III
XP
454
Country
Gambia, The
I think you should manipulate a single file instead of using one for input and output
- you can then truncate for trimming which is much faster
- untrim is abit faster too since you need to write less (<50% vs. >50%)
- makes it easier to manipulate multiple roms with one command
- saves the backup space for people who use a COW FS (well I guess thats not that important if its mainly used on windows)
 
  • Like
Reactions: McHaggis and 3DSGuy

Mementos

Well-Known Member
Newcomer
Joined
Jun 2, 2013
Messages
54
Trophies
0
Age
31
XP
53
Country
Gambia, The
What if they just cover the minimun Firmware data in future roms by header signature? :P Or isnt that possible? (tho this feature could be useless, before its really usefull, or?) :/
Anyway, great work!
 

Mementos

Well-Known Member
Newcomer
Joined
Jun 2, 2013
Messages
54
Trophies
0
Age
31
XP
53
Country
Gambia, The
in future versions they can block the gateway anyway
If they can or not, isnt prooven. But anyway, this threat is not about it and i dont talked about it here, and my post here have nothing to do with it. Cause what this feature would allow, is to down patch the fw requirement, so you could play it with an OLDER firmware. (if intendo realy would block gateway). Si i just requote my post:


What if they just cover the minimun Firmware data in future roms by header signature? :P Or isnt that possible? (tho this feature could be useless, before its really usefull, or?) :/
Anyway, great work!


Am i right?
 

3DSGuy

No longer in scene
OP
Member
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
I think you should manipulate a single file instead of using one for input and output
- you can then truncate for trimming which is much faster
- untrim is abit faster too since you need to write less (<50% vs. >50%)
- makes it easier to manipulate multiple roms with one command
- saves the backup space for people who use a COW FS (well I guess thats not that important if its mainly used on windows)
Good idea, I'll see what I can do.
 
  • Like
Reactions: Margen67

Armadillo

Well-Known Member
Member
Joined
Aug 28, 2003
Messages
4,186
Trophies
1
XP
4,326
Country
United Kingdom
Wouldn't patching the min version only work until they start using features/commands that are only present in later firmwares?

You can patch/skip the version check on a RGH/Jtag 360, but you still have to eventually update your hacked kernel version to play or certain games just won't work, even with the check skipped.
 

PsyBlade

Snake Charmer
Member
Joined
Jul 30, 2009
Messages
2,204
Trophies
0
Location
Sol III
XP
454
Country
Gambia, The
What if they just cover the minimun Firmware data in future roms by header signature? :P Or isnt that possible? (tho this feature could be useless, before its really usefull, or?)
covering whatever area with a signature is trivial
the problem is more in getting something to check it
they probably can't get the old FW to do it
but the reason to have a game on a flashcart is usually to play it
meaning they can simplt include the check in the (already signed and checked) game code

If they can or not, isnt prooven.
as for blocking the whole gateway
I would simply include a of-the-shelf smartcard chip in the cartridge
have it do hardware rsa signing of random data generated by the 3ds
include the public key in the normal rom part and have the new FW check it
not the cheapest way but the most effective
and it hits potential bootleggers hard too
 

Devin

"Local Hardware Wizard"
Member
Joined
Aug 17, 2009
Messages
5,954
Trophies
1
Age
27
Location
The Nexus
XP
4,133
Country
United States
Data from 0x200 - 0x1200 in the ROM image. So that would be(for retail ROMs):
  1. Card Info
  2. Size of ROM actually used
  3. CVer TitleID
  4. CVer Title version
  5. Data relating to the First partition in the ROM (executable partition)

So we could edit those things in theory, and still have the game boot using a device such as the Gateway 3DS?

I'd love to experiment with it, is there a program that allows me to change more parts of the rom?
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Dark_Phoras @ Dark_Phoras: I do live in the vortex of materialism of any place I've ever been