Hacking Official Corbenik - Another CFW for advanced users (with bytecode patches!)

[chaoskagami]

Yea, that's exactly what I did. It boots fine after replacing corbenik/firmware and corbenik/keys with my backup from ~ 24 hours ago

hmmmmmm

commit 4fea7ff94d797673f85717617871fae9d7029d04
boot.log

[email protected] /run/media/hle/EMUNAND9SD/corbenik $ cat boot.log
Config file loaded.
Saving config...
FIRM load triggered.
NATIVE_FIRM
  [lkdne9]
  Failed to load NATIVE_FIRM.
Config file loaded.

Good thing I backed up that firmware and key folder.

You're missing either /corbenik/keys/11.key or /slot0x11key96.bin. It's failing to decrypt the arm9 segment.

 

[Temptress Cerise]

So the shit I have tested and didn't break!
Decrypt9: Works! All functions work just fine
Emunand9: Works! All functions work just fine
Hourglass9: Works! All functions work just fine
Luma3DS (payloads set for the chain folder): Boots up, High memory games (MH4) Boots up and reboots (like it's suppose to.) GBA games: KH CoM: Boots, reboots like it's suppose. DS(i) patching: Works and reboots properly (R4i Gold Rev 7)
DSi non-legit games: (TWL Slot-1 launcher with R4i Gold Rev 7): Boots and reboots
ctrbootmanager9 hangs on "Chaining to copy payload) might just be my version that is an issue, but I don't see me using it anymore.
ReiNAND: Does not boot, just hands on black screen
CakesFW: Boots, all patches patches work since they load separately.

Might I suggest two things: One backgrounds for the main screen, if possible! Like how ctrbootmanager9 has themes.
And setting up the chain loading to a text file instead of in a folder, if possible

I am actually using no-screen-init v1 A9LH. However, I used this branch of CtrBootManager9.
Link: https://github.com/OperationNT414C/CtrBootManager/releases

Other stuff tested on my setup. Decrypt9, Emunand9, Hourglass9, GodMode9//SafeMode9, OTPHelper, Uncart.

Edit: These all worked. BrickWay was the only thing that didn't work in my testing.

I have an N3DS with v2 screen-init A9LH, and my other o3DS are on screen-init v1 A9LH, but I didn't want to test on each one.

 

[3xkrazy]

You're missing either /corbenik/keys/11.key

Indeed.

 

[The Catboy]

I am actually using no-screen-init v1 A9LH. However, I used this branch of CtrBootManager9.
Link: https://github.com/OperationNT414C/CtrBootManager/releases

Other stuff tested on my setup. Decrypt9, Emunand9, Hourglass9, GodMode9//SafeMode9, OTPHelper, Uncart.

Edit: These all worked. BrickWay was the only thing that didn't work in my testing.

I have an N3DS with v2 screen-init A9LH, and my other o3DS are on screen-init v1 A9LH, but I didn't want to test on each one.

That just boots right back to the main screen, qq
Honestly, if I can just get this working, I will be happy. I hardly boot into those CFW's, I most use them for testing nowadays.
EDIT: Got ReiNAND working. turned out my build was just broken.

 

[Temptress Cerise]

That just boots right back to the main screen, qq

Odd. I am using the latest 2.0 release of that branch. Though this is on a v1 no-screen-init A9LH branch.

Ugh. I guess I should go test with my other systems. I just so lazy and tired right now. And my N3DS still has a 4GB microSD card. LOL. I need to get a bigger one sometime next week.

 

[The Catboy]

Odd. I am using the latest 2.0 release of that branch. Though this is on a v1 no-screen-init A9LH branch.

Ugh. I guess I should go test with my other systems. I just so lazy and tired right now. And my N3DS still has a 4GB microSD card. LOL. I need to get a bigger one sometime next week.

I am running ShadowNAND A9LH build with old3DS, 64GB Class10 MicroSD card.

 

[chaoskagami]

Or maybe a means to searching for files. Mostly because I have two CFW's that are payload specific (SaltFW and Mizuki) and editing their payloads seems to fail for more more than succeed.

That's error prone. I can implement a pathchanger, but it's more than likely to hit false positives.

I really wish we had argv/argc with argv[0] set to the payload file. That should be a gold standard instead of all these pathchangers which are subject to random heuristic failures.

EDIT: I have one n3DS with delebile screeninit v1 and one with AuroraWright screeninit v2 (pre-latest commit) Both use semi-failing 128GB cards.

 

[The Catboy]

That's error prone. I can implement a pathchanger, but it's more than likely to hit false positives.

I really wish we had argv/argc with argv[0] set to the payload file. That should be a gold standard instead of all these pathchangers which are subject to random heuristic failures.

Honestly, I am only clinging to it because it's the easiest way to boot into those CFW's with payload specific paths, I could just BootCtr9 to boot into those. I will test it out!
Since Corbenik has been released, it's honestly overtook pretty much all CFW's I use.

 

[The Catboy]

I hate double posting, but I would like to report that launching CtrBootManager9 through BootCTR9 only resulted in the same issue. Which made me stare at my screen like this ಠ_ಠ.
But then I realised that I could still launch them through BootCTR9. So I set up the keys to launch those CFW's and they worked! All features included!
Moral of the story, CtrBootManager9 is a butt, use BootCTR9, it works.

 

[Temptress Cerise]

Alright, even though I am mostly dead. I went ahead and tested the chainloader on 2 more of my systems.

o3DS + 32GB Class10 SD Card + v1 A9LH (no-screen-init)
o3DS + 32GB Class10 SD Card + v1 A9LH (screen-init)
N3DS + 4GB Class4 MicroSD Card + v2 A9LH (screen-init)
Works: CtrBootManager9, Decrypt9WIP, EmuNAND9, GodMode9//SafeMode9, Hourglass9, Luma3DS, OTPHelper, SafeMode9, Uncart.
CtrBootManager9 used - Latest 2.0 Release
https://github.com/OperationNT414C/CtrBootManager/releases

Doesn't Work: As mentioned before BrickWay doesn't work.

 

[The Catboy]

Alright, even though I am mostly dead. I went ahead and tested the chainloader on 2 more of my systems.

o3DS + 32GB Class10 SD Card + v1 A9LH (no-screen-init)
o3DS + 32GB Class10 SD Card + v1 A9LH (screen-init)
N3DS + 4GB Class4 MicroSD Card + v2 A9LH (screen-init)
Works: CtrBootManager9, Decrypt9WIP, EmuNAND9, GodMode9//SafeMode9, Hourglass9, Luma3DS, OTPHelper, SafeMode9, Uncart.
CtrBootManager9 used - Latest 2.0 Release
https://github.com/OperationNT414C/CtrBootManager/releases

Doesn't Work: As mentioned before BrickWay doesn't work.

It might be my A9LH build. Either way, I am happy to report I got the CFW's I wanted to working to work through BootCTR9. Which also loads perfectly through Corbenik's chainload.

 

[3xkrazy]

This CFW is gold -- modular, very informative, geeky looking, and definitely my cakesfw replacement . Awesome work!

 

[Temptress Cerise]

EDIT: I have one n3DS with delebile screeninit v1 and one with AuroraWright screeninit v2 (pre-latest commit) Both use semi-failing 128GB cards.

You should get those replaced. lol.

It might be my A9LH build. Either way, I am happy to report I got the CFW's I wanted to working to work through BootCTR9. Which also loads perfectly through Corbenik's chainload.

I'll actually be using BootCTR9 into BootAnim9 into Corbenik as my default. With CtrBootManager9 on a key press. Since watching my animations play just to load another payload is going to get annoying real quick. lol

But yeah, this is best CFW~ <3 I use Luma3DS only at this point to help noobs out and to help them troubleshoot.

 

[chaoskagami]

You should get those replaced. lol.

If only I had the money for that...there's a very good reason I use mostly OSS software.

 

[The Catboy]

You should get those replaced. lol.


I'll actually be using BootCTR9 into BootAnim9 into Corbenik as my default. With CtrBootManager9 on a key press. Since watching my animations play just to load another payload is going to get annoying real quick. lol

But yeah, this is best CFW~ <3 I use Luma3DS only at this point to help noobs out and to help them troubleshoot.

I only used CtrBootManager9 because it was there and I was used it. But with Corbenik adding chainloading, I replaced the "arm9loaderhax.bin" for CtrBootManager9 with the "arm9loaderhax.bin" from Corbenik. I seriously no reason to keep using CtrBootManager9, with Corbenik being this amazing!
I still have my other CFW's, but mostly for testing and because I enjoy having them, but Corbenik has seriously overtaken everything else as my main!

 

[chaoskagami]

I only used CtrBootManager9 because it was there and I was used it. But with Corbenik adding chainloading, I replaced the "arm9loaderhax.bin" for CtrBootManager9 with the "arm9loaderhax.bin" from Corbenik. I seriously no reason to keep using CtrBootManager9, with Corbenik being this amazing!
I still have my other CFW's, but mostly for testing and because I enjoy having them, but Corbenik has seriously overtaken everything else as my main!

I'm actually kind of honored.

 

[Svaethier]

Corbenik is seriously starting to become even better than some of the cfws out there in my opinion

 

[chaoskagami]

Latest commit includes argc, argv passing. I can only hope my other topic doesn't fall on dead ears, because this would 100% resolve the path changing issues.

You can boot git Corbenik via its own chainloader for a demo of how this would work.

 

[Kirtai]

Sha256sums don't allow deriving the firmware keys without brute force of 16 bytes. Brute force will take a very long time to recover. You're fine.

In fact, I'd say to leave it, personally.

I gave the SHA1 hashes for all the firmware and key files earlier a few pages back. Hope that's ok.

Since watching my animations play just to load another payload is going to get annoying real quick. lol

You should be able to interrupt the animation by pressing start or select.

 

[chaoskagami]

I gave the SHA1 hashes for all the firmware and key files earlier a few pages back. Hope that's ok.

You should be able to interrupt the animation by pressing start or select.

He gave sha256 hashes. No harm in having multiple types. Double security!

And like I said - it's infeasible to brute force. If he had provided an MD5, on the other hand...I'd say to pull it. MD5 is a broken algorithm, especially with small inputs.