can we edit/install Cia's to the sysNAND?

Discussion in '3DS - Flashcards & Custom Firmwares' started by xdarkmario, Feb 1, 2015.

  1. xdarkmario
    OP

    xdarkmario Philosopher

    Member
    1,322
    303
    Dec 30, 2010
    United States
    Mushroom Kingdom
    I know that risky and and all but i the reason i ask is because i was thinking, if you can install a cia then you can make a self significant Gateway launcher on the sysnand and launch into gateway mode from a single button.
     


  2. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    i have never heard those two words together, what does "self significant" mean? self significant Gateway launcher?
    yes, emunand or sysnand, as long as you can run devmenu you can install cias.
     
  3. chemistryfreak

    chemistryfreak GBAtemp Fan

    Member
    419
    84
    Nov 8, 2008
    Thing is we can't launch apps that are not signed by Nintendo on the sysnand.
    Homebrew and other backups run on Emunand because it is patched to bypass the checks.
     
    Kafke likes this.
  4. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    we can launch them on sysnand, just not without GW's patches.
    just like we can't launch not legit things in classic mode on emunand, because gw's patches are not there.
     
  5. chemistryfreak

    chemistryfreak GBAtemp Fan

    Member
    419
    84
    Nov 8, 2008
    Yes i know. The op is trying to create a forwarder to launch the DS Profile exploit. And I believe it can not be done since homebrew can't start on an un-patched nand. Which is why we need to start the DS profile to enter gw mode before we can play any backups and homebrews.
     
  6. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    ok, you might know but maybe not everyone else knows :)
     
  7. xdarkmario
    OP

    xdarkmario Philosopher

    Member
    1,322
    303
    Dec 30, 2010
    United States
    Mushroom Kingdom
    self significant Stand Alone is a better term
    anyway well we have what i assume is full kernel control with these gateway cards so i can see the systemNAND as editable but with risks.

    like how a NAND.bin backup or a downgrade.dg can be restored to the systemNAND,
    can we even browse or see the 3ds NAND filesystem?
     
  8. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    yes, we can. gbatemp.net/threads/release-3ds_ctr_decryptor-void.370684/ generate the xorpads for your fat16, if you want.
     
    Margen67 likes this.
  9. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,468
    4,779
    Mar 17, 2010
    Norway
    Alola
    For the foreseeable future, we can't make custom modifications to the files.
    If the 3DS bootloader finds unauthorized/unsigned modifications it will simply refuse to boot.
     
  10. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    (refuses to boot the application, not refuses to boot the 3ds) - just so people don't get worried. but sure if you install a weird system app you can 'brick', but just a 'corrupt' game cia, you will be fine.
     
  11. Kafke

    Kafke GBAtemp Fan

    Member
    415
    144
    Jan 2, 2009
    United States
    "Install CIA to sysnand" doesn't make any sense at all. You can easily do this by booting CFW, installing a CIA, and then exiting to sysnand, being sure the two are linked. The installed CIA (even devmenu) will appear on the sysnand home screen. The problem is that sysnand doesn't bypass the checks, and as such you can't run the installed CIAs.

    The other problem is that we don't actually have a modified home screen. Just patches that need to be run on boot. And as it stands, we don't have access to the 3DS boot. So we can't run the patches.

    So instead we go through the DS profile exploit, and boot a "emunand" which is a backed up version of the system. While booting this new system, the patches are applied, and the installed CIA files can be run.

    In order to actually run the CIA files from sysnand, you'd either need a modified home menu where the patches are pre-applied (or perhaps a modified boot), or you'd need to properly sign the CIA files, which isn't going to happen.

    And seeing as the CFW guys aren't fond of sharing work, and Gateway has 0 interest in making a CFW, we aren't going to get anything like that any time soon.
     
    fatpolomanjr likes this.
  12. liomajor

    liomajor GBAtemp Maniac

    Member
    1,463
    1,065
    Jun 10, 2008
    United States
    All installs to sysNAND are unique for your very own
    3DS and adds entries to the database like ticket.db.

    You can't switch out files in title folder because that can
    cause malfunction or bricking when messing with NAND.

    Files are protected so you can't edit them without getting invalid.

    I highly recommend not to install invalid game .cia
    while in sysNAND and to use emuNAND for this!

    Still every install has titlekey's (ticket.db), valid or invalid,
    but you can't remove them without restoring backup!

    Using funkycia with titleid plus invalid titlekey will still
    download the files and create .cia, but install will fail
    because the content is garbage! And no, only legit cia
    from bundle will work after installing without Gateway!

    cearp and i did a lot tests how far we can go ;)
     
    Korma and cearp like this.
  13. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    yes, you need the correct titlekey because without it, the 3ds itself cannot decrypt the contents of the cia :)
     
  14. xdarkmario
    OP

    xdarkmario Philosopher

    Member
    1,322
    303
    Dec 30, 2010
    United States
    Mushroom Kingdom
    Well looks like that is out of the question

    But one more question.

    I know how the ds profile exploit has been patched but the 3ds has a couple of ways It can go to ds mode. Like when you have to step the internet for the ds wifi and also ds download play. Think there's a way to load up the old exploit though one of those?

    Just throwing ideas here, but if nintendo patched one they mostly patched all idk..
     
  15. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    you install a cia to either sysnand, or emunand. it makes sense to me... :)
     
  16. xdarkmario
    OP

    xdarkmario Philosopher

    Member
    1,322
    303
    Dec 30, 2010
    United States
    Mushroom Kingdom
    The whole point would top make a app on the system menu to boot directly into gateway mode, no bowser just an app. But I guess that's a bit ahead of our time...
     
  17. Myria

    Myria GBAtemp Fan

    Member
    431
    410
    Jul 24, 2014
    United States
    What stops installing validly-signed applications to SysNAND? I've wondered this for a while.
     
  18. Oishikatta

    Oishikatta GBAtemp Advanced Fan

    Member
    971
    545
    Oct 30, 2014
    United States

    Nothing, the problem is signing them.
     
    Hashtastrophe likes this.
  19. Kafke

    Kafke GBAtemp Fan

    Member
    415
    144
    Jan 2, 2009
    United States

    Lol, that was a really old post. But no, it doesn't make sense. CIAs are installed to the SD and can be read/ran in either sysnand or emunand. The problem with running them in sysnand isn't installing it to sysnand, it's the signing of the file. emunand is patched to ignore the signing.

    But there are CIAs that are 'legit' and can run without those patches. So you could install on emunand, boot into sysnand and then run.
     
  20. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    ok, when you install a CIA, the ticket gets installed, and the content gets installed. the ticket goes in your ticket.db (stored in nand, so, sysnand or emunand), giving you permission to run the app (well, only if the ticket is valid, if not you need hacks to let you play).
    if it is a system app, it gets installed to the nand. (so sysnand, or emunand). if not, it just gets installed in the sd card.

    if you install a game in sysnand, even if it is legit, you will not have the ticket in emunand so it will not run.
    just like if you buy and download a game in eshop emunand, you cannot play it in sysnand because you do not have the ticket.
    that won't work (i explain it above) -- (because you need the ticket in the nand you want to play in)
     
    RubenCantuVota likes this.