Factory NATIVE_FIRM info.

Discussion in '3DS - Homebrew Development and Emulators' started by PabloMK7, May 2, 2016.

  1. PabloMK7
    OP

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    994
    Feb 21, 2014
    World -1
    So recently, a ncch with TID: 0004000100000002 came into my hands. It is the factory NATIVE_FIRM. I extracted the FIRM partition from the exefs and checked for the hashes. They match! So we got a Factory firmware. I tried launching it with Luma3DS, but crashed with the attached crash dump. I also noticed that the block 0x920-0x11FF is filled with "FF" bytes :unsure:, that is strange as other firms doesn't have that block. So is this firm possible to launch with Luma3DS? (I can't share it because GBAtemp rules)
     

    Attached Files:



  2. Suiginou

    Suiginou (null)

    Member
    565
    588
    Jun 26, 2012
    Gambia, The
    pc + 8
    1. A firmware consists of more than one title.
    2. O3DS factory titles all have TID high 00040001. Factory NATIVE_FIRM will look for dependencies and titles with the same TID high. It won't be able to do anything with your setup as-is.
    3. You can't just launch a FIRM like that. You'd need a proper reboot into a different FIRM, which will only hang until you have at least the menu it boots (probably TestMenu) and all of its dependencies.
     
  3. PabloMK7
    OP

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    994
    Feb 21, 2014
    World -1
    You mean all of those?
    [​IMG]
    The problem is I can't go past Luma3DS.
    I have also checked that FIRM modules (pm, fs, cxi, etc) are in the FIRM I got.
     
    Last edited by PabloMK7, May 2, 2016
  4. Suiginou

    Suiginou (null)

    Member
    565
    588
    Jun 26, 2012
    Gambia, The
    pc + 8
    More. Presumably at least these, and all of them need to pass hash checks (and possibly ticket checks -- some units apparently don't ship with tickets for factory titles):

    0004000100000002 - f_native
    (0004000100000102 - f_twl -- not sure if there's a dep)
    (0004000100000202 - f_agb -- same)
    0004000100001502 - am
    0004000100001602 - camera
    0004000100001702 - cfg
    0004000100001802 - codec
    (0004000100001902 - dmnt -- same)
    0004000100001a02 - dsp
    0004000100001b02 - gpio
    0004000100001c02 - gsp
    0004000100001d02 - hid
    0004000100001e02 - i2c
    0004000100001f02 - mcu
    0004000100002002 - mic
    0004000100002102 - pdn
    0004000100002202 - ptm
    0004000100002302 - spi
    0004000100002402 - ac
    0004000100002602 - streetpass sysmodule
    0004000100002702 - csnd
    0004000100002802 - dlp
    0004000100002902 - http
    0004000100002a02 - mp
    0004000100002b02 - ndm
    0004000100002c02 - nim
    0004000100002d02 - nwm
    0004000100002e02 - soc
    0004000100002f02 - ssl
    0004000100003102 - ps
    0004000100003202 - friends
    0004000100003302 - ir
    0004000100003402 - boss
    0004000100008002 - ns
    0004000100008102 - TestMenu
    0004000100008a02 - DevErrDi

    Also, 176F00 is probably a Tri Force Heroes update or something, not a factory title

    And again, I have no idea how you're launching your FIRM, but if you're not doing it with ns:s#LaunchApplicationFIRM or ns:s#LaunchFIRM (too lazy to read up which one is the correct one), you're presumably doomed to failure.
     
    Last edited by Suiginou, May 2, 2016
    Tomato Hentai likes this.
  5. PabloMK7
    OP

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    994
    Feb 21, 2014
    World -1
    Except gba_f, they have correct hashes. I need help with making the firm launch tho.
     
  6. MassExplosion213
    This message by MassExplosion213 has been removed from public view by Sicklyboy, May 4, 2016.
    May 2, 2016
  7. Clector

    Clector GBAtemp Advanced Fan

    Member
    954
    228
    Mar 15, 2016
    Bangladesh
    Not here
    Also, what units don't ship with tickets for factory titles?
     
    cearp likes this.
  8. chaojimbo

    chaojimbo Advanced Member

    Newcomer
    97
    22
    Aug 25, 2015
    United States
    California
    I'm curious as to what the importance about all of this is. o:
     
    cearp likes this.
  9. Ghost Liberator

    Ghost Liberator Advanced Member

    Newcomer
    82
    79
    Apr 5, 2016
    Cote d'Ivoire
    The South American Texas :p
    Replying the thread to stay updated with it, i'm interested in see what comes
     
  10. Link_of_Hyrule

    Link_of_Hyrule GBAtemp Fan

    Member
    451
    133
    Jun 28, 2008
    United States
    Hyrule
    We already have pretty low level access not sure what would happen by using these.
     
  11. MassExplosion213

    MassExplosion213 .

    Member
    1,409
    953
    Feb 15, 2015
    United States
    Well, tickets are "deleted" by CTRAging. It doesn't always delete stuff right, hence the titles just now surfacing. Our group had to recover the ticket from one 3DS and the tmd and .app from another. Good news is, if built with the factory ticket, it's a legit CIA.

    — Posts automatically merged - Please don't double post! —

    Also, in responce to this, DevErrDisp is usually unrecoverable due to the ticket being overwritten
     
  12. PabloMK7
    OP

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    994
    Feb 21, 2014
    World -1
    nvm :P
     

    Attached Files:

    Last edited by PabloMK7, May 3, 2016
    I pwned U! likes this.
  13. dankzegriefer

    dankzegriefer GBAtemp Advanced Fan

    Member
    829
    437
    Aug 19, 2015
    United States
    What's your CFW?
     
  14. PabloMK7
    OP

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    994
    Feb 21, 2014
    World -1
    I just noticed I had dev features enabled in Luma 3DS :P
     
  15. dankzegriefer

    dankzegriefer GBAtemp Advanced Fan

    Member
    829
    437
    Aug 19, 2015
    United States
    Yeah, that's an effect of Dev Features.
     
  16. YamiHoshi.nl

    YamiHoshi.nl I'm MKGirlism.

    Member
    671
    274
    May 23, 2011
    Tokyo
    I already answered it on DSHack.org, but just so others can see it:

    Code:
    Level        LEVEL_PERMANENT (リトライできないプログラム エラーです。)
    Summary        SUMMARY_NOT_SUPPORTED (対応していない操作です。)
    Module        MODULE_APPLICATION
    Description    DESCRIPTION_OUT_OF_MEMORY (1011)
    Brief        メモリが足りません。
    Long story short: Insufficient RAM.
     
    Arubaro likes this.
  17. PabloMK7
    OP

    PabloMK7 Red Yoshi! ^ω^

    Member
    1,711
    994
    Feb 21, 2014
    World -1
    Well, it is an intentional crash :P
     
  18. Slattz

    Slattz Easygoing Fairy

    Member
    1,098
    1,179
    Nov 21, 2015
    Ireland
    Can I ask what is special about the factory firm compared to other firms?
     
    Dracari, cearp and Tomato Hentai like this.
  19. kje123

    kje123 this title is false

    Member
    385
    229
    Aug 9, 2015
    United States
    Seattle
    I'm not an expert, but I believe the factory firm has a blank ticket that allows you to install anything, as well as access to modify/back up the NAND without a hardmod.
     
  20. cearp

    cearp the ticket master

    Member
    7,405
    4,658
    May 26, 2008
    Tuvalu
    my pirate senses are tingling
     
    MajinCubyan likes this.
  21. kje123

    kje123 this title is false

    Member
    385
    229
    Aug 9, 2015
    United States
    Seattle
    No, that's just what I remember from previous times it was brought up.
     
    cearp likes this.