Hacking (4.x only) CIA CFW Complete Guide

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
i think (4.x only) needs to be added to this thread title, i know its kinda obvious to people who have followed this stuff, but it would save the same questions over and over :)
 
  • Like
Reactions: Celice

PieFace

Well-Known Member
Newcomer
Joined
Aug 4, 2014
Messages
59
Trophies
0
XP
167
Country
United States
Does anyone know why I can't get ctrclient to connect? Everything else seems to be working properly (It boots into 'emunand') and I am 100% certain I am using the right IP address. I am also on 4.1, if it matters.
 

palantine

Well-Known Member
OP
Member
Joined
Oct 5, 2014
Messages
174
Trophies
0
Age
39
XP
603
Country
Italy
Great plan. It is my hope to have commented source for arm9, arm11, boot as well as ctrclient and be able to build everything from scratch. :)

Did you see crtclient on neimods git? It looks like it's an older version that this is based off of. We could probably use it as a starting point and then reverse the added features with IDA+Wireshark PCAP.


I actually already reversed the commands, if someone wants to continue that work and reverse the protocol with wireshark, I say go for it!
 

piratesephiroth

I wish I could read
Member
Joined
Sep 5, 2013
Messages
3,453
Trophies
2
Age
104
XP
3,244
Country
Brazil
palantine
Could you please make a video tutorial how to install your CFW?

I'm sure that there are many noobs like me that aren't understanding some steps

A step-by-step CFW guide (especially for those who do not own a Gateway)

Requirements:
Hardware:
- A wireless router connected to the internet
- A PC connected to the router
- A 3DS on firmware 4.1 to 4.5
- A card reader
- A FAT32 formatted SD card/SD adapter for microSD (for the 3DS)
- A compatible DS flashcart
- A computer with Windows Vista/7/8 (ctrclient is compiled in VS2012 with no support for Windows XP)

Software:
- DevMenu_2x.cia or BigBlueMenu.cia
- the .bat file I attached here
- EmunandTool
- Gateway's installation files (from their website)
- Palantine's CFW files.

Instructions:
1. Have your 3DS WIFI connections configured properly (not really required, it's just to save time).
2. Copy Launcher.dat from the folder GW_OMEGA to your 3DS's big SD card. Insert that SD into your 3DS.
3. Transfer GW_INSTALLER.NDS to your flashcart's microSD's and run it on your 3DS, selecting the proper option.
Press A to close the installer after it's finished.
Press HOME to go back to the home menu after it closes.
Important: this will install the ROP Loader into the 3DS. If you run any DS game it will be removed and you'll have to run GW_INSTALLER.NDS again.

4. Go to System Settings > Profile > Nintendo DS Profile. You'll get into Gateway menu.
5. Select 'Format EMUNAND'. Confirm and wait until it's finished (the SD card will be formatted)
6. Shut down the 3DS, plug the SD card it into your PC's card reader.
7. Use EmunandTool and hit 'Extract emuNAND' to save it to your computer.

8. Drag the resultant emuNAND.bin into the bat file I uploaded. A file named REDNAND.bin will be generated when it's finished.
9. Use EmunandTool, select 'Inject NAND to emuNAND' and navigate to where your REDNAND.bin is.
(it will tell you NAND.bin doesn't exist every time you open a folder... just ignore it). Wait until it's finished. (It injects the file into a hidden partition so you won't see the file anywhere on the SD.)

10. Now get the CFW files. Copy everything that's in the 'SD Card' folder to the root of the SD card. Delete Launcher.dat and rename Launcher_GW.dat to Launcher.dat
11. Insert the SD card back in the 3DS. Let it create the software management information
12. Take the SD out of the 3DS and back into the PC's card reader. Go to the newly created 'Nintendo 3DS' folder and into the subfolders inside it.
Their names are a bunch of gibberish so let's call the first one ID1, and inside it there's an ID2 folder with a 'extdata' folder inside.
You have to create another folder inside ID2, called 'dbs'. And inside this new folder you add a file called title.db or import.db. You can add both, but it's not really necessary.
(Remember you may need to disable the option 'Hide extensions for known file types' in Windows Explorer's folder options so you can create them)
Like this:
Code:
└───Nintendo 3DS
    └───01234567890acbdef0123456789abcde        <-- ID1
        └───9876543210fedcba9876543210fedcba    <-- ID2
            ├───extdata
            └───dbs  <-- create this one and add one of the files inside it(or both)
                  title.db
                  update.db

Plug the SD back into the 3DS and go to System Settings > Data Management > Nintendo 3DS > Software.
It will tell you the management information is corrupted and ask you to reset it. Confirm it.

Now to get into the CFW, go to System Settings > Other > Profile > Nintendo DS Profile. It's unstable right now and won't successfully boot everytime. You know it works when the bottom screen flashes white for a brief moment. If it stays black then you have to power off the 3DS and try again.


Installing DevMenu/BigBlueMenu from the computer:
To install CIA files using the windows tools, you need to hold down the 'L' button while you select 'Nintendo DS Profile'.
Now you're gonna use the other files in the CFW archive.
You have to edit the file 'run.bat'. It comes like this:
Code:
installcia IPTOMODIFY 1 DevMenu_2x.cia

change IPTOMODIFY to your 3DS's IP address. If you're installing BigBlueMenu.cia, change it accordingly.
For example, mine is 192.168.1.3. So my file must be:
Code:
installcia 192.168.1.3 1 DevMenu_2x.cia

To find your 3DS's IP address you can either check your router or use Wireless Network Watcher
Double-click run.bat to install DevMenu.
A successful instalation will look like this:
4fefa5df52.png


Result-code: 0 means all went fine.
  • If you get anything else, it's because you didn't create the files in the dbs folder;
  • If you get 'failed to connect', turn wifi off and on again on the 3DS, then try again;
  • If you're always getting 'failed to connect' and the 3DS is crashing/freezing, open the web browser as soon as the CFW starts and let it load a website.
If it installed fine, press the power button and then press HOME to reload the home menu.
You'll see a new gift there.

Once you have DevMenu/BigBlueMenu installed, you can start the CFW in regular mode (don't hold L) and install CIAs from the SD card using it.
 

Attachments

  • drag_emunand_here.zip
    453 bytes · Views: 15,712

Vappy

Well-Known Member
Member
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
Small change, but I've found you don't need to reboot a second time for the DevMenu to show after running the client. Just replacing the .db files like idunoe said while leaving the 3DS on then plugging it back in causes it to show.
 

Lordjontan

Well-Known Member
Member
Joined
Jun 16, 2013
Messages
241
Trophies
1
Age
31
XP
1,162
Country
Colombia
This part: "You also have to check your SD card, find the folder Nintendo 3DS\<lotsofnumbers>\<evenmorenumbers>\dbs\". Create two files in this folder, named title.db and import.db "

Is it after or before install the CIA?
 

bobmcjr

Well-Known Member
Member
Joined
Apr 26, 2013
Messages
1,159
Trophies
1
XP
3,395
Country
United States
With this method, I can boot into the CFW, however, after ~10 seconds, whenever I scroll over icons in the home screen, banners fail to load and doing anything besides scrolling causes a freeze, and of course, It fails to connect. I know my IP is correct as whenever I run run.bat, the WiFi light on the 3DS blinks.
 
  • Like
Reactions: Huntereb

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • kijetesantakalu042 @ kijetesantakalu042:
    @DragonMals I can see the appeal but it's just not my game. Really hoping for vib ribbon 2 or 4 or what ever you'd call it
  • DragonMals @ DragonMals:
    @kijetesantakalu042, Well the ironic thing about Terraria is that it was my game. I have over thousands of hours into the game. If there's one game that defined my childhood and can still carry me on through my multitude of coping mechanisms, Terraria would be there for me. It's just not that much because the game's vibe after 1.4.4 changed for the wrose
  • kijetesantakalu042 @ kijetesantakalu042:
    @DragonMals I was talking about rhythm heaven
  • BigOnYa @ BigOnYa:
    This is the Cancellation Hotline, Hello may I help you.....Hello....anyone....-Hangs up-
  • kijetesantakalu042 @ kijetesantakalu042:
    @BigOnYa could you cancel my life subscription
  • BigOnYa @ BigOnYa:
    Call the hotline.
  • Kirbydogs @ Kirbydogs:
    fricking hate car alarms
  • Kirbydogs @ Kirbydogs:
    had entire plan for tomorrow for like waking up early taking a shower getting ready for a half day at school
  • Kirbydogs @ Kirbydogs:
    THEN THE GODAMN IDIOTIC PERSON WHO THIGUTH THEY RJEHEHFHFJSKDNCH
  • BigOnYa @ BigOnYa:
    Stop trying to break into cars and go back to bed.
    +1
  • NinStar @ NinStar:
    godamn thicc
    +1
  • K3Nv2 @ K3Nv2:
    Sorry I just wanted to slowly drive by and show off the new feature
  • K3Nv2 @ K3Nv2:
    https://youtube.com/shorts/ViAQQbwtmgs?si=KpP0X58fdhJfziiC imagine if he said can you jailbreak this
  • GUIBB @ GUIBB:
    谁有挂姬恶魔的金手指啊
  • Halbour @ Halbour:
    binjinen
  • BigOnYa @ BigOnYa:
    Anglais uniquement
  • Veho @ Veho:
    ENGLISH MOTHERFUCKER DO YOU SPEAK IT
    +1
  • Maximumbeans @ Maximumbeans:
    What in the blue blazes is this commie UN sheeit
  • Maximumbeans @ Maximumbeans:
    I ain't come here for culture
  • Skelletonike @ Skelletonike:
    good morrow
    Skelletonike @ Skelletonike: good morrow