Hacking can we edit/install Cia's to the sysNAND?

xdarkmario

Philosopher
OP
Member
Joined
Dec 30, 2010
Messages
1,623
Trophies
1
Location
Mushroom Kingdom
XP
2,426
Country
United States
I know that risky and and all but i the reason i ask is because i was thinking, if you can install a cia then you can make a self significant Gateway launcher on the sysnand and launch into gateway mode from a single button.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,660
Trophies
2
XP
7,996
Country
Tuvalu
i have never heard those two words together, what does "self significant" mean? self significant Gateway launcher?
yes, emunand or sysnand, as long as you can run devmenu you can install cias.
 

chemistryfreak

Well-Known Member
Member
Joined
Nov 8, 2008
Messages
422
Trophies
0
XP
348
Country
Thing is we can't launch apps that are not signed by Nintendo on the sysnand.
Homebrew and other backups run on Emunand because it is patched to bypass the checks.
 
  • Like
Reactions: Kafke

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,660
Trophies
2
XP
7,996
Country
Tuvalu
Thing is we can't launch apps that are not signed by Nintendo on the sysnand.
Homebrew and other backups run on Emunand because they are patched to bypass the checks.

we can launch them on sysnand, just not without GW's patches.
just like we can't launch not legit things in classic mode on emunand, because gw's patches are not there.
 

chemistryfreak

Well-Known Member
Member
Joined
Nov 8, 2008
Messages
422
Trophies
0
XP
348
Country
we can launch them on sysnand, just not without GW's patches.
just like we can't launch not legit things in classic mode on emunand, because gw's patches are not there.

Yes i know. The op is trying to create a forwarder to launch the DS Profile exploit. And I believe it can not be done since homebrew can't start on an un-patched nand. Which is why we need to start the DS profile to enter gw mode before we can play any backups and homebrews.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,660
Trophies
2
XP
7,996
Country
Tuvalu
Yes i know. The op is trying to create a forwarder to launch the DS Profile exploit. And I believe it can not be done since homebrew can't start on an un-patched nand. Which is why we need to start the DS profile to enter gw mode before we can play any backups and homebrews.

ok, you might know but maybe not everyone else knows :)
 

xdarkmario

Philosopher
OP
Member
Joined
Dec 30, 2010
Messages
1,623
Trophies
1
Location
Mushroom Kingdom
XP
2,426
Country
United States
self significant Stand Alone is a better term
anyway well we have what i assume is full kernel control with these gateway cards so i can see the systemNAND as editable but with risks.

like how a NAND.bin backup or a downgrade.dg can be restored to the systemNAND,
can we even browse or see the 3ds NAND filesystem?
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
22,384
Trophies
4
Location
Space
XP
12,096
Country
Norway
self significant Stand Alone is a better term
anyway well we have what i assume is full kernel control with these gateway cards so i can see the systemNAND as editable but with risks.

like how a NAND.bin backup or a downgrade.dg can be restored to the systemNAND,
can we even browse or see the 3ds NAND filesystem?
For the foreseeable future, we can't make custom modifications to the files.
If the 3DS bootloader finds unauthorized/unsigned modifications it will simply refuse to boot.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,660
Trophies
2
XP
7,996
Country
Tuvalu
(refuses to boot the application, not refuses to boot the 3ds) - just so people don't get worried. but sure if you install a weird system app you can 'brick', but just a 'corrupt' game cia, you will be fine.
 

Kafke

Well-Known Member
Member
Joined
Jan 2, 2009
Messages
416
Trophies
0
XP
362
Country
United States
"Install CIA to sysnand" doesn't make any sense at all. You can easily do this by booting CFW, installing a CIA, and then exiting to sysnand, being sure the two are linked. The installed CIA (even devmenu) will appear on the sysnand home screen. The problem is that sysnand doesn't bypass the checks, and as such you can't run the installed CIAs.

The other problem is that we don't actually have a modified home screen. Just patches that need to be run on boot. And as it stands, we don't have access to the 3DS boot. So we can't run the patches.

So instead we go through the DS profile exploit, and boot a "emunand" which is a backed up version of the system. While booting this new system, the patches are applied, and the installed CIA files can be run.

In order to actually run the CIA files from sysnand, you'd either need a modified home menu where the patches are pre-applied (or perhaps a modified boot), or you'd need to properly sign the CIA files, which isn't going to happen.

And seeing as the CFW guys aren't fond of sharing work, and Gateway has 0 interest in making a CFW, we aren't going to get anything like that any time soon.
 
  • Like
Reactions: fatpolomanjr

liomajor

Well-Known Member
Member
Joined
Jun 10, 2008
Messages
1,468
Trophies
0
XP
1,369
Country
United States
All installs to sysNAND are unique for your very own
3DS and adds entries to the database like ticket.db.

You can't switch out files in title folder because that can
cause malfunction or bricking when messing with NAND.

Files are protected so you can't edit them without getting invalid.

I highly recommend not to install invalid game .cia
while in sysNAND and to use emuNAND for this!

Still every install has titlekey's (ticket.db), valid or invalid,
but you can't remove them without restoring backup!

Using funkycia with titleid plus invalid titlekey will still
download the files and create .cia, but install will fail
because the content is garbage! And no, only legit cia
from bundle will work after installing without Gateway!

cearp and i did a lot tests how far we can go ;)
 
  • Like
Reactions: Korma and cearp

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,660
Trophies
2
XP
7,996
Country
Tuvalu
Using funkycia with titleid plus invalid titlekey will still download the files and create .cia, but install will fail because the content is garbage!

yes, you need the correct titlekey because without it, the 3ds itself cannot decrypt the contents of the cia :)
 

xdarkmario

Philosopher
OP
Member
Joined
Dec 30, 2010
Messages
1,623
Trophies
1
Location
Mushroom Kingdom
XP
2,426
Country
United States
Well looks like that is out of the question

But one more question.

I know how the ds profile exploit has been patched but the 3ds has a couple of ways It can go to ds mode. Like when you have to step the internet for the ds wifi and also ds download play. Think there's a way to load up the old exploit though one of those?

Just throwing ideas here, but if nintendo patched one they mostly patched all idk..
 

Myria

Well-Known Member
Member
Joined
Jul 24, 2014
Messages
460
Trophies
0
Age
41
XP
830
Country
United States
What stops installing validly-signed applications to SysNAND? I've wondered this for a while.
 

Kafke

Well-Known Member
Member
Joined
Jan 2, 2009
Messages
416
Trophies
0
XP
362
Country
United States
you install a cia to either sysnand, or emunand. it makes sense to me... :)


Lol, that was a really old post. But no, it doesn't make sense. CIAs are installed to the SD and can be read/ran in either sysnand or emunand. The problem with running them in sysnand isn't installing it to sysnand, it's the signing of the file. emunand is patched to ignore the signing.

But there are CIAs that are 'legit' and can run without those patches. So you could install on emunand, boot into sysnand and then run.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,660
Trophies
2
XP
7,996
Country
Tuvalu
Lol, that was a really old post. But no, it doesn't make sense. CIAs are installed to the SD and can be read/ran in either sysnand or emunand. The problem with running them in sysnand isn't installing it to sysnand, it's the signing of the file. emunand is patched to ignore the signing.
ok, when you install a CIA, the ticket gets installed, and the content gets installed. the ticket goes in your ticket.db (stored in nand, so, sysnand or emunand), giving you permission to run the app (well, only if the ticket is valid, if not you need hacks to let you play).
if it is a system app, it gets installed to the nand. (so sysnand, or emunand). if not, it just gets installed in the sd card.

if you install a game in sysnand, even if it is legit, you will not have the ticket in emunand so it will not run.
just like if you buy and download a game in eshop emunand, you cannot play it in sysnand because you do not have the ticket.
But there are CIAs that are 'legit' and can run without those patches. So you could install on emunand, boot into sysnand and then run.
that won't work (i explain it above) -- (because you need the ticket in the nand you want to play in)
 
  • Like
Reactions: Saxer

You may also like...

General chit-chat
Help Users
    K3N1 @ K3N1: All that Viagra powder inside that balloon is keeping it erect