Hacking Official Corbenik - Another CFW for advanced users (with bytecode patches!)

[chaoskagami]

Also, you should really clean the screen before running Corbenik's menu - I tested a BA9 payload that didn't clear the screen on exit.
It was hilarious

That's actually a feature, not a bug. ( ͡° ͜ʖ ͡°)

(I've actually been planning to make that toggleable behavior, with the default being off, evidently. The idea was whatever was previously on the framebuffer gets kept, so you can use it for fancy terminal backgrounds like fbterm.)

 

[Svaethier]

How does the chain loader work exactly?

 

[chaoskagami]

How does the chain loader work exactly?

Oh. I forgot to update the README. I'll fix that later.

Make a folder named /corbenik/chain and put payloads in there. They'll be listed under Chainloader in the menu.

 

[Svaethier]

Oh. I forgot to update the README. I'll fix that later.

Make a folder named /corbenik/chain and put payloads in there. They'll be listed under Chainloader in the menu.

OK, I thought we would need to make a folder for this.

 

[Temptress Cerise]

Nice work on the chainloader, seems to work with mostly everything. Except for BrickWait. Though I don't really care.

I am going to stick with my BootCTR9 -> BootAnim9 -> Corbenik (default), with BootCTR9 -> CtrBootManager9 with a button press, since I kind of don't want to get rid of my Boot Animations when booting up Corbenik, and waiting for them to end just to chainload into other stuff is going to get annoying real quick lol.

However, it works and should work for most other people.

Now please go watch some anime. You awesome dev you~ <3

 

[chaoskagami]

Nice work on the chainloader, seems to work with mostly everything. Except for BrickWait. Though I don't really care.

I am going to stick with my BootCTR9 -> BootAnim9 -> Corbenik (default), with BootCTR9 -> CtrBootManager9 with a button press, since I kind of don't want to get rid of my Boot Animations when booting up Corbenik, and waiting for them to end just to chainload into other stuff is going to get annoying real quick lol.

However, it works and should work for most other people.

Now please go watch some anime. You awesome dev you~ <3

Hey, I don't mind. There's a no-chainload version for a reason (although my implementation is rather lightweight - as in, 100% assembly.)

BrickWait doesn't really work without specific procedures regardless. I have no interest in fixing it. Nor will I be able to test it.

That said, I'm now going to proceed to ignore any and all feature requests for the rest of the week. Let me finish my games, damnit. I've just been rebooting and rebooting to get stuff working and I need a break.

 

[The Catboy]

I am going to try and break your chainloading

 

[chaoskagami]

I am going to try and break your chainloading

It's already established that the gateway payload breaks by Cerise, so just skip that one. ;P

 

[The Catboy]

It's already established that the gateway payload breaks by Cerise, so just skip that one. ;P

Party pooper, no cake for you (points to anyone who gets the reference)

 

[chaoskagami]

Party pooper, no cake for you (points to anyone who gets the reference)

*Readies crowbar*

(I'll be the first to admit I looked that one up.)

 

[3xkrazy]

Did Nintendo modify agb/native/twl firmwares? corbenik failed to load native firm so it shutdown. native/agb/twl and cetk were downloaded from the link provided in github. corbenik doesn't spit out a log when firmloading fails? @chaoskagami, can you confirm?

Downloaded ~24 hours ago:

[email protected] ~/Documents/3ds/dependencies/corbenik/firmware $ sha256sum *
acf38a9e35f59c50548f31e2a88c7928b5c1163e986e8993c0bddeff5e7d8936  agb-n3ds
86e0cd86fd964289128eaf2d26bc27dc447a46dec0448013d3b35a4f8c9284c5  native-n3ds
a5365b543fe3a2bc90df900423e053efe84c6c8787b05a6d6d2eea4fda15ccd5  twl-n3ds

Downloaded just now:

[email protected] ~/Documents/3ds/distfiles/corbenik/firmware $ sha256sum *
0afee6555dfb8bf54ab21bcd61f13a18275a9877179937c62ab263a3c94ce134  agb-n3ds
2a12a273f92a9fa35cc3aa59b6bfbd7659df0b11689e449d9a7e758624fd5df2  agb-o3ds
19410b1b7ce2202e79afbb90efd3660e79d73e8b799cde147e3309f0a8942e25  native-n3ds
d62a65a0177a066545f247204cdd05bfbba30f0393d5789e7810e1ac7b4d56e7  native-o3ds
376e24dfe1e89857a7d20f18c2b1540ff37767c0f2d5d03a274546ab98fcc650  twl-n3ds
e5c000b6bf7c53c114b2089a75b51742497d2188899b3b5170f1d875bffdca60  twl-o3ds

cetks match, but I'll just post it anyway:

[email protected] ~/Documents/3ds/dependencies/corbenik/keys $ sha256sum *
8bb9777686bdccff30e94dc65f2343f7412e3d6c1912e318da9f173596b9e898  11.key
50b6c4b0f4577fea558668206aea74c3d2b9c2df7fd0f7d51b4f4dbfba029e17  agb.cetk-n3ds
5c766ff6f97b070923244309ee403b7f96ae4f3aa3ee78ebfaef61c16ea91468  agb.key-n3ds
cf9d4b0f9aa91abba2a1b2df2e1010655a71091eb7a06bc4a23385a0c78cd63b  native.cetk-n3ds
2682cdda651d5822b05056a9dddaad19b4bac211376753b6d2e02e0b8cab6cf2  native.key-n3ds
4320c385957ce095c4de552c2c6acfb3159b314057cbb0cfe74288c0287abf8d  twl.cetk-n3ds
791e68d1ff68d87978ec0d6614807b8ab239df3516835029954cfd01326bf861  twl.key-n3ds

 

[chaoskagami]

Did Nintendo modify agb/native/twl firmwares? corbenik failed to load native firm so it shutdown. native/agb/twl and cetk were downloaded from the link provided in github. corbenik doesn't spit out a log when firmloading fails? @chaoskagami, can you confirm?

These are all correct. Corbenik decrypts in-place.

Downloaded ~24 hours ago:

[email protected] ~/Documents/3ds/dependencies/corbenik/firmware $ sha256sum *
acf38a9e35f59c50548f31e2a88c7928b5c1163e986e8993c0bddeff5e7d8936  agb-n3ds
86e0cd86fd964289128eaf2d26bc27dc447a46dec0448013d3b35a4f8c9284c5  native-n3ds
a5365b543fe3a2bc90df900423e053efe84c6c8787b05a6d6d2eea4fda15ccd5  twl-n3ds

These are fully decrypted sha256sums.

Downloaded just now:

[email protected] ~/Documents/3ds/distfiles/corbenik/firmware $ sha256sum *
0afee6555dfb8bf54ab21bcd61f13a18275a9877179937c62ab263a3c94ce134  agb-n3ds
2a12a273f92a9fa35cc3aa59b6bfbd7659df0b11689e449d9a7e758624fd5df2  agb-o3ds
19410b1b7ce2202e79afbb90efd3660e79d73e8b799cde147e3309f0a8942e25  native-n3ds
d62a65a0177a066545f247204cdd05bfbba30f0393d5789e7810e1ac7b4d56e7  native-o3ds
376e24dfe1e89857a7d20f18c2b1540ff37767c0f2d5d03a274546ab98fcc650  twl-n3ds
e5c000b6bf7c53c114b2089a75b51742497d2188899b3b5170f1d875bffdca60  twl-o3ds

These are encrypted CDN sha256sums.

No changes have occured.

 

[3xkrazy]

I forgot to turn on logging. I'll try again

 

[chaoskagami]

I forgot to turn on logging. I'll try again

You can also just open info if you suspect something is wrong with the loading, since info forces the firmware to load.

 

[3xkrazy]

These are all correct. Corbenik decrypts in-place.

Does this mean that I need to remove that post or i'll get in trouble?

 

[chaoskagami]

Does this mean that I need to remove that post or i'll get in trouble?

Sha256sums don't allow deriving the firmware keys without brute force of 16 bytes. Brute force will take a very long time to recover. You're fine.

In fact, I'd say to leave it, personally.

EDIT: To be clear, you have a firmkey for the native FIRM, correct? It's impossible to boot up with just a cetk and native.

(OT: You have good taste in OSes.)

 

[The Catboy]

So the shit I have tested and didn't break!
Decrypt9: Works! All functions work just fine
Emunand9: Works! All functions work just fine
Hourglass9: Works! All functions work just fine
Luma3DS (payloads set for the chain folder): Boots up, High memory games (MH4) Boots up and reboots (like it's suppose to.) GBA games: KH CoM: Boots, reboots like it's suppose. DS(i) patching: Works and reboots properly (R4i Gold Rev 7)
DSi non-legit games: (TWL Slot-1 launcher with R4i Gold Rev 7): Boots and reboots
ctrbootmanager9 hangs on "Chaining to copy payload) might just be my version that is an issue, but I don't see me using it anymore.
ReiNAND: Does not boot, just hands on black screen
CakesFW: Boots, all patches patches work since they load separately.

Might I suggest two things: One backgrounds for the main screen, if possible! Like how ctrbootmanager9 has themes.
And setting up the chain loading to a text file instead of in a folder, if possible

 

[chaoskagami]

So the shit I have tested and didn't break!
Decrypt9: Works! All functions work just fine
Emunand9: Works! All functions work just fine
Hourglass9: Works! All functions work just fine
Luma3DS (payloads set for the chain folder): Boots up, High memory games (MH4) Boots up and reboots (like it's suppose to.) GBA games: KH CoM: Boots, reboots like it's suppose. DS(i) patching: Works and reboots properly (R4i Gold Rev 7)
DSi non-legit games: (TWL Slot-1 launcher with R4i Gold Rev 7): Boots and reboots
ctrbootmanager9 hangs on "Chaining to copy payload) might just be my version that is an issue, but I don't see me using it anymore.
ReiNAND: Does not boot, just hands on black screen
CakesFW: Boots, all patches patches work since they load separately.

Might I suggest two things: One backgrounds for the main screen, if possible! Like how ctrbootmanager9 has themes.
And setting up the chain loading to a text file instead of in a folder, if possible

Backgrounds...maybe. Not on my priorities at the moment, but maybe.

Why do I need to configure it in a text file, may I ask? It automatically picks up everything in that folder. I don't see why a configuration file is needed. You can name the decrypt9 payload "Decrypt9" without an extension if you want, you know.

 

[The Catboy]

Backgrounds...maybe. Not on my priorities at the moment, but maybe.

Why do I need to configure it in a text file, may I ask? It automatically picks up everything in that folder. I don't see why a configuration file is needed. You can name the decrypt9 payload "Decrypt9" without an extension if you want, you know.

Or maybe a means to searching for files. Mostly because I have two CFW's that are payload specific (SaltFW and Mizuki) and editing their payloads seems to fail for more more than succeed.

 

[3xkrazy]

You can also just open info if you suspect something is wrong with the loading, since info forces the firmware to load.

Yea, that's exactly what I did. It boots fine after replacing corbenik/firmware and corbenik/keys with my backup from ~ 24 hours ago

hmmmmmm

commit 4fea7ff94d797673f85717617871fae9d7029d04
boot.log

[email protected] /run/media/hle/EMUNAND9SD/corbenik $ cat boot.log
Config file loaded.
Saving config...
FIRM load triggered.
NATIVE_FIRM
  [lkdne9]
  Failed to load NATIVE_FIRM.
Config file loaded.

Good thing I backed up that firmware and key folder.