Hacking Pasta CFW - A CFW that allows unsigned CIA to be installed on Old and New 3DS! (required ninjhax)

[powersaver]

Peoples, chill. All I'm sayin is it will be a while before PastaCFW can be launched on 9.2 via MSET and/or Spider. I don't *know* this for sure, however all evidence points to this.

Stop being a dick or leave the thread.

Also, Alberto and I were looking more into region free, guys. He said he is going to test an idea, and we will see where everything goes. Seems as if there may have been a silly error in the code.

 

[miguel231991]

As is to release the new version of pasta?

 

[Crusard]

As is to release the new version of pasta?

when it's ready XD (i can't use Soon because it's a trade mark XD)

 

[miguel231991]

jajajajajaj, ya ya, I think you and I go

 

[Ambassador]

 

[davhuit]

I'd prefer not to have to send my device through the mail, I'll try out and seek some guys on Logic-Sunrise but I'm not very sure if the techs out there do this kind of things.

I'm from France, @gamesquest1 did mine and didn't got any problem. If you don't mind the cost, you can also get an insurance for the package, if you fear it to be lost during the shipping.

I sent mine without one (just a tracking number), took 3 days to reach England, and 3 days to go back to France.

 

[leerz]

Has anyone else looked more at implementing region free? Seeing as how nop90 is hard at work on the spider entry-point and is much deeper than I am, I am trying to find something to fiddle with. Once I get my copy of Cubic, I can start again.

u32 pad_state = HidWaitForInput();
    if (pad_state & BUTTON_B) DrawDebug(1,"Skipping...");
    else {
        u32 bytesWritten = 0;
        u32 currentWritten = 0;
        u32 result = 0;
        u32 currentSize = 0;
        void *dumpAddr = (void*)0x08000000;
        u32 fullSize = 0x00100000;
        u8 patch6[] = { 0x00, 0x7f, 0xff, 0xff }; //; Region Free: 0x7f ff ff ff
        u32 *dest1 = 0x08058804; ///[R4,#0x18]; //; Region Lockout: 0x2018
        memcpy(dest1, patch6, 4);
        const u32 chunkSize = 0x10000;

EDIT: Can't take credit for the additions. They were added by @leerz.

mehh, I've been trying to make it work, and not too sure if that is the right address,
0x08058804 is not the addr, it is a sigcheck offset for new 3ds, https://github.com/capito27/Pasta-CFW/blob/master/CFW_loader/source/main.c#L132

I just copied the sample line cos I'm unsure how to get the proper offset 0x2018 converted;
offsets for the cfw sigchecks are somewhere around 0x08058804; and 0x2018 is far from it, so it seem to be unrelated.

reading 3dbrew, the HM checks for the regions of the titles; ygw and region3/4 bypasses this by booting directly the gamecard, hence it avoids the HM check.

you can see this by observing region4 and ygw automatically booting the gamecard, instead of going back to HM and making the out of region gamecard show in the HM.

I'm having problems making rxtools to load so I can test and see if the rf patch makes the gamecard visible from HM.
if that works; it's just a matter of understanding the right offset for the RF patch.

3dbrew says the offsets for rf and little endian; but I'm just guessing here since I don't know much about the inner workings.

    Debug("Patching RF...");
   //test offset1 
    u8 patch6[] = { 0x00, 0x7f, 0xff, 0xff }; //; Nintendo defines region free as 0x7f ff ff ff
    u32 *dest9 = 0x20180000; ///[R4,#0x18] ; //patch region lockout (offset 0x2018), not sure if this is the right offset
    memcpy(dest9, patch6, 4);   
      //test offset1
    u32 *dest10 = 0x00001820; ///[R4,#0x18] ; //patch region lockout (offset 0x2018), not sure if this is the right offset
    memcpy(dest10, patch6, 4);

I probably have the wrong offset so it doesn't work, again this is just my brief guesswork, buuuuut.. I probably don't know what I'm doing hehe.

 

[Gadorach]

We don't need anymore NAND dump of a not booted N3DS.
However, we now need people with hard-mod on their N3DS, never booted or not.
Will you join?

OF COURSE, EXPLOITABLE FIRMWARE IS REQUIRED.

I have a 2DS, 3DS, 3DS XL, and N3DS XL. I've personally NAND-Modded the 2DS, and I'm more than willing to NAND-Mod the N3DS XL. All are on exploitable firmware from the US region. If you need something tested, just let me know. I can NAND-Mod them all if it comes down to it, ha ha.

 

[Kuifa]

What are the most important useful CIA to install excluding games?

1. DevMenu/BigBlueMenu/FBI (CIA installer)
2. SaveDataFilter (Backup save data) Is this even safe to install?

And that's it?

 

[EmceeKerser]

What are the most important CIA to install excluding games?

1. DevMenu/Big Blue Menu/FBI (CIA installer)
2. SaveDataFilter (Backup save data) Is this even safe to install?

And that's it?

I also have CHMM and the microSD manager

 

[Gadorach]

What are the most important useful CIA to install excluding games?

1. DevMenu/BigBlueMenu/FBI (CIA installer)
2. SaveDataFilter (Backup save data) Is this even safe to install?

And that's it?

And, of course, the NIM eShop patcher and Region-Free cart launcher for Pasta. Can't forget those, ha ha

 

[hairyfairy]

    Debug("Patching RF...");
   //test offset1
    u8 patch6[] = { 0x00, 0x7f, 0xff, 0xff }; //; Nintendo defines region free as 0x7f ff ff ff
    u32 *dest9 = 0x20180000; ///[R4,#0x18] ; //patch region lockout (offset 0x2018), not sure if this is the right offset
    memcpy(dest9, patch6, 4);
      //test offset1
    u32 *dest10 = 0x00001820; ///[R4,#0x18] ; //patch region lockout (offset 0x2018), not sure if this is the right offset
    memcpy(dest10, patch6, 4);

I probably have the wrong offset so it doesn't work, again this is just my brief guesswork, buuuuut.. I probably don't know what I'm doing hehe.

hi,

not sure what code it is that you're trying to patch since i do not possess memory dumps of my 3ds yet but the patch itself seems to be insufficient (i can tell since i'm pretty familiar with ARM assembly).

so say you're trying to patch code which gets the region id from offset 0x18 of a structure into a certain register, you'd need to replace the original code with code that moves 0x7fffffff into the very same register. instead of more or less blindly trying this from arm9, which may brick your 3ds and thus makes the whole process tedious, i would grab a DS or GBA emulator that supports both assembling, disassembling and debugging. this way you could assemble your ARM code, test and debug it before blindly trying things on real hardware.

maybe no$gba is able to do all that (no need for 3ds support, it's just about testing and verifying the assembly hacks). let me know if you have any questions

edit: check out http://www.toves.org/books/arm/ for some basics or simply google for arm assembly basics. it's no magic and really not that difficult to learn, i'm very comvinced you can do it if you want!

 

[zoogie]

u8 patch6[] = { 0x00, 0x7f, 0xff, 0xff }; //; Nintendo defines region free as 0x7f ff ff ff

0x007fffff != 0x7fffffff

That's one glaring problem.
Endianness is another.

 

[thekarter104]

I just found another way to update to 9.2 without sysUpdater incase you don't want to take the risk with sysUpdater.
It worked with a CIA!!!

Here's how I suddenly discovered it:

I'm on 4.5
Wanted to play Mario Kart 7 with a friend and he's on 9.2.
He was using a legit CIA of MK7. I went to 3DS download play just like normal.
Found his room he created in Mario Kart 7
Suddenly a popup asked me if I wanted to update to 9.2!

Ofcourse I didn't because:
1. I don't have Cubic Ninja.
2. I have the patience to wait for firmware spoof Pasta CFW to play games that require higher than 7.x

 

[Slushie3DS]

I just found another way to update to 9.2 without sysUpdater incase you don't want to take the risk with sysUpdater.
It worked with a CIA!!!

Here's how I suddenly discovered it:

I'm on 4.5
Wanted to play Mario Kart 7 a friend and he's on 9.2.
He was using a legit CIA of MK7. I went to 3DS download play just like normal.
Found his room he created in Mario Kart 7
Suddenly a popup asked me if I wanted to update to 9.2!

Ofcourse I didn't because:
1. I don't have Cubic Ninja.
2. I have the patience to wait for firmware spoof Pasta CFW to play games that require higher than 7.x

I'm going to assume he was on firmware 9.2 because I'm fairly certain that MK7 does not have that firmware dependency.

 

[Domino101]

Can this CFW run the Smash Bros - US .CIA?

i was told many times that it has to be legit, an i have yet to find a legit Ssb for us region, and im still looking up to this date, if you get one can you share the link please

 

[Scarlet]

I'm going to assume he was on firmware 9.2 because I'm fairly certain that MK7 does not have that firmware dependency.

Wanted to play Mario Kart 7 a friend and he's on 9.2.

Yeah that much is certain It is interesting though, I wonder if this'd work with other multiplayer games.

EDIT: On further thought, there really aren't many 3DS Download games :/

 

[Slushie3DS]

Yeah that much is certain It is interesting though, I wonder if this'd work with other multiplayer games.

EDIT: On further thought, there really aren't many 3DS Download games :/

Ah, it's a bit early, here in the mitten.

 

[Idaho]

I'm from France, @gamesquest1 did mine and didn't got any problem. If you don't mind the cost, you can also get an insurance for the package, if you fear it to be lost during the shipping.

I sent mine without one (just a tracking number), took 3 days to reach England, and 3 days to go back to France.

I see, can you send me a photo of how it looks, maybe I'll do it afterall

 

[froggestspirit]

an i have yet to find a legit Ssb for us region

There is none for the US, only EU iirc