[Release] 3DS FBI CIA Manager NAND Inject Generator (JPN/USA/EUR/CHN/KOR/TWN)

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by Riku, Jun 25, 2015.

  1. Riku
    OP

    Riku GBAtemp Regular

    Member
    286
    539
    May 3, 2009
    United States
    After seeing how people having problems with FBI injection, I decided to take a look into process to see what can possibly go wrong. Basically, there's two main issues with previous injection methods: the first problem I see is that H&S is an optional app and only gets updated through internet and not card game updates (so even if you running FW9.x there's still possibility your 3DS have old H&S app version). As of now there's 14 different revisions of H&S app and to make things done right you should only use properly encrypted FBI app injected into exactly the same version your 3DS currently using. Second issue that seems to confuse people is TMD file name, it's never constant.

    Now, my program designed to resolve both issues. Just drag&drop your original *.tmd file on exe and it generate files specifically for your system.
    All regions are supported (JPN/USA/EUR/CHN/KOR/TWN) within 1.0-9.8 firmware range.

    Basic instructions on how to inject FBI CIA Manager into Health & Safety SysApp:
    1) Make NAND FAT16 XORpad file using rxTools (Decryption Options --> Generate fat16 Xorpad) or Decrypt9
    2) Put NAND or emuNAND dump named 'NAND.BIN' and FAT 16 XORpad named 'nand.fat16.xorpad' into folder's root, right next to *.bat files.
    3) Launch extract_nand.bat and wait for it to create 'nand_fat16dec.img' file.
    4) Download WinImage 9.0, install&launch it, open 'nand_fat16dec.img' and navigate into H&S folder. The path is differs depending on your region:
    JPN: title\000400010\00020300\content\
    USA: title\000400010\00021300\content\
    EUR: title\000400010\00022300\content\
    CHN: title\000400010\00026300\content\
    KOR: title:000400010\00027300\content\
    TWN: title:000400010\00028300\content\

    5) Extract *.tmd file using right click command, drag extracted file on '3ds_fbi_injectgen.exe' and you'll get FBI Inject files generated specifically for your system:
    Warning: Spoilers inside!
    6) Inject newly created files using WinImage's Image --> Inject command and overwrite exciting files (no need to delete anything, just overwrite exciting files):
    Warning: Spoilers inside!
    7) Launch 'rebuild_nand.bat' and wait for it to create 'NAND_rebuild.BIN' file.

    This is your NAND image with FBI injected. Use your favorite tool to insert emuNAND back into SD card or you can write it into sysNAND (It's a nice thing to have in sysNAND, actually. You can't remove or corrupt it by mistake or after system format, it even launches without SD card inserted and hides when SigPatch disabled. Don't do it unless you're experienced user and know what you're doing, though).

    Download links:
    http://rghost.net/6lRKZwpRk
    https://www.sendspace.com/file/zqhv0u
     
    Last edited by Riku, Nov 15, 2015
    zaqqaz00, giga502, chankarik and 25 others like this.


  2. kactusss

    kactusss GBAtemp Regular

    Member
    225
    95
    Dec 10, 2012
    France
    Great work! I will try this asap. That's an heavy process but it's way better than nothing
     
    Last edited by kactusss, Jun 25, 2015
    Margen67 likes this.
  3. hippy dave

    hippy dave Butts Butts Megabutts

    Member
    2,588
    1,803
    Apr 30, 2012
    Nice work. I don't need this, as I already had ample ways to run a cia installer, but I'm half tempted to try it anyway just to give some use to that feckin' health&safety app.
     
  4. TidusWulf

    TidusWulf Real Aloha

    Member
    600
    233
    Jul 27, 2007
    United States
    Hawaii
    Recommendations for emuNAND tools? I have a 4gig card with a bigger one coming in the mail, so I'll need to move over the emuNAND anyway.
     
  5. pikatsu

    pikatsu GBAtemp Advanced Fan

    Member
    724
    125
    Apr 16, 2014
    Argentina
    Nice. But can you replace fbi files with the new fbi v1.4?
     
  6. zoogie

    zoogie simple pimp tool

    Member
    6,353
    8,059
    Nov 30, 2014
    United States
    install the current packed version, then you can quickly use it to install 1.4.
    @Riku says preparing those specially packed FBI's are a tedious chore.
     
  7. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,113
    5,181
    Mar 17, 2010
    Norway
    Alola
    I've been away for a few days, can someone please explain to me what the point of injecting FBI into another app is? :)
    Seems like it still requires signature check patching to run, so there doesn't seem to be much point to it at first glance.
     
  8. Plasma Shadow

    Plasma Shadow GBAtemp's Artificial Lifeform

    Member
    1,553
    384
    May 15, 2009
    I have no fucking idea.
    Only other way iirc to install a CIA manager was through ctrclient which was a pisstake and only worked for pbt/palatines cfw.
     
  9. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,113
    5,181
    Mar 17, 2010
    Norway
    Alola
    Ah, so it's a way to install CIAs on sysNAND without needing to be able to run PBT/Gateway/NINJHAX. That explains it, thanks.
    I guess this is only useful for those people that have no other way of installing a CIA then, but still pretty nice :)
    Although it seems overly complicated and risky for something that should optimally be risk-free and integrated into the CFW (like it is with Palantine/PBT)
     
  10. Plasma Shadow

    Plasma Shadow GBAtemp's Artificial Lifeform

    Member
    1,553
    384
    May 15, 2009
    I have no fucking idea.
    Nah, not just sysNAND, but emuNAND too. It isnt intergrated with PBT/Palentine, you have to use that ctrclient to send it over wi-fi, which many people seem to have problems with.
     
  11. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,113
    5,181
    Mar 17, 2010
    Norway
    Alola
    It's not ctrclient that's the problem, it's the buggy implementation of the CFW. The feature to receive CIA files over the network is built in to the CFW, making another client for it should not be a big problem, but I doubt it would help. After all if that was the case then it would eventually work if you just left the CFW running and kept trying things on the PC like rebooting, configuring the network again etc. while constantly attempting to run ctrclient. For me, the only thing that worked in the end was restarting the CFW boot process while holding L and spamming the ctrclient command a few times to try to get the right timing.
    Regardless, the ability to receive CIA files over the network natively isn't an important feature to CFW, I think just being able to auto-install a CIA file or folder on the SD card would be plenty, and that's still in the works.
     
  12. Plasma Shadow

    Plasma Shadow GBAtemp's Artificial Lifeform

    Member
    1,553
    384
    May 15, 2009
    I have no fucking idea.
    Ahh I get you now I misunderstood. I got it to work in the end (was trying to install a cfw to a 3ds that wouldnt accept carts-.- I have a GW so I could have used that to install a cia manager but it wouldnt work)
     
  13. Riku
    OP

    Riku GBAtemp Regular

    Member
    286
    539
    May 3, 2009
    United States
    When you install DevMan or FBI as *.cia you get fake ticket and database entries installed into NAND and those stay there forever even after deleting app.
    Injection is much more cleaner and safer method in that aspect, you just replacing 2 files without messing with system database, not to mention result is some sort of 'stealth' CIA manager which can't be detected or logged.
     
    enarky and kactusss like this.
  14. mateusu

    mateusu Newbie

    Newcomer
    2
    0
    Jun 28, 2015
    Brazil
    "Input Fat16 XORpad file is not valid"
     
  15. Sendoh

    Sendoh GBAtemp Regular

    Member
    253
    0
    Jul 30, 2007
    Senegal
    How can I insert the NAND into sysNAND? Or is there an alternative method of getting FBI onto sysNAND? I've already gotten FBI onto emuNAND but not on sysNAND.
     
  16. Riku
    OP

    Riku GBAtemp Regular

    Member
    286
    539
    May 3, 2009
    United States
    del
     
    Last edited by Riku, Jun 28, 2015 - Reason: removed so unexpirienced people won't screw up their systems
    Sendoh likes this.
  17. Sendoh

    Sendoh GBAtemp Regular

    Member
    253
    0
    Jul 30, 2007
    Senegal
    Thanks, I did it, but I screwed up bad. I forgot to downgrade the emuNAND and now the firmware is at 9.8. I assume there's no way out of this if I don't have a flashcart?
     
  18. Riku
    OP

    Riku GBAtemp Regular

    Member
    286
    539
    May 3, 2009
    United States
    That's why it says in first post:
    And, yes, the only way out of this for you is to solder to mainboard and write previous NAND backup using hardware flasher. If you don't have previous backup you screwed completely, having flashcard doesn't help you in any way... I removed my reply before it can harm more people.
     
  19. Sendoh

    Sendoh GBAtemp Regular

    Member
    253
    0
    Jul 30, 2007
    Senegal
    Yeah it was my own carelessness. Thanks for the help though!
     
  20. Monado_III

    Monado_III GBAtemp Advanced Fan

    Member
    637
    352
    Feb 8, 2015
    Canada
    /dev/null
    So I successfully unencrypted my NAND, (files are intact and readable etc.), but even if I don't make any changes to the unencrypted NAND, when I re encrypt it, it always fails to boot, but when I use the same NAND file before I unencrypted+re encrypted it, it works normally.