Hacking How can I hack 1.0.0-0U 3ds?

nastys

ナースティス
Member
Joined
Aug 5, 2014
Messages
1,730
Trophies
0
Age
26
Location
Earth
XP
1,794
Country
Italy
i just wonder renting a sky from shop and dump nand
and update system by rom would be a cheaper choice
Ninjhax requires a web browser in order to run, and you have none. Only online updates install the browser, so you can only dump the NAND via a hard-mod.
Use a cartridge to update to 4.x (better) or 6.x (cheaper, maybe).
 

SpencerlyEverly

Spencer Everly
Member
Joined
Nov 28, 2014
Messages
272
Trophies
0
Location
Central City, KY
Website
www.youtube.com
XP
1,059
Country
United States
Ninjhax requires a web browser in order to run, and you have none. Only online updates install the browser, so you can only dump the NAND via a hard-mod.
Use a cartridge to update to 4.x (better) or 6.x (cheaper, maybe).
I think people want to see the first-launch 1.0.0U juicy stuff rather than letting him update (It's not on Nintendo's CN), so...

Hard mod, it is. (I am NOT going to do the hard mod for him, because, I don't have the equipment and mind.)

Good luck on anyone that wants to help him do it! ;)
 

SpencerlyEverly

Spencer Everly
Member
Joined
Nov 28, 2014
Messages
272
Trophies
0
Location
Central City, KY
Website
www.youtube.com
XP
1,059
Country
United States
Some of you can't read can you.... I already posted a way to run arm9 code on 1.0.0 with just cubic ninja. It doesn't require a hard mod and if its anything like my 1.0.0E it won't have anything interesting on it... but still be nice to confirm that.
Huh, okay. :) Where could it be? Oh yeah, this:
You can use cubic ninja to exploit 1.0.0E its not very stable but its enough to get basic arm9 control (after a few retries). Scan http://i.imgur.com/7Q35Tuy.png and it will load the file load.bin into fcram at 0x23F00000 and start execution (size is limited to 0x3000 bytes)
I think everybody didn't really pay attention. :glare:

Oh well.
 

zoogie

playing around in the end of life
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,000
Country
Micronesia, Federated States of
Huh, okay. :) Where could it be? Oh yeah, this:

I think everybody didn't really pay attention. :glare:

Oh well.
Trouble is finding someone with CN and a 1.0 3ds. Both of them are rare these days. Together, they're rarer than a cat who sells insurance.
Then there's the issue of a 12K nand dumper not existing.
 

nastys

ナースティス
Member
Joined
Aug 5, 2014
Messages
1,730
Trophies
0
Age
26
Location
Earth
XP
1,794
Country
Italy
Some of you can't read can you.... I already posted a way to run arm9 code on 1.0.0 with just cubic ninja. It doesn't require a hard mod and if its anything like my 1.0.0E it won't have anything interesting on it... but still be nice to confirm that.
Sorry, I thought it required a browser ;)
 

xdrz

Well-Known Member
OP
Newcomer
Joined
Aug 8, 2015
Messages
45
Trophies
0
Age
27
XP
111
Country
Hong Kong
You can use cubic ninja to exploit 1.0.0E its not very stable but its enough to get basic arm9 control (after a few retries). Scan http://i.imgur.com/7Q35Tuy.png and it will load the file load.bin into fcram at 0x23F00000 and start execution (size is limited to 0x3000 bytes)

This is how to retrieve the framebuffer addresses:
*(volatile uint32_t*)0x80FFFEC = *(volatile uint32_t*)0x23FFFF18;
*(volatile uint32_t*)0x80FFFC0 = *(volatile uint32_t*)0x23FFFE00; // framebuffer 1 top left
*(volatile uint32_t*)0x80FFFC4 = *(volatile uint32_t*)0x23FFFE04; // framebuffer 2 top left
*(volatile uint32_t*)0x80FFFC8 = *(volatile uint32_t*)0x23FFFE08; // framebuffer 1 top right
*(volatile uint32_t*)0x80FFFCC = *(volatile uint32_t*)0x23FFFE0C; // framebuffer 2 top right
*(volatile uint32_t*)0x80FFFD0 = *(volatile uint32_t*)0x23FFFE10; // framebuffer 1 bottom
*(volatile uint32_t*)0x80FFFD4 = *(volatile uint32_t*)0x23FFFE14; // framebuffer 2 bottom
*(volatile uint32_t*)0x80FFFD8 = *(volatile uint32_t*)0x23FFFE18; // framebuffer select top
*(volatile uint32_t*)0x80FFFDC = *(volatile uint32_t*)0x23FFFE1C; // framebuffer select bottom

uint32_t topScreenSelect = *(volatile uint32_t*)0x080FFFD8;
uint8_t* topScreen_left = (uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC0 + 4*(topScreenSelect&1)));
uint8_t* topScreen_right = (uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC8 + 4*(topScreenSelect&1)));

uint32_t bottomScreenSelect = *(volatile uint32_t*)0x080FFFDC;
uint8_t* bottomScreen = (uint8_t*)(*(uint32_t*)0x080FFFD0 + 4*(bottomScreenSelect&1));
I have scaned the qr code in CN
and the upper screen blackened with no reply
what i the next step to dump the nand?
 

neobrain

-
Member
Joined
Apr 25, 2014
Messages
306
Trophies
0
XP
730
Country
In https://github.com/archshift/Decrypt9/blob/master/source/draw.h#L22 and https://github.com/archshift/Decrypt9/blob/master/source/draw.h#L17 , try replacing each of the four lines with

#define TOP_SCREEN0 ((uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC0 + 4*((*(volatile uint32_t*)0x080FFFD8)&1))))
#define BOT_SCREEN0 ((uint8_t*)(*(uint32_t*)0x080FFFD0 + 4*((*(volatile uint32_t*)0x080FFFDC)&1)))
#define TOP_SCREEN1 ((uint8_t*)(*(uint32_t*)((uint32_t)0x080FFFC8 + 4*((*(volatile uint32_t*)0x080FFFD8)&1))))
#define BOT_SCREEN1 BOT_SCREEN0

That should give you some screen output at least.
 

xdrz

Well-Known Member
OP
Newcomer
Joined
Aug 8, 2015
Messages
45
Trophies
0
Age
27
XP
111
Country
Hong Kong
sorry i can't get what is talking about,
how can i replace that and...
what should i do with these code?
I can't change anything on the website...
 

zoogie

playing around in the end of life
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,000
Country
Micronesia, Federated States of
Alright,
I have change the Decrypt9 code in the notepad but how to use it?
Compile it. But before you do that, you need to figure out how to pare down the binary from 55K to 12K.
Good luck with that if you're not an experienced programmer.
 

xdrz

Well-Known Member
OP
Newcomer
Joined
Aug 8, 2015
Messages
45
Trophies
0
Age
27
XP
111
Country
Hong Kong
Compile it. But before you do that, you need to figure out how to pare down the binary from 55K to 12K.
Good luck with that if you're not an experienced programmer.
HaHa...:wacko:
How to 'compile it? Any tool do I need? (Is it Brahma or devkitARM?)
And what is the 'binary'?
I am really getting lost:wacko:
 

xdrz

Well-Known Member
OP
Newcomer
Joined
Aug 8, 2015
Messages
45
Trophies
0
Age
27
XP
111
Country
Hong Kong
Run the makefile

But as Zoogie said, you need to make changes to the program. If you cant compile a program, theres no hope that you can get it to function like you want it to
it ask me to choose a program to run the 'makefile',
what should I choose?
btw I have download and install devkitPro, is it useful?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Goku likes to flip the bean to get others healthy