ROM Hack [Release] 3DS FBI CIA Manager NAND Inject Generator (JPN/USA/EUR/CHN/KOR/TWN)

Riku

Well-Known Member
OP
Member
Joined
May 3, 2009
Messages
288
Trophies
0
XP
1,485
Country
United States
After seeing how people having problems with FBI injection, I decided to take a look into process to see what can possibly go wrong. Basically, there's two main issues with previous injection methods: the first problem I see is that H&S is an optional app and only gets updated through internet and not card game updates (so even if you running FW9.x there's still possibility your 3DS have old H&S app version). As of now there's 14 different revisions of H&S app and to make things done right you should only use properly encrypted FBI app injected into exactly the same version your 3DS currently using. Second issue that seems to confuse people is TMD file name, it's never constant.

Now, my program designed to resolve both issues. Just drag&drop your original *.tmd file on exe and it generate files specifically for your system.
All regions are supported (JPN/USA/EUR/CHN/KOR/TWN) within 1.0-9.8 firmware range.

Basic instructions on how to inject FBI CIA Manager into Health & Safety SysApp:
1) Make NAND FAT16 XORpad file using rxTools (Decryption Options --> Generate fat16 Xorpad) or Decrypt9
2) Put NAND or emuNAND dump named 'NAND.BIN' and FAT 16 XORpad named 'nand.fat16.xorpad' into folder's root, right next to *.bat files.
3) Launch extract_nand.bat and wait for it to create 'nand_fat16dec.img' file.
4) Download WinImage 9.0, install&launch it, open 'nand_fat16dec.img' and navigate into H&S folder. The path is differs depending on your region:
JPN: title\000400010\00020300\content\
USA: title\000400010\00021300\content\
EUR: title\000400010\00022300\content\
CHN: title\000400010\00026300\content\
KOR: title:000400010\00027300\content\
TWN: title:000400010\00028300\content\

5) Extract *.tmd file using right click command, drag extracted file on '3ds_fbi_injectgen.exe' and you'll get FBI Inject files generated specifically for your system:
GKIbJcc.png
6) Inject newly created files using WinImage's Image --> Inject command and overwrite exciting files (no need to delete anything, just overwrite exciting files):
5rNyyxv.png
7) Launch 'rebuild_nand.bat' and wait for it to create 'NAND_rebuild.BIN' file.

This is your NAND image with FBI injected. Use your favorite tool to insert emuNAND back into SD card or you can write it into sysNAND (It's a nice thing to have in sysNAND, actually. You can't remove or corrupt it by mistake or after system format, it even launches without SD card inserted and hides when SigPatch disabled. Don't do it unless you're experienced user and know what you're doing, though).

Download links:
http://rghost.net/6lRKZwpRk
https://www.sendspace.com/file/zqhv0u
 
Last edited by Riku,

hippy dave

BBMB
Member
Joined
Apr 30, 2012
Messages
7,833
Trophies
1
XP
11,659
Country
United Kingdom
Nice work. I don't need this, as I already had ample ways to run a cia installer, but I'm half tempted to try it anyway just to give some use to that feckin' health&safety app.
 

TidusWulf

Real Aloha
Member
Joined
Jul 27, 2007
Messages
652
Trophies
0
Location
Hawaii
XP
763
Country
United States
Recommendations for emuNAND tools? I have a 4gig card with a bigger one coming in the mail, so I'll need to move over the emuNAND anyway.
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
21,890
Trophies
3
Location
Space
XP
11,050
Country
Norway
I've been away for a few days, can someone please explain to me what the point of injecting FBI into another app is? :)
Seems like it still requires signature check patching to run, so there doesn't seem to be much point to it at first glance.
 

plasma

GBAtemp's Artificial Lifeform
Member
Joined
May 15, 2009
Messages
1,612
Trophies
0
Age
24
Location
I have no fucking idea.
XP
1,899
Country
United Kingdom
I've been away for a few days, can someone please explain to me what the point of injecting FBI into another app is? :)
Seems like it still requires signature check patching to run, so there doesn't seem to be much point to it at first glance.
Only other way iirc to install a CIA manager was through ctrclient which was a pisstake and only worked for pbt/palatines cfw.
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
21,890
Trophies
3
Location
Space
XP
11,050
Country
Norway
Only other way iirc to install a CIA manager was through ctrclient which was a pisstake and only worked for pbt/palatines cfw.
Ah, so it's a way to install CIAs on sysNAND without needing to be able to run PBT/Gateway/NINJHAX. That explains it, thanks.
I guess this is only useful for those people that have no other way of installing a CIA then, but still pretty nice :)
Although it seems overly complicated and risky for something that should optimally be risk-free and integrated into the CFW (like it is with Palantine/PBT)
 

plasma

GBAtemp's Artificial Lifeform
Member
Joined
May 15, 2009
Messages
1,612
Trophies
0
Age
24
Location
I have no fucking idea.
XP
1,899
Country
United Kingdom
Ah, so it's a way to install CIAs on sysNAND without needing to be able to run PBT/Gateway/NINJHAX. That explains it, thanks.
I guess this is only useful for those people that have no other way of installing a CIA then, but still pretty nice :)
Although it seems overly complicated and risky for something that should optimally be risk-free and integrated into the CFW (like it is with Palantine/PBT)
Nah, not just sysNAND, but emuNAND too. It isnt intergrated with PBT/Palentine, you have to use that ctrclient to send it over wi-fi, which many people seem to have problems with.
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
21,890
Trophies
3
Location
Space
XP
11,050
Country
Norway
Nah, not just sysNAND, but emuNAND too. It isnt intergrated with PBT/Palentine, you have to use that ctrclient to send it over wi-fi, which many people seem to have problems with.
It's not ctrclient that's the problem, it's the buggy implementation of the CFW. The feature to receive CIA files over the network is built in to the CFW, making another client for it should not be a big problem, but I doubt it would help. After all if that was the case then it would eventually work if you just left the CFW running and kept trying things on the PC like rebooting, configuring the network again etc. while constantly attempting to run ctrclient. For me, the only thing that worked in the end was restarting the CFW boot process while holding L and spamming the ctrclient command a few times to try to get the right timing.
Regardless, the ability to receive CIA files over the network natively isn't an important feature to CFW, I think just being able to auto-install a CIA file or folder on the SD card would be plenty, and that's still in the works.
 

plasma

GBAtemp's Artificial Lifeform
Member
Joined
May 15, 2009
Messages
1,612
Trophies
0
Age
24
Location
I have no fucking idea.
XP
1,899
Country
United Kingdom
It's not ctrclient that's the problem, it's the buggy implementation of the CFW. The feature to receive CIA files over the network is built in to the CFW, making another client for it should not be a big problem, but I doubt it would help. After all if that was the case then it would eventually work if you just left the CFW running and kept trying things on the PC like rebooting, configuring the network again etc. while constantly attempting to run ctrclient. For me, the only thing that worked in the end was restarting the CFW boot process while holding L and spamming the ctrclient command a few times to try to get the right timing.
Regardless, the ability to receive CIA files over the network natively isn't an important feature to CFW, I think just being able to auto-install a CIA file or folder on the SD card would be plenty, and that's still in the works.
Ahh I get you now I misunderstood. I got it to work in the end (was trying to install a cfw to a 3ds that wouldnt accept carts-.- I have a GW so I could have used that to install a cia manager but it wouldnt work)
 

Riku

Well-Known Member
OP
Member
Joined
May 3, 2009
Messages
288
Trophies
0
XP
1,485
Country
United States
Ah, so it's a way to install CIAs on sysNAND without needing to be able to run PBT/Gateway/NINJHAX. That explains it, thanks.
I guess this is only useful for those people that have no other way of installing a CIA then, but still pretty nice :)
Although it seems overly complicated and risky for something that should optimally be risk-free and integrated into the CFW (like it is with Palantine/PBT)
When you install DevMan or FBI as *.cia you get fake ticket and database entries installed into NAND and those stay there forever even after deleting app.
Injection is much more cleaner and safer method in that aspect, you just replacing 2 files without messing with system database, not to mention result is some sort of 'stealth' CIA manager which can't be detected or logged.
 
  • Like
Reactions: enarky and kactusss

Sendoh

Well-Known Member
Member
Joined
Jul 30, 2007
Messages
253
Trophies
0
Website
Visit site
XP
223
Country
Senegal
How can I insert the NAND into sysNAND? Or is there an alternative method of getting FBI onto sysNAND? I've already gotten FBI onto emuNAND but not on sysNAND.
 

Sendoh

Well-Known Member
Member
Joined
Jul 30, 2007
Messages
253
Trophies
0
Website
Visit site
XP
223
Country
Senegal
You can use Gateway launcher's Downgrade hidden feature: put NAND.BIN in the root of SD card and hold Up button while pressing 'Downgrade' in GW menu and it will ask if you want to restore your sysNAND (write NAND.BIN).
Thanks, I did it, but I screwed up bad. I forgot to downgrade the emuNAND and now the firmware is at 9.8. I assume there's no way out of this if I don't have a flashcart?
 

Riku

Well-Known Member
OP
Member
Joined
May 3, 2009
Messages
288
Trophies
0
XP
1,485
Country
United States
Thanks, I did it, but I screwed up bad. I forgot to downgrade the emuNAND and now the firmware is at 9.8. I assume there's no way out of this if I don't have a flashcart?
That's why it says in first post:
Don't do it unless you're experienced user and know what you're doing

And, yes, the only way out of this for you is to solder to mainboard and write previous NAND backup using hardware flasher. If you don't have previous backup you screwed completely, having flashcard doesn't help you in any way... I removed my reply before it can harm more people.
 

Sendoh

Well-Known Member
Member
Joined
Jul 30, 2007
Messages
253
Trophies
0
Website
Visit site
XP
223
Country
Senegal
That's why it says in first post:


And, yes, the only way out of this for you is to solder to mainboard and write previous NAND backup using hardware flasher. If you don't have previous backup you screwed completely, having flashcard doesn't help you in any way... I removed my reply before it can harm more people.
Yeah it was my own carelessness. Thanks for the help though!
 

Monado_III

Well-Known Member
Member
Joined
Feb 8, 2015
Messages
722
Trophies
0
Location
/dev/null
XP
1,398
Country
Canada
So I successfully unencrypted my NAND, (files are intact and readable etc.), but even if I don't make any changes to the unencrypted NAND, when I re encrypt it, it always fails to boot, but when I use the same NAND file before I unencrypted+re encrypted it, it works normally.
 
General chit-chat
Help Users
    KenniesNewName @ KenniesNewName: Pepto makes my poop black