Hacking BootNTR New Version Research

jesus.cocano · Oct 25, 2016

It left me stuck on the "patching svc check" on the astronautlevel2 CIA's and Naquitas selector throws me after the principlal menu to reset the console, I'm using NTR3.4 and OS 11.2

Skeet1983 · Oct 25, 2016

Favna said:
From my understanding you can use the 2.1 release BootNTR Selector or 3.4.1 release of BootNTR for Old3DS and for New3DS it is still a WIP.

In FBI, it says BootNTR is version 2048... Is that the latest BootNTR? I do have a N3DS and the BootNTR I have installed does seem to work on FW 11.2...

Nanquitas · Oct 25, 2016

It may be because those cache addresses changed:

Code:

dbgKernelCacheInterface cacheInterface_Old111 =
{
    //for old 3ds 11.1
    (void*)0xFFF255A8,
    (void*)0xFFF1D7D4,
    (void*)0xFFF1D56C,
    (void*)0xFFF1FCCC
};

dbgKernelCacheInterface cacheInterface_NEW111 =
{
    //for new 3ds 11.1
    (void*)0xFFF261F0,
    (void*)0xFFF1DF6C,
    (void*)0xFFF1DC14,
    (void*)0xFFF202A8
};

Maybe @Aurora Wright & @TuxSH can tell us how they found it the last time so we'll be able to do it too ?

I don't mind searching, but I've no idea on what I need to search or what these addresses are supposed to represent...

--------------------- MERGED ---------------------------

Skeet1983 said:
In FBI, it says BootNTR is version 2048... Is that the latest BootNTR? I do have a N3DS and the BootNTR I have installed does seem to work on FW 11.2...

This version is set in the rsf and never updated.

Look for the number in the app, mine will show it on the left top edge of the top screen.

Last being 2.2 but is broken...

jesus.cocano · Oct 25, 2016

Skeet1983 said:
In FBI, it says BootNTR is version 2048... Is that the latest BootNTR? I do have a N3DS and the BootNTR I have installed does seem to work on FW 11.2...

I have BootNTR version 2048 and BootNTRSelector Version 2048

--------------------- MERGED ---------------------------

I have Version 2.2 of BootNTRSelector by Naquitas

Skeet1983 · Oct 25, 2016

Nanquitas said:
It may be because those cache addresses changed:

Code:

dbgKernelCacheInterface cacheInterface_Old111 = { //for old 3ds 11.1 (void*)0xFFF255A8, (void*)0xFFF1D7D4, (void*)0xFFF1D56C, (void*)0xFFF1FCCC }; dbgKernelCacheInterface cacheInterface_NEW111 = { //for new 3ds 11.1 (void*)0xFFF261F0, (void*)0xFFF1DF6C, (void*)0xFFF1DC14, (void*)0xFFF202A8 };

Maybe @Aurora Wright & @TuxSH can tell us how they found it the last time so we'll be able to do it too ?

I don't mind searching, but I've no idea on what I need to search or what these addresses are supposed to represent...

--------------------- MERGED ---------------------------

This version is set in the rsf and never updated.

Look for the number in the app, mine will show it on the left top edge of the top screen.

Last being 2.2 but is broken...

How is BootNTR broken, as in it doesn't boot at all? I have FW 11.2 and it seems to boot ok, but I have not tested game cheat plugin or anything yet...

jesus.cocano · Oct 25, 2016

It's possible downgrade to 11.1, to use NTR?

Canadian_l3acon · Oct 25, 2016

Nanquitas said:
Okay this one shouldn't auto downgrade.

@ih8ih8sn0w: Are you saying that it's working fine on a 11.2 firmware ?

So just to be clear, are most of us waiting on an updated NTR? I have tried every new release in this thread and none of them have allowed me to stream to my PC. The closest thing to success for me was the quote above. I am on a n3ds xl 11.2, Luma v6.3.1 with the patch SVC option disabled.

Favna · Oct 25, 2016

jesus.cocano said:
It's possible downgrade to 11.1, to use NTR?

If you made a 11.1 backup (which.. you should've tbh) then you can

Backup 11.2
restore 11.1
Dump your own NFirm
rename it to firmware.bin and dump it in /luma
restore 11.2
enable "loading of external firmware" in luma

(dumping, backing up and restoring all supported by Decrypt9)

Noroxus · Oct 25, 2016

Favna said:
If you made a 11.1 backup (which.. you should've tbh) then you can

Backup 11.2

restore 11.1

Dump your own NFirm

rename it to firmware.bin and dump it in /luma

restore 11.2

enable "loading of external firmware" in luma

(dumping, backing up and restoring all supported by Decrypt9)

Can't he just use someones dumped 11.1 NFirm its not like they are console unique

Favna · Oct 25, 2016

Noroxus said:
Can't he just use someones dumped 11.1 NFirm its not like they are console unique

They are not indeed but afaik sharing NFirm's is 'illegal' and at least not allowed in GBATemp's set of rules - otherwise I would drop the by me dumped 11.0 Nfirm without second thought here for people to use TBH.

Noroxus · Oct 25, 2016

Favna said:
They are not indeed but afaik sharing NFirm's is 'illegal' and at least not allowed in GBATemp's set of rules - otherwise I would drop the by me dumped 11.0 Nfirm without second thought here for people to use TBH.

Oh well, I guess that might be against ToS.

Localhorst86 · Oct 25, 2016

weirdly, BootNTR freezes on the svccheck on my 11.2.0 EUR N3DS

Favna · Oct 25, 2016

Localhorst86 said:
weirdly, BootNTR freezes on the svccheck on my 11.2.0 EUR N3DS

Because it needs updating for N3DS. Read back a few pages and you'll learn it is being worked on. Currently you can get a 11.0 or 11.1 NFirm from where ever or dump it yourself by restoring your 11.0 / 11.1 backup. Rename it to "firmware.bin", drop it in /luma and enable loading external FIRMs in Luma config.

jesus.cocano · Oct 25, 2016

Favna said:
Because it needs updating for N3DS. Read back a few pages and you'll learn it is being worked on. Currently you can get a 11.0 or 11.1 NFirm from where ever or dump it yourself by restoring your 11.0 / 11.1 backup. Rename it to "firmware.bin", drop it in /luma and enable loading external FIRMs in Luma config.

If I dont have backup on my system 11.1, how can i get the NFirm?

Favna · Oct 25, 2016

jesus.cocano said:
If I dont have backup on my system 11.1, how can i get the NFirm?

perhaps that iso site has them or ask a friend who can get it

ih8ih8sn0w · Oct 25, 2016

jesus.cocano said:
If I dont have backup on my system 11.1, how can i get the NFirm?

look at corbeniks readme on github, it has links for them (which are still working afaik)

Localhorst86 · Oct 25, 2016

Favna said:
Because it needs updating for N3DS. Read back a few pages and you'll learn it is being worked on. Currently you can get a 11.0 or 11.1 NFirm from where ever or dump it yourself by restoring your 11.0 / 11.1 backup. Rename it to "firmware.bin", drop it in /luma and enable loading external FIRMs in Luma config.

ah, must have missed that. i was skimming the last few pages and havent seen that. Not too keen on externaly loading the firmware.bin, i do like the "only patch what needs patching" approach of luma. gonna wait for proper 11.2 support.

astronautlevel · Oct 25, 2016

Okay, it seems like there was a mistake - something is definitely different in 11.2. I'll need dumps (all of the pid dumps and the axiwram dump) for 11.1 and 11.2 o3ds.

jesus.cocano · Oct 25, 2016

ih8ih8sn0w said:
look at corbeniks readme on github, it has links for them (which are still working afaik)

I downdload the nativ firmware and rename it, I have the same inssue (Patching svc check)

Apache Thunder · Oct 25, 2016

The loader module was changed in the new update (so I wasn't completely correct on Arm11 not being changed in 11.2. it was). This change means PASLR will be enabled for all future games using the 11.x SDK.

But CFW replaces the loader entirely and disables PASLR stuff entirely as a result, so this effectively means no change at all if you are using a CFW like Luma 3DS.

Hacking BootNTR New Version Research

Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Member

Member

Well-Known Member

Margen67 Supporter

Well-Known Member

Margen67 Supporter

Robert'); DROP TABLE members;--

Well-Known Member

Member

Well-Known Member

Koreaboo

Robert'); DROP TABLE members;--

Well-Known Member

Member

Attachments

I have cameras in your head!

Similar threads

Popular threads in this forum