Hacking [Release] 3DSFAT16tool - dump/inject the fat16 partition from nand dumps

liomajor

liomajor

Well-Known Member
Member
Level 8
Joined
Jun 10, 2008
Messages
1,468
Trophies
0
XP
1,373
Country
United States
padxorer nand.fat16.bin nand.fat16.xorpad > creates nand.fat16.bin.out

reverse

padxorer nand.fat16.bin.out nand.fat16.xorpad > creates nand.fat16.bin.out.out
 
  • Like
Reactions: mvmiranda
mvmiranda

mvmiranda

Well-Known Member
Member
Level 9
Joined
Oct 29, 2013
Messages
1,457
Trophies
1
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,673
Country
Brazil
liomajor said:
padxorer nand.fat16.bin nand.fat16.xorpad > creates nand.fat16.bin.out

reverse

padxorer nand.fat16.bin.out nand.fat16.xorpad > creates nand.fat16.bin.out.out
Click to expand...

Nice! Thx!
So this nand.fat16.bin.out.out is the reXOREd file. Just as I said, right.

Thx liomajor

EDIT: Oh no!
Now I get it... I just take my "un-XORed" file and "re-XOR" using the same syntax...
The program will take care of XORing it for me...

THx!
 
swarzesherz

swarzesherz

Member
Newcomer
Level 5
Joined
Apr 12, 2014
Messages
12
Trophies
0
Age
38
XP
617
Country
Mexico
  • Like
Reactions: Datalogger, cearp and mvmiranda
mvmiranda

mvmiranda

Well-Known Member
Member
Level 9
Joined
Oct 29, 2013
Messages
1,457
Trophies
1
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,673
Country
Brazil
swarzesherz said:
Sorry for the bug, fixed in previous post https://gist.github.com/swarzesherz/651f69b2e8e5c370a0f4/d9b77da4b3a6d2ed909944c7d1e01d0ec6803296
Click to expand...

I'll test it out...

So far I'm able to extract FAT16 NAND, un-XOR FAT16 NAND, modify FAt16 NAND (injecting old emuNAND based on 4.5 into new emUNAND based on 7.2), re-XOR the FAT16 NAND, inject FAT16 NAND into my new emuNAND 9.4 based on 7.2 and it works, but so far I could not use the injected data like mii, mii plaza data and streetpass tags).

So far I only injected extdata, I'll try gradually until it works or not :P

Cheers!

EDIT: I injected gradually everything (but the dbs files: certs.db, import.db, ticket.db, etc because when I inject them the NAND does not work anymore and all I get is black screen) until my mii and mii plaza started working again, BUT, when I use Classic Mode to load my Pokemon OR with a 7.2 save it still says the save is corrupted... I guess this brought me back to having a emuNAND based on 4.5 even if I injected the data in my emuNAND based on 7.2

What did I do wrong, I wonder? Will this ever be possible?

EDIT2: SUCCESS!!!
Digging a little under 3DBrew I found every piece of the NAND I needed to extract from my emuNAND 9.4 based on 4.5 and inject into my emuNAND 9.4 based on 7.2.
After 5 or 6 attempts I'm not with a fully funcional emuNAND 9.4 based on my sysNAND 7.2 that contains all of my old data including mii, mii plaza data, streetpass tags and stuff, while having my sysNAND on 4.5 so I could use the prefile exploit!

Thanks cearp and liomajor for all your help!

EDIT3:
A minor glitch... my friend list is frozen. When I try opening it it freezes my console.
I guess it's because I copied some parts of the old friend list, so something is still missing...

Let's continue testing :)
 
  • Like
Reactions: hippy dave
DSoryu

DSoryu

GBA/NDS Maniac
Member
Level 15
Joined
May 5, 2010
Messages
2,374
Trophies
2
Location
In my house
XP
4,828
Country
Mexico
cearp Awesome, with this I got my eShop games working on sysnand, will post a video soon, my internet is shitty right now, even I'am not able to reply to the other threads.
 
mvmiranda

mvmiranda

Well-Known Member
Member
Level 9
Joined
Oct 29, 2013
Messages
1,457
Trophies
1
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,673
Country
Brazil
No further progress so far...
What could cause the friend list to be freezing since I didn't format the memory, therefore my friend code didn't change?

Any ideas?

EDIT: SUCCESS! :) Now it is... so far, at least!

I skipped (unintentionally) the friend list applet save. After I have included it everything works
I must say though that the first time I loaded the friend list it took a tremendous amount of time to open. I thought it was frozen again and got pissed and frustrated and let the console alone... 15 minutes later (I don't know if it took that long though) I came back and my friend list was opened. YAAY! :D
I closed and opened it again and the second time it took the normal time to load up (some seconds).

I guess I'm done here! :)


EDIT2: Well! Not so fast, pretty boy!
Everything is working, BUT, (I hate when there's a BUT in a phrase) apparently the GW Classic Mode uses your sysNAND's keys to load a game... This means that even if my emuNAND is based on 7.X and can decrypt new saves, if my sysNAND is 4.5, the classic mode will not "see" the saves as valid.
Just tested returning my old emuNAND based on 4.5 with my sysNAND 7.2... guess what??! The save is freaking valid!!! That means you only need to have your sysNAND in 7.X level to load a cart with 7.X save... This is bullsh*t!
So sad!
 
Codename

Codename

GREEN BRO IS BEST BRO
Member
Level 3
Joined
Feb 21, 2012
Messages
365
Trophies
0
XP
243
Country
Canada
mvmiranda said:
Everything is working, BUT, (I hate when there's a BUT in a phrase) apparently the GW Classic Mode uses your sysNAND's keys to load a game... This means that even if my emuNAND is based on 7.X and can decrypt new saves, if my sysNAND is 4.5, the classic mode will not "see" the saves as valid.
Just tested returning my old emuNAND based on 4.5 with my sysNAND 7.2... guess what??! The save is freaking valid!!! That means you only need to have your sysNAND in 7.X level to load a cart with 7.X save... This is bullsh*t!
So sad!
Click to expand...

Perhaps we could use extract the fat16 from a 7.x+ SysNAND and make a frankenstein SysNAND that allows the DS Profile Mode Exploit to be launched on higher firmwares, using some parts from the 4.x fat16?

cearp Since you seem to know a lot about 3DS development and hacking, would this be possible? Copying over bits from a 4.x SysNAND's fat16 to a higher firmware version SysNAND's fat16, in order to make the Gateway exploit bootable? Or would there be some sort of mismatched signatures or other problems?
 
mvmiranda

mvmiranda

Well-Known Member
Member
Level 9
Joined
Oct 29, 2013
Messages
1,457
Trophies
1
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,673
Country
Brazil
Codename said:
Perhaps we could use extract the fat16 from a 7.x+ SysNAND and make a frankenstein SysNAND that allows the DS Profile Mode Exploit to be launched on higher firmwares, using some parts from the 4.x fat16?

cearp Since you seem to know a lot about 3DS development and hacking, would this be possible? Copying over bits from a 4.x SysNAND's fat16 to a higher firmware version SysNAND's fat16, in order to make the Gateway exploit bootable? Or would there be some sort of mismatched signatures or other problems?
Click to expand...
This is what I did, bro. :)
I updated my sysnand to 7.2 and made a emunand based on it. Then I updated it to 9.49.4 online. After that I extracted my 4.5 xorpads, extracted my emunand based on 4.5 fat16, un-XORed it and extracted the NAND shared saves for mii, friends and streetpass. Then I've done the same (except extracting data) for emunand based on 7.2 and injected the extracted data.
Everything worked except the fact that emunand keys does not matter. What really matter is your sysnand key.

That means: it doesn't matter if your emunand is 4.5 or 7.2. If your sysnand is 4.5 you cannot decrypt newer saves.
 
  • Like
Reactions: cearp
Codename

Codename

GREEN BRO IS BEST BRO
Member
Level 3
Joined
Feb 21, 2012
Messages
365
Trophies
0
XP
243
Country
Canada
mvmiranda said:
This is what I did, bro. :)
I updated my sysnand to 7.2 and made a emunand based on it. Then I updated it to 9.49.4 online. After that I extracted my 4.5 xorpads, extracted my emunand based on 4.5 fat16, un-XORed it and extracted the NAND shared saves for mii, friends and streetpass. Then I've done the same (except extracting data) for emunand based on 7.2 and injected the extracted data.
Everything worked except the fact that emunand keys does not matter. What really matter is your sysnand key.

That means: it doesn't matter if your emunand is 4.5 or 7.2. If your sysnand is 4.5 you cannot decrypt newer saves.
Click to expand...
Wait so you downgraded some components in a higher version SysNAND so you could use it to boot your EmuNAND while offline?
 
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,379
Trophies
4
Location
Space
XP
13,999
Country
Norway
Kakkoii said:
For Windows users, WinCDEmu is a great tool that simply adds the functionality directly into Windows to mount ISOs and a few other formats by simply right clicking and mounting.
Or you can just open the ISO with 7Zip or Winrar, they both browse ISO files fine and can modify them.
Click to expand...
i don't think WinRAR can modify ISO files but I may be wrong.
 
sonic2756

sonic2756

Friendly Neighborhood Wolf
Member
Level 7
Joined
Feb 3, 2010
Messages
673
Trophies
1
Age
26
Website
www.keenbrigade.com
XP
1,217
Country
United States
mvmiranda said:
No further progress so far...
What could cause the friend list to be freezing since I didn't format the memory, therefore my friend code didn't change?

Any ideas?

EDIT: SUCCESS! :) Now it is... so far, at least!

I skipped (unintentionally) the friend list applet save. After I have included it everything works
I must say though that the first time I loaded the friend list it took a tremendous amount of time to open. I thought it was frozen again and got pissed and frustrated and let the console alone... 15 minutes later (I don't know if it took that long though) I came back and my friend list was opened. YAAY! :D
I closed and opened it again and the second time it took the normal time to load up (some seconds).

I guess I'm done here! :)


EDIT2: Well! Not so fast, pretty boy!
Everything is working, BUT, (I hate when there's a BUT in a phrase) apparently the GW Classic Mode uses your sysNAND's keys to load a game... This means that even if my emuNAND is based on 7.X and can decrypt new saves, if my sysNAND is 4.5, the classic mode will not "see" the saves as valid.
Just tested returning my old emuNAND based on 4.5 with my sysNAND 7.2... guess what??! The save is freaking valid!!! That means you only need to have your sysNAND in 7.X level to load a cart with 7.X save... This is bullsh*t!
So sad!
Click to expand...
What files did you end up moving over?
 
mvmiranda

mvmiranda

Well-Known Member
Member
Level 9
Joined
Oct 29, 2013
Messages
1,457
Trophies
1
Location
Brazil, Sao Paulo
Website
www.gamemod.com.br
XP
1,673
Country
Brazil
sonic2756 said:
What files did you end up moving over?
Click to expand...

Well, just the NAND shares saves for streetpass, friend and mii:
0x00010032 - Friends module savegame
0x00020096 - Friend List applet savegame
0x00020217 - Mii Maker application savegame
0x00020218 - StreetPass Mii Plaza application savegame
 
mid-kid

mid-kid

GBAtemp spamBOT
Member
Level 7
Joined
Aug 2, 2012
Messages
879
Trophies
0
Age
25
XP
1,163
Country
I've tried to use this to change my play coin amount on my 9.5 MT-classic emuNAND.
So, I've changed the value in data/<my id>/extdata/00048000/f000000b/00000000/00000007 behind the 4F00 to FFFF.
That bricked my emuNAND, and I was stupid enough to not to back it up.
Me, panic. Panic, me. The only thing I care about in my emuNAND is my NINID, and I've already gotten that unlinked from another console, but they ask you the serial and can see the history of NINIDs that have been linked to your serial, so getting it unlinked again is a no-go.
So, I tried a lot of things, but the thing that worked in the end was replacing the 00000007 file with another from a 9.0.0-20E (The firmware this second-hand console came with) backup I had laying around, and matching the timestamp to the same as the backup 00000007.
So, Woop! Woop! Yay me, back to square one, lost a lot of time, and my 40 playcoins.
Has anybody successfully edited their play coin amount using this?

EDIT: And now I realize the size of the data that says the play coin amount is 0x2, so I should've done FF, instead of FFFF. I hate myself. (Btw, why is the offset and size counted in sets of 4 bits on 3dbrew, instead of full bytes? It's confusing.)
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Hardware  New Nintendo 3DS XL Louvre

So what's the current state of hacking and freeshop?

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

Accidentally snapped sd card in half, what to do now?

Hacking Homebrew  3DS System Transfer Questions

Hardware Homebrew  Rehid fork w/ sliders - Save your 3ds from broken sliders!

General chit-chat
Help Users
    The Real Jdbye @ The Real Jdbye: don't mind me, just liking all of SDIO's posts, they deserve it for...