Hacking Official Corbenik - Another CFW for advanced users (with bytecode patches!)

[chaoskagami]

I mostly thought of HANS since the Mystery Machine Spoofer was said to be based on it. I'll look around for any other interesting ideas, no learning is ever wasted after all.

I do like how clear and compact the spoofer bytecode patch is.

The mysterymachine patcher (the official one) only uses the ExeFs override of HANS, not the romfs. Overriding code is what loader already does, so adapting that was easy (and Wolfvak was responsible for the original implementation, anyways.)

The way HANS does romfs redirects is messy and I don't plan to include it. It literally disassembles the program before running to patch it up. I'm working on my own solution, but I don't have anything usable yet.

 

[chaoskagami]

I've decided that the RE project is going to take far too long to be usable within even a month, and frankly I'd like to have romfs redirects now rather than later. Against my better judgement I'll attempt to integrate HANS' redirection. That's still going to take a while but it's doable, since I have to drag in other dependencies like darm. It's also going to behave slightly different, but I'll explain that when I'm done.

For now, I'm releasing 0.1.0. Changelog:

In this release:

• The localeemu path was fixed so it is actually usable now (I'm a doof.)
• Major UX overhaul. This includes a better font, menu restructuring, scrolling on menus, etc. Basically, it looks better now. It may look more newbie-friendly, but it isn't still. Trust me.
• Descriptions are exposed via the select button on entries.
• The boot.log is formatted differently and placed in a logging buffer now, and is dumped when it reaches a certain size (and before boot/reboot/shutdown)
• The menu font was externalized. You can change it if you don't like it - the current font in use is Tewi. See the Fonts wiki page.
• Experimental support for EmuNAND placed at the end of the disk rather than the start. This is untested as of yet, and is ill-supported by any userland tools like Decrypt9. It has some advantages, such as only requiring resizing the FAT partition to add and delete EmuNAND space. You'll have to use something like dd if you want to test this at the moment.
• Patch descriptions were updated to be more explanatory. You can continue using patches from 0.0.11 if you'd like since the bytecode is the same, but the descriptions are much better in this version.

 

[a9lh-1user]

Thanks again for your HARD work and that amazing CFW !
Have a nice weekend (and try to play a game )

 

[chaoskagami]

Thanks again for your HARD work and that amazing CFW !
Have a nice weekend (and try to play a game )

Ahaha. Tell me about it. Sooner or later here I'm going to take a break.

(Incidentally, most of the HANS code is just thunking/non-required patching/getting information we already can derive when running in loader.)

 

[The Catboy]

I like the new menu. I can actually read this one, the old one was rather hard on the eyes with how large/close the font was.

 

[Temptress Cerise]

I am also loving the new menu and font. It's pretty snazzy~ Keep up the good work @chaoskagami

Edit: Also, like that there is a sha512 file included, I always like checking hashes on my end.

 

[chaoskagami]

I am also loving the new menu and font. It's pretty snazzy~ Keep up the good work @chaoskagami

Edit: Also, like that there is a sha512 file included, I always like checking hashes on my end.

I'm including the sha512 files now because I'd rather that users actually verify it. The updater application's author rehosting releases being one major reason. I don't think he'd tamper with it, but better safe than sorry. Web servers get hijacked all the time. Thanks.

As I look more and more at HANS I realize I can't use it as-is, so no inbuilt solution for a while. Though on the topic of romfs redirects, etc - @Steveice10 PR'd offsets for 11.0 FIRMs to BootNTR. If you build BootNTR from git you can use NTR with the latest native FIRM, it seems. I'd still strongly recommend against this due to it being effectively dead (BootNTR just gets NTR into memory.)

 

[Wolfvak]

Alright, small patch. This one was made by Subv, mostly known as a Citra dev. He did all the work, I just ported it to Corbenik, and sorry for no PR, I'm too busy currently.

# $name Disable SVC permission checks
# $desc Disables permission checks, so all titles have permissions to ALL SVC calls (note: possible security hazard)
# $ver  01
# $uuid 0002
# $flags require

# Status: Working

# Original patch by Subv.

rel  native_s0

find EAFFFF0A
abortnf
set 00F020E3

Please note that it's severely untested (the Corbenik "port", not the original patch).

 

[chaoskagami]

Alright, small patch. This one was made by Subv, mostly known as a Citra dev. He did all the work, I just ported it to Corbenik, and sorry for no PR, I'm too busy currently.

# $name Disable SVC permission checks
# $desc Disables permission checks, so all titles have permissions to ALL SVC calls (note: possible security hazard)
# $ver  01
# $uuid 0002
# $flags require

# Status: Working

# Original patch by Subv.

rel  native_s0

find EAFFFF0A
abortnf
set 00F020E3

Please note that it's severely untested (the Corbenik "port", not the original patch).

I'll drop that in the contrib directory for anyone who wants it with a BIG FAT warning, and attempt to test it somewhat. BTW, # $flags require was originally meant as an 'Enable this automatically' thing. It's ignored right now.

 

[DjoeN]

...
@Steveice10 PR'd offsets for 11.0 FIRMs to BootNTR. If you build BootNTR from git you can use NTR with the latest native FIRM, it seems. I'd still strongly recommend against this due to it being effectively dead (BootNTR just gets NTR into memory.)

@Steveice10 BootNTR works perfect under FIRM 11.0 (emunand) on latest corbenik.

 

[Kirtai]

The only thing I'll ask for re the romfs redirects is that it be simple and straightforward to set up. Maybe just a configuration file listing the TitleIDs and pointing to the replacements. Either that or that it be easily automatable.

This isn't a noob-proofing request btw, I just hate doing stuff by hand that the computer can do for me. That's what they're for after all

 

[chaoskagami]

The only thing I'll ask for re the romfs redirects is that it be simple and straightforward to set up. Maybe just a configuration file listing the TitleIDs and pointing to the replacements. Either that or that it be easily automatable.

This isn't a noob-proofing request btw, I just hate doing stuff by hand that the computer can do for me. That's what they're for after all

In terms of design, I'm planning a no-config approach. Turn on romfs override, and if it's there for the TID, use it. If not don't. I'm still nowhere close to this (as in, zero code yet, no hooks, still researching), so it's pointless to think about right now.

It's about time I add a userland configuration tool to allow toggling options that can change after the system is booted.

 

[ILoveUnity]

Made a newer logo!

 

[chaoskagami]

Made a newer logo! View attachment 53283

Shitpost / 10

I'll use it next april fools.

 

[ILoveUnity]

Shitpost / 10

I'll use it next april fools.

...
do you want a better one?

 

[chaoskagami]

...
do you want a better one?

I'm fine on graphics. I'm actually pretty decent with gimp. Uh, thanks for the effort.

 

[Kirtai]

In terms of design, I'm planning a no-config approach. Turn on romfs override, and if it's there for the TID, use it. If not don't.

That sounds even better

I was just hoping not to have the kind of messing around involved with the current solutions.

 

[chaoskagami]

That sounds even better

I was just hoping not to have the kind of messing around involved with the current solutions.

Like I said, I don't even have any code yet. Don't expect it anytime soon. Maybe in a month. But if and when I do get it implemented, that's how I'd personally have it behave.

 

[Kirtai]

Like I said, I don't even have any code yet. Don't expect it anytime soon. Maybe in a month. But if and when I do get it implemented, that's how I'd personally have it behave.

No worries. I'm just familiar with how it gets harder to change direction the later the changes happen so wanted to ask about it early.

 

[ILoveUnity]

3DS SDK app styled icon for when running through HBL!