Hacking I bricked with coldboothax and restored without hardmod : D

M

mchenzero

New Member
OP
Newbie
Level 1
Joined
Nov 15, 2016
Messages
1
Trophies
0
Age
36
XP
61
Country
Switzerland
I tried coldboothax on sunday night and, you know, got a reboot loop. If I had read someone already bricked I wouldn't have tried.

After figuring out why, I thought, ok, I have a rednand backup so the worst will be I'll play with rednand forever. But I still wanted to unbrick. I think it's possible because we have custom code execution in fw.img. So probably I can write some code to recover the system.xml file.

So I dived a little bit into fix94's iosuhax repo, trying to understand how to read/write files. But suddenly last night I got a better/easier idea. Since I have rednand working fine and the same haxchi vc game installed (no rom replaced), why not just redirecting mlc but keep accessing the original slc? In this way, I'll boot into the vc game inside redirected mlc, so it stops the reboot loop. Then I can connect to the wupserver, which has access to sysnand slc! And the best of all, I'll only need to comment out a few lines of code in dimok's iosuhax repo!

I went trying today and it worked as expected! Now I have my sysnand recovered!

Well, that's my story. This approach might not work for everyone who had bricked by trying coldboothax. But you know, we have custom code execution in fw.img so we can always recover somehow. Don't lose hope : )
 
  • Like
Reactions: CatmanFan, Kohmei, kingraa777 and 7 others
C

Chakratos

Well-Known Member
Member
Level 3
Joined
Aug 17, 2015
Messages
317
Trophies
0
Age
27
XP
347
Country
Germany
mchenzero said:
I tried coldboothax on sunday night and, you know, got a reboot loop. If I had read someone already bricked I wouldn't have tried.

After figuring out why, I thought, ok, I have a rednand backup so the worst will be I'll play with rednand forever. But I still wanted to unbrick. I think it's possible because we have custom code execution in fw.img. So probably I can write some code to recover the system.xml file.

So I dived a little bit into fix94's iosuhax repo, trying to understand how to read/write files. But suddenly last night I got a better/easier idea. Since I have rednand working fine and the same haxchi vc game installed (no rom replaced), why not just redirecting mlc but keep accessing the original slc? In this way, I'll boot into the vc game inside redirected mlc, so it stops the reboot loop. Then I can connect to the wupserver, which has access to sysnand slc! And the best of all, I'll only need to comment out a few lines of code in dimok's iosuhax repo!

I went trying today and it worked as expected! Now I have my sysnand recovered!

Well, that's my story. This approach might not work for everyone who had bricked by trying coldboothax. But you know, we have custom code execution in fw.img so we can always recover somehow. Don't lose hope : )
Click to expand...

I think "most" people bricked by entering wrong id's in the xml or inputting a title that isn't allowed to autoboot
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,650
Country
France
thank you for sharing your issue and how you fixed it.
We were talking about that loop issue yesterday, and @xtheman166 suggested to use fw.img to rewrite the system.xml too. I guess your solution is even easier, no need to write code to replace and edit the xml, you use WUP server yourself to replace the file.

of course it will work only on a reboot-loop case, not on full system.xml brick.

do you have more information how to patch dimok's version? which line to comments, etc.
or only tell it to users in need to fix their reboot-loop to prevent users sharing in the wild a modded version of fw.img with potential risk (thinking they are editing redNAND copy but still affect sysNAND)

edit:
@pwsincd, you might want to add it to your rip list, with a recover [:)]
 
  • Like
Reactions: CatmanFan and Chuardo
Ryccardo

Ryccardo

Penguin accelerator
Member
Level 17
Joined
Feb 13, 2015
Messages
7,696
Trophies
1
Age
28
Location
Imola
XP
6,916
Country
Italy
Untested, but it appears you can disable rednand by editing patches/0x10700000.s in cfw source -- it has nicely commented "this enables slc/mlc" parts :)
 
Ryccardo

Ryccardo

Penguin accelerator
Member
Level 17
Joined
Feb 13, 2015
Messages
7,696
Trophies
1
Age
28
Location
Imola
XP
6,916
Country
Italy
NexoCube said:
how you got code execution even if you bricked ?
Click to expand...
Well, he didn't really brick in the most common definition of the word, in fact actually he correctly set up coldboothax (losing the ability to run anything apart from that now-secondary-exploit DS game) and invented a way to remove coldboothax (which however requires being able to run rednand)!
 

Site & Scene News

Go to forum More news

Popular threads in this forum

A really, REALLY old browser exploit (for 5.3.2)?

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Watch videos on Wii U, offline, saved on SD?

Can you hack your wii u with something other than sd card

Pretendo not working with updated games?!

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Xdqwerty @ Xdqwerty:
  • K3Nv2 @ K3Nv2:
    https://youtu.be/_sJ79aDQTeQ?si=dCPYbyGhZ8OFK8nb
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=HlxH_Th3-LI
  • Xdqwerty @ Xdqwerty:
    good night
  • BakerMan @ BakerMan:
    as to you
  • K3Nv2 @ K3Nv2:
    How do you know if the night will be good when you're asleep
  • BakerMan @ BakerMan:
    because i didn't say i was asleep
  • BakerMan @ BakerMan:
    i said i was sleeping...
  • BakerMan @ BakerMan:
    sleeping with uremum
  • K3Nv2 @ K3Nv2:
    Even my mum slept on that uremum
  • TwoSpikedHands @ TwoSpikedHands:
    yall im torn... ive been hacking away at tales of phantasia GBA (the USA version) and have so many documents of reverse engineering i've done
  • TwoSpikedHands @ TwoSpikedHands:
    I just found out that the EU version is better in literally every way, better sound quality, better lighting, and there's even a patch someone made to make the text look nicer
  • TwoSpikedHands @ TwoSpikedHands:
    Do I restart now using what i've learned on the EU version since it's a better overall experience? or do I continue with the US version since that is what ive been using, and if someone decides to play my hack, it would most likely be that version?
  • Sicklyboy @ Sicklyboy:
    @TwoSpikedHands, I'll preface this with the fact that I know nothing about the game, but, I think it depends on what your goals are. Are you trying to make a definitive version of the game? You may want to refocus your efforts on the EU version then. Or, are you trying to make a better US version? In which case, the only way to make a better US version is to keep on plugging away at that one ;)
  • Sicklyboy @ Sicklyboy:
    I'm not familiar with the technicalities of the differences between the two versions, but I'm wondering if at least some of those differences are things that you could port over to the US version in your patch without having to include copyrighted assets from the EU version
  • TwoSpikedHands @ TwoSpikedHands:
    @Sicklyboy I am wanting to fully change the game and bend it to my will lol. I would like to eventually have the ability to add more characters, enemies, even have a completely different story if i wanted. I already have the ability to change the tilemaps in the US version, so I can basically make my own map and warp to it in game - so I'm pretty far into it!
  • TwoSpikedHands @ TwoSpikedHands:
    I really would like to make a hack that I would enjoy playing, and maybe other people would too. swapping to the EU version would also mean my US friends could not legally play it
  • TwoSpikedHands @ TwoSpikedHands:
    I am definitely considering porting over some of the EU features without using the actual ROM itself, tbh that would probably be the best way to go about it... but i'm sad that the voice acting is so.... not good on the US version. May not be a way around that though
  • TwoSpikedHands @ TwoSpikedHands:
    I appreciate the insight!
  • The Real Jdbye @ The Real Jdbye:
    @TwoSpikedHands just switch, all the knowledge you learned still applies and most of the code and assets should be the same anyway
  • The Real Jdbye @ The Real Jdbye:
    and realistically they wouldn't

    be able to play it legally anyway since they need a ROM and they probably don't have the means to dump it themselves
  • The Real Jdbye @ The Real Jdbye:
    why the shit does the shitbox randomly insert newlines in my messages
  • Veho @ Veho:
    It does that when I edit a post.
  • Veho @ Veho:
    It inserts a newline in a random spot.
  • The Real Jdbye @ The Real Jdbye:
    never had that i don't think
    The Real Jdbye @ The Real Jdbye: never had that i don't think