I like this, how older CFWs are coming back (ReiNand and rxTools this time). I know I promised a rxtools's like solution for A9LH users and with modern improvements, but losse interest to the 3ds developement (currently I'm in love with the wiiu one), but a feature that I personally like for this one, is to have something like "slim toolkit" and "advanced toolkit". What I mean? I mean a GUI with essential tools like Hourglass9 have (Nand dump/restore with firm protection, CIA dumping, card dumping, emunand formater/manager, etc.) and another GUI with advanced tools just like D9 or vanilla rxtools. Keep up the good work @duke_srg 
Enviado desde mi SM-J111M mediante Tapatalk
Enviado desde mi SM-J111M mediante Tapatalk
If you do know your way around 3ds development, then maybe you can help out with at least the a9lh implementation part here? @duke_srg has been looking for someone to help him with it for a while. He doesn't have a9lh so he's limited to whatever code was originally written (Not really.. but yeah)I like this, how older CFWs are coming back (ReiNand and rxTools this time). I know I promised a rxtools's like solution for A9LH users and with modern improvements, but losse interest to the 3ds developement (currently I'm in love with the wiiu one), but a feature that I personally like for this one, is to have something like "slim toolkit" and "advanced toolkit". What I mean? I mean a GUI with essential tools like Hourglass9 have (Nand dump/restore with firm protection, CIA dumping, card dumping, emunand formater/manager, etc.) and another GUI with advanced tools just like D9 or vanilla rxtools. Keep up the good work @duke_srg
Enviado desde mi SM-J111M mediante Tapatalk
Done!Thanks for the update. I will be available to test whenever you have something needs testing. Just tag me if I miss it
Check with caution, make NAND backup just in case.
First with spider. If it boots fine, then check with al9h. No 'Cyan' code anymore, since no CTR init vector check.
Alright, it's compiled, but I'm currently making backups of both sysnand and emunand. Can't remember how old my previous backups were.
I don't see how it could be dangerous though. It's not an A9LH installation. It's a payload that might work or fail.
Should I use the same data folder from previous builds or try to have it build through spider?
- Joined
- Apr 2, 2011
- Messages
- 11,005
- Trophies
- 1
- Location
- The Twilight Zone
- Website
- www.hacksden.com
- XP
- 4,339
- Country
@duke_srg
IT WORKS!! Now we're getting somewhere! So let me post a complete run down (with bugs found)
- The initial setup seem to be completely broken in spider. Didn't test it in a9lh but I'd assume it's the same thing. I copied the data folder from the previous ones to bypass this step.
- Remember how I said pasta mode gets you a black screen in pasta and freezes in a9lh? Now it freezes in both
- This one is an important one. While it did work, and I was able to launch both rx-sysnand and rx-emunand, the third time I was in the menu, I pressed the power off button, to power it off. Instead, it kept going into a reboot loop. Meaning, it reboots to rxtools menu over and over again, and the only way to close it is a hard poweroff. The weird thing is, now everytime I turn the 3ds on, it continues that reboot boot, like there is a config remembering what you asked it to do last? :/
I'll try to investigate more about the last point, but hey, its working
Edit:
- Further info about the above. I see what happened. Here is truly how it's working:
Remember how entering then exiting the system settings reboots the console? If you have a9lh, it will boot you into your arm9loaderhax.bin payload. So, what's happening is that, through system settings, once you exit, it will boot rxtools menu normally, and you can pick sysnand or emunand to boot, and that will all work fine. But, if you are trying to to boot it directly from power on, that's when you get a reboot cycle.
It was my fault for jumping into conclusions at first.
- Diagnostics for both sysnand and emunand are no longer working in both spider and a9lh. The region is stated as unknown, and the rest are empty
- Tried dumping sysnand from both spider and a9lh. Spider seemed to dump with correct size and timer. A9lh's timer is messed up. For example, the number I see right now is 719954:5 or something like that. However, it shows a complete dump with the correct size. Not sure if I can tell if it's a valid dump or not though. Through a hex editor, seems to me like it's valid
IT WORKS!! Now we're getting somewhere! So let me post a complete run down (with bugs found)
- The initial setup seem to be completely broken in spider. Didn't test it in a9lh but I'd assume it's the same thing. I copied the data folder from the previous ones to bypass this step.
- Remember how I said pasta mode gets you a black screen in pasta and freezes in a9lh? Now it freezes in both
- This one is an important one. While it did work, and I was able to launch both rx-sysnand and rx-emunand, the third time I was in the menu, I pressed the power off button, to power it off. Instead, it kept going into a reboot loop. Meaning, it reboots to rxtools menu over and over again, and the only way to close it is a hard poweroff. The weird thing is, now everytime I turn the 3ds on, it continues that reboot boot, like there is a config remembering what you asked it to do last? :/
I'll try to investigate more about the last point, but hey, its working
Edit:
- Further info about the above. I see what happened. Here is truly how it's working:
Remember how entering then exiting the system settings reboots the console? If you have a9lh, it will boot you into your arm9loaderhax.bin payload. So, what's happening is that, through system settings, once you exit, it will boot rxtools menu normally, and you can pick sysnand or emunand to boot, and that will all work fine. But, if you are trying to to boot it directly from power on, that's when you get a reboot cycle.
It was my fault for jumping into conclusions at first.
- Diagnostics for both sysnand and emunand are no longer working in both spider and a9lh. The region is stated as unknown, and the rest are empty
- Tried dumping sysnand from both spider and a9lh. Spider seemed to dump with correct size and timer. A9lh's timer is messed up. For example, the number I see right now is 719954:5 or something like that. However, it shows a complete dump with the correct size. Not sure if I can tell if it's a valid dump or not though. Through a hex editor, seems to me like it's valid
Last edited by Madridi,
That's why I didn't call it like Blackjack or Zombie tools or something. I contributed in the original, and even with this fork deeply refactored, I'm always saying - this is not a one man project!
--------------------- MERGED ---------------------------
- You can compare nand dump in Windows with fc /b
- Open file dump menu in both sysnand and emynand, it checks file exists so will be clear if nand ctr initializes correctly.
- As for initial setup hang with progress, just delete firmware files in /data and keep the font file. It is better to check it first with master branch. This way Decrypting firmware must start, most probably it is stable (while the first one progress bar that hangs on your device looks like unstable and must be investigate further)
Doh... I forgot to set the correct AES CTR byte order and mode itself
. Should be fixed now, but I'll only be able to check it by the evening, so feel free to test, starting from spider mode. NAND info and/or file dump must be avaiable if this was an issue. Feel free to check with all 4 possible modes since I could wronlgy guess the right one (since I made updated aes hardware engine interface module, sometimes it's not so easy to reverse the other's partly hardcoded implementation)
- Not sure I understand the first 2 points. Can you elaborate?
- I tried launching the initial setup with spider with the firmware files deleted from the data folder, and I do get a decrypting firmware screen, but nothing happens. It gets stuck on that screen, until I press any button, which takes me to rxmenu
Also, yeah I did check the master branch first thing. That worked fine, and the initial setup was stable (minus the fact it gives no notification that it finished.. Have to press any button for it to finish).. Actually, now I'm wondering if it did finish? Can you confirm that these are all the files that I'm supposed to end up with (with the correct size?)
Just tested, same thing, unknown for region, others are empty field.Doh... I forgot to set the correct AES CTR byte order and mode itself
What do you mean all 4 possible modes?
Here what I have missed before
https://github.com/dukesrg/rxTools/blob/dev-a9lh/rxtools/source/lib/nand.c#L131
and from here and below are 4 different combinations to check with
https://github.com/dukesrg/rxTools/blob/dev-a9lh/rxtools/source/lib/aes.h#L93
About *nand dumps, if you got them both from spider(main branch) and a9lh branch, you can byte-compare them:
Code:
fc /b nand1.bin nand2.binOnce again about progress bars. There are 2 consecutive:
1. extract & decypher cbf_std.bcfnt if not exist - no caption with that progress bar
2. decypher firmware files - must have caption 'Decrypting firmware' with progress percents and 'press any key...' after it finished.
So if you have no text at step 2, than got the empty menu, but everything is dusplaying fine after reboot - all data processed correctly, just font file did not open after extraction. Progress bars takes about 10-30 seconds each. So if ether hangs for over a minute - the issue is in that step. For now IMO font extraction is less stable, so if you could test master branch firmware decryption only (i.e. with cbf_std.bcfnt from revious working setup is present) several times to make sure it is stable hangs for you.
This won't work though will it? There was a discussion sometime back in decrypt9 thread basically saying that you will never get 2 identical dumps, because it changes everytime you boot the console I believe
Good info, I'll check this
Testing with the master branch, yes, first step does happen, and second step also happens, but without caption or progress percentage. That's likely due to the font just being extracted and not loaded like. Launching rxtools again gives a quick progress bar with no caption before going to rxmenu (around 2-3 seconds long). A third launch works fine directly to rxmenu. Here is a quick video of how it works with the master branch:
https://mega.nz/#!Tc8WyCLb!-z4abxEMkCDLz8YZMQGRAeX112q6anUW4A3EAfIey7A
However, in dev-a9lh branch, even after putting in the font file manually, launching rxtools does get me a decrypt firmware screen, with a blank bar. It does not move or anything. So no decryption actually takes place. I get to the rxmenu when pressing any button. I can take a video of that if you want to see it?
Edit: Done, here is a video
https://mega.nz/#!eRkHXZJY!KX7nadR32jKSvT6lLL6BN7HfzowFMR1cu6_yq7pvA4g
Also, I did check the above, sysnand and emunand are both mounted correctly, since secureinfo_A and _B show as red in both.
Last edited by Madridi,
No, if mounted correctly, one is red, one is normal. Both read means their existence check failed.
Further a9lh check should be done only after NAND mount will succeed, i.e. you could rebuild a9lh with all 4 possible NANDCTR.mode values and check NAND mounted correctly or not. I can only test and move futher by the night.
whoops, yeah I meant to say did NOT mount correctly. Btw, this is true for both spider and A9LH.
Anyhow, the NANDCTR.mode values is beyond my knowledge, so I'll leave that for you for tonight.
Here are a few screenshots of things I reported, just so you can get a clearer idea:
--------------------- MERGED ---------------------------
I assume your sysnand is not 9.2, therefore, you cant use spider to test. So once loading with arm9loaderhax.bin completely works, you can start from there
Last edited by Madridi,
First, fucking shit! Did you just trust RXTools to dump your sysNAND. You've got balls of steel!
And yeah, 11.2 sysNAND only.
Last edited by The Catboy,
Wow! Move potos to spoiler.
I've got you message about dump time calculation, there might be several possible causes.
There are 2 links in my post, first is line with the value assignment
second one and 3 next lines - possible value definitions. Just build with every value and check, if you have time for that now.
First, there are almost no lines left from the original rxTools 'tools' code. Second, NAND access performance are faster then in any other existing projects, since AES CTR hardware encryption are fully implemented with no hardcode and dog-nails.
Last edited by duke_srg,
First of all, what's wrong with dumping? It's not restoring anything?
Second, I already made a nand dump before starting all of this
Third, the tools have been completely refactored. This is not the old rxtools that people know
lol, moved to spoilers, just saw how large they were
Oh I see what you mean about the value assignment. I'll be away for the next few hours, but I'll probably have time when I come back to try it. What is this supposed to be showing again? Correct diagnostic information?
Similar threads
-
Xdqwerty
what are you looking at?
-
-
-
-
-
@
RedColoredStars:
I've done serial experiments lots of times. Like mixing Capn Crunch and Honeycombs together.+3 -
-
-
-
-
-
@
RedColoredStars:
Yes, they aren't starter anime. But all that starter stuff is so.... eh... Meh. So i recommended much better things than Pokemon and DBZ. lol+1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
