Hacking [Release] 3DSFAT16tool - dump/inject the fat16 partition from nand dumps

cearp

cearp

瓜老外
OP
Developer
Level 19
Joined
May 26, 2008
Messages
8,725
Trophies
2
XP
8,510
Country
Tuvalu
ccfman2004 said:
Is there a padxorer for Mac? The one I found on this site made by cearp is a dead link.
Click to expand...

here is a nice folder i just uploaded for you (but yes putting it here publically so everyone can have it)
all the 3ds tools you will most likely ever need, compiled by myself, for mac. they all work for me on yosemite.
https://mega.co.nz/#F!DkxGgJ7b!RDqDu7_1yeXS5YbnnzFvQA

3dstmd - gives details about tmds
aescbc - decrypts CDN content when you give it the decrypted title key
ctrtool - lets you extract stuff from files, i guess it has more uses too
extdata_tool - gives details about extdata, i think that is it
make_cdn_cia - builds cias from cdn content, very important :)
makerom - lets you build 3ds, app, cia files
padxorer - xors two inputs for you
rom_tool - lets you trim 3ds roms :)
 
  • Like
Reactions: ccfman2004
ccfman2004

ccfman2004

Well-Known Member
Member
Level 12
Joined
Mar 5, 2008
Messages
2,835
Trophies
2
XP
3,203
Country
United States
cearp said:
here is a nice folder i just uploaded for you (but yes putting it here publically so everyone can have it)
all the 3ds tools you will most likely ever need, compiled by myself, for mac. they all work for me on yosemite.
https://mega.co.nz/#F!DkxGgJ7b!RDqDu7_1yeXS5YbnnzFvQA

3dstmd - gives details about tmds
aescbc - decrypts CDN content when you give it the decrypted title key
ctrtool - lets you extract stuff from files, i guess it has more uses too
extdata_tool - gives details about extdata, i think that is it
make_cdn_cia - builds cias from cdn content, very important :)
makerom - lets you build 3ds, app, cia files
padxorer - xors two inputs for you
rom_tool - lets you trim 3ds roms :)
Click to expand...

Thank you so much.

EDIT: Quick question, if the sysNand and emuNand are linked, does that mean they use the same Nand.xorpad?
 
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
Codename said:
I figured out how to do that, but I can't get the decrypted fat16 image to mount. I always just get an unknown or corrupt image file. Yet when I look at the file with a hex editor, I can see plenty of stuff (like folder names and stuff that should be in the fat16 of the NAND.) If it matters, the fat16 I got was from my MT-Card 9.4 EmuNAND, plus I don't even have a 3DS-mode flashcard. Help with the mounting issue please?

Edit: Nevermind, I got it working. I'll post a simple guide tomorrow
Click to expand...
You never did that guide, correct? I'm having the same problem, I seem to only get corrupted NAND dumps using this. I'm using the most recent one from @swarzesherz .
 
Last edited by d0k3,
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
mvmiranda said:
Does this look like a "valid" XORed FAT16?
2hrd47r.jpg


When I try to open the 0.fat file I get this error:
2s141np.png
Click to expand...

I have the exact same problem. It looks like it is properly dumped and decrypted (the data in 0.fat makes sense to a certain level in a hex viewer), but it cannot be mounted via anything (7-ZIP, WinCDEmu). I tried mounting the decrypted nand.fat16.bin and the 0.fat I extracted from that via Winzip. So... a lot of people seem to have had this problem, and at some point it seems it strangely started to work for everyone, without anyone mentioning the solution in the thread :-? Can anyone give me some pointers as to what may have went wrong? I dumped the NAND.bin via GWs launcher.dat and generated the XORpad via Decrypt9 on Ninjhax and own a N3DS on FW9.0.0 if that's relevant information.
 
d0k3

d0k3

3DS Homebrew Legend
Member
Level 13
Joined
Dec 3, 2004
Messages
2,786
Trophies
1
XP
3,896
Country
Germany
zoogie said:
Most fat16 ctr nand xorpad dumpers and PC tools have the incorrect offset. The real fat16 section starts at 0x0B95CA00, not 0x0B930000.
For new3ds the real offset is 0x0B95AE00.
http://3dbrew.org/wiki/Flash_Filesystem#NAND_structure

This is why garbage shows up when mounting the decrypted fat16 sections after using these tools.
Click to expand...
Yeah, exactly that is what I have wondered about, too. But, because everyone does it that way (with the wrong offset) and noone has complained about it so far, I thought it is okay. So, what I have to do is to cut the unneeded bytes from the start?

EDIT: Also, how the hell come not more people have complained? I think most users here cannot code / properly use a hex editor and help themselves.

EDIT2: Okay, I did it. Removed the garbage bytes from the start. However, I still cannot mount the image.

EDIT3: I can mount it with WinImage, even if I don't remove the garbage beforehand. Now, is there any alternative to WinImage? To be honest, I don't really like it and it is shareware, not free.
 
Last edited by d0k3,
  • Like
Reactions: zoogie
zoogie

zoogie

playing around in the end of life
Developer
Level 24
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,000
Country
Micronesia, Federated States of
d0k3 said:
Yeah, exactly that is what I have wondered about, too. But, because everyone does it that way (with the wrong offset) and noone has complained about it so far, I thought it is okay. So, what I have to do is to cut the unneeded bytes from the start?

EDIT: Also, how the hell come not more people have complained? I think most users here cannot code / properly use a hex editor and help themselves.

EDIT2: Okay, I did it. Removed the garbage bytes from the start. However, I still cannot mount the image.

EDIT3: I can mount it with WinImage, even if I don't remove the garbage beforehand. Now, is there any alternative to WinImage? To be honest, I don't really like it and it is shareware, not free.
Click to expand...
osfmount is really good, and its freeware. http://www.osforensics.com/tools/mount-disk-images.html
 
  • Like
Reactions: d0k3
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,778
Trophies
2
Age
48
Location
Japan
XP
3,675
Country
United States
mid-kid said:
I've tried to use this to change my play coin amount on my 9.5 MT-classic emuNAND.
So, I've changed the value in data/<my id>/extdata/00048000/f000000b/00000000/00000007 behind the 4F00 to FFFF.
That bricked my emuNAND, and I was stupid enough to not to back it up.
Me, panic. Panic, me. The only thing I care about in my emuNAND is my NINID, and I've already gotten that unlinked from another console, but they ask you the serial and can see the history of NINIDs that have been linked to your serial, so getting it unlinked again is a no-go.
So, I tried a lot of things, but the thing that worked in the end was replacing the 00000007 file with another from a 9.0.0-20E (The firmware this second-hand console came with) backup I had laying around, and matching the timestamp to the same as the backup 00000007.
So, Woop! Woop! Yay me, back to square one, lost a lot of time, and my 40 playcoins.
Has anybody successfully edited their play coin amount using this?

EDIT: And now I realize the size of the data that says the play coin amount is 0x2, so I should've done FF, instead of FFFF. I hate myself. (Btw, why is the offset and size counted in sets of 4 bits on 3dbrew, instead of full bytes? It's confusing.)
Click to expand...
??? Maximum playcoins is 300. FFFF is like 65535. Should have tried 01 2C
 
mid-kid

mid-kid

GBAtemp spamBOT
Member
Level 7
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
urherenow said:
??? Maximum playcoins is 300. FFFF is like 65535. Should have tried 01 2C
Click to expand...

Congrats, you replied to an old post.
I've tried other values too, nothing worked. The file I was editing is prepended by a pretty big header. I have forgotten what it was, but there's a huge chance of there being a checksum of some kind in there.
Back then, I'd asked #3dsdev, they just told me it was easier to edit extdata from the console itself.
 
C

Chrushev

Well-Known Member
Member
Level 8
Joined
Jul 23, 2013
Messages
634
Trophies
1
XP
1,464
Country
Serbia, Republic of
Is this tool still relevant in Emunand10.6? I am trying to move my Mii Plaza/Activity log from O3DS to N3DS (Nintendo Transfer failed and im locked out for 7 days). If this python script is still good, is there a guide somewhere on how to decrypt and re-encrypt with it EmuNand? I cant mount the fat16 file when renamed to .iso it says its corrupt.
 
D

Deleted member 333767

Well-Known Member
Member
Level 8
Joined
Aug 20, 2013
Messages
1,932
Trophies
2
XP
1,473
How do I use this for a new3DS nand dump? When i double click the scri[pt the terminal windows disappears straight away, and when i drag the NAND dump into the script icon the terminal also disappears. Help please :)
 
Gnarmagon

Gnarmagon

Noob <3
Member
Level 6
Joined
Dec 12, 2016
Messages
647
Trophies
0
Age
22
XP
794
Country
Germany
Jao Chu said:
How do I use this for a new3DS nand dump? When i double click the scri[pt the terminal windows disappears straight away, and when i drag the NAND dump into the script icon the terminal also disappears. Help please :)
Click to expand...
These are Windows Basics ;):
1.Make Sure you don't have selected anything in the Folder
2.Now hold Shift and press Right-Click
3.Click on "open Terminal here"
4.Enter the following:
python 3DSFAT16tool.py -h
5.Good Luck ^^ (Python 2 has to be installed,weired that 3 isn't supported :()

If there are still Problems it should look like this:

Code: 
python 3DSFAT16tool.py NandBackup -n3ds ?  -i your dumped xorpad (with Decrpt9)
for ex.
Code: 
python 3DSFAT16tool.py sysnandmin.bin -n3ds -i nand.fat16.xorpad

Edit: I tried it and I killed my damn Dump :d
(now I have a 0kb FIle with nothing :()
 
Last edited by Gnarmagon,
AndreAR

AndreAR

Well-Known Member
Newcomer
Level 6
Joined
Dec 2, 2020
Messages
98
Trophies
0
Age
24
XP
873
Country
Guatemala
cearp said:
I wanted a better/faster way to extract the fat16 partition from the nand dump, so I made a python tool to do it. Opening up a hex editor and doing it like that is possible, but some hex editors are better than others and difficult to use for some people, but this tool I made is nice and easy to use.
It supports dumping and injecting it, and supports the 'normal' 3ds nand and new3ds nand.
I'm sure I could detect it automatically, but for new3ds you need to add '-n3ds' as an argument. (although this is not useful for n3ds right now because we don't have public nand access, but later it will be useful)

Naturally you need to xor the fat16 partition to make it readable, so xor is after dumping, and re-xor it before injecting.

For browsing/editing the fat16 file, instead of relying on something weird like 'WinImage' - just rename the fat16 file as '.iso', then I simply double click it and it mounts just like any other drive/volume on my computer - easy editing! I'm on mac so it is very easy for me to do. I'm not sure how easy it is to mount disks on windows...
Click to expand...
When I try to open it, It just crashes, I tried in python 2.7, 2.7.8 and 3.8. All for 64 bits. I also tried the c version but same.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: This movie rip so werid has 1080p quality but the audios ripped with movie theater audio quality