Tutorial
Updated
[howto] Download and install Ironfall on system versions 9.0-9.2 using PastaCFW
Hi,
I spent almost two hours on this earlier today, so I figured I'd spare others the effort and provide some pointers for people in a similar situation like me.
Background: smea will release a new way to run ARM11 userland homebrew on the 3DS using a game called Ironfall ( https://twitter.com/smealum/status/627282448343171072 ), which is available for free on the eshop. This new approach will still require Cubic Ninja, but only once for installation instead of each time the system is booted. This is useful for a number of reasons, one being that it will probably make it easier to obtain a CN cartridge for one-time use. A drawback is that accessing the eshop normally requires being on the latest system version, and as most of you will know so far no total-control exploits are publicly known for system versions more recent than 9.2.
IMPORTANT NOTES:
- The exploit is not yet public, but chances are Ironfall might be taken down from the eshop before the exploit goes live, so you should get the game ASAP.
- Don't get rid of your Cubic Ninja cartridge yet, because it will be required for the installation of the exploit.
- Any of the "facts" I'm presenting about the yet-unpublished exploit may as well be humbug. I don't have any "insider-information", but you can see for yourself how likely any of them are by reading smea's tweets. In particular, it's not clear whether Ironhax will be supported on anything earlier than 9.9. There's no harm in getting the game before it gets taken down anyway, though, even if Ironhax ends up not being compatible with your system version.
How to:
- Get Cubic Ninja if you haven't already. You'll eventually need it for the exploit installation anyway. Install Ninjhax (any version).
- Get the "CFW" PastaCFW (it's not really a CFW, but whatever, it'll be useful regardless)
- Get the FBI CIA installer
- Get the Free multi patcher
- Copy Pasta, FBI and FMP to your 3DS SD card. Alternatively to physically accessing the SD card, you can use ftbrony to transfer the files over network to your 3DS.
- Run Ninjhax and start PastaCFW. This will reboot the system with patched out signature-checks.
- Re-run Ninjhax (without rebooting the system manually!) and start FBI. Navigate to the FMP CIA on your SD card and install it. There should be no error message. Return to hbmenu by pressing START.
- Run PastaCFW again to reboot the system while keeping the signature checks disabled.
- Your home menu should now have a new icon for FMP. Select and run FMP to enable eshop spoofing.
- Return to the home menu, start the eshop. Download Ironfall.
Hint: Once installation is complete, you can dump and decrypt the Ironfall title from your 3DS:
- Downloading Decrypt9 (TODO: link)
- Downloading Brahma (TODO: link)
- Start Brahma through Ninjhax. Start Decrypt9 through Brahma. Press R to "Dump NAND" (to save some SD space, you can also just dump the "NAND partition", but all offsets given in the following will refer to "Dump NAND").
- Transfer the resulting NAND.bin to your computer.
- Use Decrypt9 to create a FAT16 xorpad. Apply it to your NAND.bin dump and extract the file "nand:/private/movable.sed".
- Dump the SD card's "Nintendo 3DS" folder to your 3ds (from the title subdirectory, only the 00040000/0015b100 (EUR!) subsubfolder is needed
- Run Decrypt9's sdinfo_gen.py on the Nintendo 3DS folder. Start Decrypt9 and select "SD padgen". This will generate a number of xorpads on your SD card. Copy all the ones starting with "title.00040000.0015b100." to your computer (should be 5 files in total).
- Apply the xorpads to the corresponding encrypted files. In particular, 00000000.app should be interesting.
- Run ncchinfo_gen.py on the decrypted game, copy ncchinfo.bin to your 3DS's SD card and generate xorpads on it via Decrypt9.
- Apply the resulting xorpads to decrypt the second encryption layer.
- Congratulations, you've got a decrypted Ironfall dump now!
My hope is to find a way to find a way to install an Ironfall dump on a 3DS even without signature patching and stuff. This would allow to install it on any 3DS even if it ever gets removed from the eshop.
Hope this helps some people get started.
I spent almost two hours on this earlier today, so I figured I'd spare others the effort and provide some pointers for people in a similar situation like me.
Background: smea will release a new way to run ARM11 userland homebrew on the 3DS using a game called Ironfall ( https://twitter.com/smealum/status/627282448343171072 ), which is available for free on the eshop. This new approach will still require Cubic Ninja, but only once for installation instead of each time the system is booted. This is useful for a number of reasons, one being that it will probably make it easier to obtain a CN cartridge for one-time use. A drawback is that accessing the eshop normally requires being on the latest system version, and as most of you will know so far no total-control exploits are publicly known for system versions more recent than 9.2.
IMPORTANT NOTES:
- The exploit is not yet public, but chances are Ironfall might be taken down from the eshop before the exploit goes live, so you should get the game ASAP.
- Don't get rid of your Cubic Ninja cartridge yet, because it will be required for the installation of the exploit.
- Any of the "facts" I'm presenting about the yet-unpublished exploit may as well be humbug. I don't have any "insider-information", but you can see for yourself how likely any of them are by reading smea's tweets. In particular, it's not clear whether Ironhax will be supported on anything earlier than 9.9. There's no harm in getting the game before it gets taken down anyway, though, even if Ironhax ends up not being compatible with your system version.
How to:
- Get Cubic Ninja if you haven't already. You'll eventually need it for the exploit installation anyway. Install Ninjhax (any version).
- Get the "CFW" PastaCFW (it's not really a CFW, but whatever, it'll be useful regardless)
- Get the FBI CIA installer
- Get the Free multi patcher
- Copy Pasta, FBI and FMP to your 3DS SD card. Alternatively to physically accessing the SD card, you can use ftbrony to transfer the files over network to your 3DS.
- Run Ninjhax and start PastaCFW. This will reboot the system with patched out signature-checks.
- Re-run Ninjhax (without rebooting the system manually!) and start FBI. Navigate to the FMP CIA on your SD card and install it. There should be no error message. Return to hbmenu by pressing START.
- Run PastaCFW again to reboot the system while keeping the signature checks disabled.
- Your home menu should now have a new icon for FMP. Select and run FMP to enable eshop spoofing.
- Return to the home menu, start the eshop. Download Ironfall.
Hint: Once installation is complete, you can dump and decrypt the Ironfall title from your 3DS:
- Downloading Decrypt9 (TODO: link)
- Downloading Brahma (TODO: link)
- Start Brahma through Ninjhax. Start Decrypt9 through Brahma. Press R to "Dump NAND" (to save some SD space, you can also just dump the "NAND partition", but all offsets given in the following will refer to "Dump NAND").
- Transfer the resulting NAND.bin to your computer.
- Use Decrypt9 to create a FAT16 xorpad. Apply it to your NAND.bin dump and extract the file "nand:/private/movable.sed".
- Dump the SD card's "Nintendo 3DS" folder to your 3ds (from the title subdirectory, only the 00040000/0015b100 (EUR!) subsubfolder is needed
- Run Decrypt9's sdinfo_gen.py on the Nintendo 3DS folder. Start Decrypt9 and select "SD padgen". This will generate a number of xorpads on your SD card. Copy all the ones starting with "title.00040000.0015b100." to your computer (should be 5 files in total).
- Apply the xorpads to the corresponding encrypted files. In particular, 00000000.app should be interesting.
- Run ncchinfo_gen.py on the decrypted game, copy ncchinfo.bin to your 3DS's SD card and generate xorpads on it via Decrypt9.
- Apply the resulting xorpads to decrypt the second encryption layer.
- Congratulations, you've got a decrypted Ironfall dump now!
My hope is to find a way to find a way to install an Ironfall dump on a 3DS even without signature patching and stuff. This would allow to install it on any 3DS even if it ever gets removed from the eshop.
Hope this helps some people get started.
Last edited by neobrain,
