[QUESTION] Rebuilding decrypted System Titles for EmuNAND?

Discussion in '3DS - Flashcards & Custom Firmwares' started by xXDungeon_CrawlerXx, Jan 19, 2016.

  1. xXDungeon_CrawlerXx
    OP

    xXDungeon_CrawlerXx GBAtemp Maniac

    Member
    1,294
    616
    Jul 29, 2015
    Liverpool
    Hey Guys,

    right now I'm trying to modify some System Titles which I've decrypted.
    is it possible to rebuild them to install them to EmuNAND?
    I know, it could brick the EmuNAND (I've backups) but I still want to try that.
    I've some System Titles without ExHeader and ExeFS, only with a RomFS.
    How can I rebuild cias like this?
     
  2. Syphurith

    Syphurith Beginner

    Member
    641
    222
    Mar 8, 2013
    Switzerland
    Xi'an, Shaanxi Province
    No problem if you're using Sysupdater on EmuNAND / injecting it manually, but not using BBM/FBI/Dev.. propably.
    You can yes modify the exefs, with 3dstool and a exefs header builder. Romfs is easier to be modified.
    You can use Decrypt9 to encrypt something back, but not the whole CIA. Only the .app (CXI/CFA) that extracted from decrypted NAND.
    I tried to extract "ac" from EmuNAND, then modify and inject it, to change the link of wifi test to my own server.
    It almost works.. Except i stupidly forgot to actually start the server. Unfortunately i don't want to play this trick these days.
     
  3. xXDungeon_CrawlerXx
    OP

    xXDungeon_CrawlerXx GBAtemp Maniac

    Member
    1,294
    616
    Jul 29, 2015
    Liverpool
    Oh, okay!
    I decrypted the CIA with Decrypt9WIP and got the following files:
    - DecryptedExeFS.bin (0kb)
    - DecryptedExHeader.bin (0kb)
    - DecryptedRomFS.bin (16kb)

    I just want to edit the RomFS first (I rebuilt this one already).
    Now I want to figure out how to rebuild the CIA to install it with SysUpdater.
    Is there a way to do that?
    If not, how can I dump some specific .app files, edit them and rebuild them + encrypt them?
    Is there a tutorial for that?
     
  4. Syphurith

    Syphurith Beginner

    Member
    641
    222
    Mar 8, 2013
    Switzerland
    Xi'an, Shaanxi Province
    It is suggested, to use 3dstool independently to manipulate the CXI/CFA/CCI format (NCCH/NCSD) including .app and .3ds.
    You can unpack normal CIA (decrypted, not raw ones from CDN) with ctrtool, encrypted raw CDN CIA using other scripts. ctrtool --content=ac ac.cia
    And you should see some ac.0000.00000000 or other files, which is actually NCCH, being CXI (with exefs)/CFA (with no exefs).
    You can unpack NCCH with 3dstool, for CXI. Change "-xvtf cxi" to "-xvtf cfa" if that's a CFA.
    Code:
    3dstool -xvtf cxi 0.cxi --header ncch.header --exh exheader.bin --exefs exefs.bin --romfs romfs.bin --plain plain.bin --logo logo.bcma.lz
    It is suggested that using already decrypted NCCH to unpack. You can unpack it more.
    Code:
    3dstool -xvtf exefs exefs.bin --exefs-dir exefs.O --header exefs.header
    Code:
    3dstool -xvtf romfs romfs.bin --romfs-dir romfs.O
    For pack it back, you can just change "-xvtf" to "-cvtf". Don't forget to change its filename.
    I recommend you to read this: http://4dsdev.org/thread.php?id=105 and http://4dsdev.org/thread.php?id=99&page=1
    Unfortunately there is no tutorial for 3dstool manipulation, cause there is not much need to translate into English, unlike what for Chinese.
     
    xXDungeon_CrawlerXx likes this.
  5. xXDungeon_CrawlerXx
    OP

    xXDungeon_CrawlerXx GBAtemp Maniac

    Member
    1,294
    616
    Jul 29, 2015
    Liverpool
    @Syphurith

    I extracted the cia and got this file: st.0000.000000e1.cfa
    I extracted the files from the cfa and I got this files:
    -romfs.bin
    -ncch.header

    I've modified the cfa right now and rebuilt it with -cvtf command
    The name of the new file is: new-st.0000.000000e1.cfa
    How do I create a CIA out of it?

    I've found this:
    makerom -f cia -o a.cia -content 0000.cxi:0:0 -content ori\c.0001.00000002:1:2

    But I'm not sure how to use it correctly with my cfa-file.
    would this one correct?
    makerom -f cia -o a.cia -content new-st.0000.000000e1:0:e1 [tried it, doesn't work]
    which command do I have to use?
     
    Last edited by xXDungeon_CrawlerXx, Jan 19, 2016
  6. Syphurith

    Syphurith Beginner

    Member
    641
    222
    Mar 8, 2013
    Switzerland
    Xi'an, Shaanxi Province
    Just use makerom to pack CXI/CFA contents to a CIA. Certainly the ticket may be incorrect, but don't care about that much.
    PartialOriginalCtrtoolResult
    Then you can just pack it back:
    Code:
    makerom -f cia -o A.CIA -content ms.0000.0000001a:0:0x1a -content ms.0001.00000018:1:0x18
    I would like to explain a little more. ContentIndex could present the order of DLC contents, or following the original partitions' number of CCI/NCSD.
    -content <CXI/CFA File>:<ContentIndex>:<ContentID> Thus you could pack it back. Just try it then.
     
  7. xXDungeon_CrawlerXx
    OP

    xXDungeon_CrawlerXx GBAtemp Maniac

    Member
    1,294
    616
    Jul 29, 2015
    Liverpool
    Ohhh, I understood! Thank you! :)
    Got it to work (just tried a simple edit on NVER atm).
    Warning: Spoilers inside!
     
  8. punderino

    punderino aka Big-Dick Swinger

    Member
    897
    488
    Jan 5, 2016
    United States
    Kansas City, Missouri
    3dstool -xvtf cxi contents.0000.00000083 --header ncch.header --exh exheader.bin --exefs exefs.bin --romfs romfs.bin --plain plain.bin
    ERROR: the file type is mismatch wat do