Hacking Official [Release] CakesFW

[MiePx3]

Try writing directly to it with HxD. Search your physical drive for "NCSD" and delete 512 (0x200) bytes starting there.

*DISCLAIMER* I just "ported" mid-kid's instructions to HxD, I'm not sure if it'll work, or if it'll completely destroy your filesystem. Make sure to keep a backup.

Im currently trying to something on my 3DS. So I cant try that right now, but how do I open my SD in HxD? Or is that NCSD a hidden file somewhere?
I dont usually need step by step guides, but I am kinda lost here. Sorry!

I tried to restore to a NAND backup I made earlier. Didnt work either.
Still cant figure out how to use HxD properly.

Nevermind! Figured it out.
I now have HxD open and I can see the hex values of my SD. I found NCSD. And now I have to delete the following 512 Bytes? But the hex value for NCSD itself should not be removed?
If so, is there a "counting" feature in HxD so I can just enter 512 bytes and dont have to worry that I delte too much/less?

Spoiler

Like this? Sorry, I hate beeing spoon fed. I just wanna make sure I dont brick my 3DS I just bought 10 hours ago.
Or does the yellow part has to be 512? I cant "delete" stuff in HxD. I would guess I have to replace anything with 00?

 

[mid-kid]

Im currently trying to something on my 3DS. So I cant try that right now, but how do I open my SD in HxD? Or is that NCSD a hidden file somewhere?
I dont usually need step by step guides, but I am kinda lost here. Sorry!

I tried to restore to a NAND backup I made earlier. Didnt work either.
Still cant figure out how to use HxD properly.

Nevermind! Figured it out.
I now have HxD open and I can see the hex values of my SD. I found NCSD. And now I have to delete the following 512 Bytes? But the hex value for NCSD itself should not be removed?
If so, is there a "counting" feature in HxD so I can just enter 512 bytes and dont have to worry that I delte too much/less?

Like this? Sorry, I hate beeing spoon fed. I just wanna make sure I dont brick my 3DS I just bought 10 hours ago.
Or does the yellow part has to be 512? I cant "delete" stuff in HxD. I would guess I have to replace anything with 00?

The "NCSD" is exactly what cakes looks for, and, no, wolfvak didn't port the instructions correctly. To completely replicate what the dd command does: start at 0x200, replace the 0x200 bytes that follow it with 00. Either that, or replace "NCSD" with "PENIS" or something.

EDIT: I was assuming you used to have a rednand there. If it was a regular emunand, just install 2GB of games or whatever and it should be overwritten soon enough .

 

[Wolfvak]

Im currently trying to something on my 3DS. So I cant try that right now, but how do I open my SD in HxD? Or is that NCSD a hidden file somewhere?
I dont usually need step by step guides, but I am kinda lost here. Sorry!

I tried to restore to a NAND backup I made earlier. Didnt work either.
Still cant figure out how to use HxD properly.

Nevermind! Figured it out.
I now have HxD open and I can see the hex values of my SD. I found NCSD. And now I have to delete the following 512 Bytes? But the hex value for NCSD itself should not be removed?
If so, is there a "counting" feature in HxD so I can just enter 512 bytes and dont have to worry that I delte too much/less?

Like this? Sorry, I hate beeing spoon fed. I just wanna make sure I dont brick my 3DS I just bought 10 hours ago.
Or does the yellow part has to be 512? I cant "delete" stuff in HxD. I would guess I have to replace anything with 00?

nonono that's not the redNAND start. Sorry, I should've just ported the instructions directly, I thought the plaintext 'NCSD' was @ 0x200 to be honest.

Basically, go to 0x200, select 0x200 bytes and replace them with 0x00's or just blank out the 'NCSD' string

 

[MiePx3]

That worked, awesome! And thanks for bearing with me.
One last question. I never had problems like this on my O3DS.
What could be the cause that I had this Issue? Could something else be wrong?

edit
It was a rednand, but its gone now, thank you too!

Oh, and 175 seems to be still not up. Guess Ill compile it on my laptop later.
Nvm. Testing now!
Yep, autobooting works fine now!

 

[retroguy]

Why is it that each time when I enter the menu settings, to change one or more cake settings, that I notice that 'Force saving patched firmware' is disabled although I enabled it earlier? I'm using V 175

And do I have to enable this setting each time again after changing one or more cakes settings, or is a forced save only needed once, at the intial install of the Cakes CFW?

 

[a9lh-1user]

-snip-

sorry

 

[Kazuma77]

Why is it that each time when I enter the menu settings, to change one or more cake settings, that I notice that 'Force saving patched firmware' is disabled although I enabled it earlier? I'm using V 175

And do I have to enable this setting each time again after changing one or more cakes settings, or is a forced save only needed once, at the intial install of the Cakes CFW?

It's only intended as a work-around in case firmware_patched.bin isn't getting created automatically. I've never even had to use it, because they're being created just fine on my systems. So, I'm fairly certain it's intended to be a per-use setting, not something that stays enabled.

 

[retroguy]

Aha, OK then. BTW, Cakes is already great and it will even be excellent once mid-kid adds the firmware.bin selection menu. That will be very useful for those having Retroarch on their system which doesn't work with 11.0 firmware.bin That's why I'm more or less forced to still use 10.4 bin.

 

[Kazuma77]

Aha, OK then. BTW, Cakes is already great and it will even be excellent once mid-kid adds the firmware.bin selection menu. That will be very useful for those having Retroarch on their system which doesn't work with 11.0 firmware.bin That's why I'm more or less forced to still use 10.4 bin.

Yeah, I'm still using 10.4 myself for the most part. For the moment, I have it setup so that I can quickly rename files in Godmode9 when I do want to switch. It's a good thing Nintendo didn't update MSET or Home Menu I guess. If you ask me, they're telegraphing their moves and pulling their punches for a reason. They know homebrew and "piracy" are good for sales. 11.0 was just a sales tactic -- go buy one while you can still downgrade it. They didn't even fully disable SVCHax, so that the community can easily bring another downgrader out, and they can rinse and repeat. Just my take on their recent activities of course

 

[astronautlevel]

They didn't even fully disable SVCHax, so that the community can easily bring another downgrader out

I have issue with this. Although they didn't patch svchax fully, they made it really fucking hard to exploit. *Even if* we get an arm11 kernel exploit, we couldn't downgrade anyway because process9 enforces a minimum vesrion whenever you install a system title CIA. Because of this you can't really downgrade with only an arm11 kernel exploit.

 

[Kazuma77]

I have issue with this. Although they didn't patch svchax fully, they made it really fucking hard to exploit. *Even if* we get an arm11 kernel exploit, we couldn't downgrade anyway because process9 enforces a minimum vesrion whenever you install a system title CIA. Because of this you can't really downgrade with only an arm11 kernel exploit.

Well, if we get the signing key, then we can just resign 9.2 as 11.1 It will be a few months before 11.0 units start showing up at Wal-Mart and Best Buy anyway. There is time. I still say Nintendo's fight against piracy seems as real as pro wrestling. They have to convince naive third-party developers that they're trying, but I would swear they're throwing it because they've figured out it makes them more money.

 

[WhoAmI?]

Formatting an sd card does not remove all the data on it. The NCSD header from an old rednand seems to still be present in the second sector. To clear it, you could try either removing the "NCSD" at 0x300 from the start of your SD with a hex editor, or clear the whole second sector using for example dd: "dd if=/dev/zero of=/dev/<sd card> bs=512 seek=1 count=1"

Or do what I do on windows: https://gbatemp.net/threads/tutorial-removing-emunand-from-sd-card.387732/

My Dropbox needs the pictures re-uploading, for DiskPart.

 

[dankzegriefer]

I have issue with this. Although they didn't patch svchax fully, they made it really fucking hard to exploit. *Even if* we get an arm11 kernel exploit, we couldn't downgrade anyway because process9 enforces a minimum vesrion whenever you install a system title CIA. Because of this you can't really downgrade with only an arm11 kernel exploit.

It enforces it on some of the wrong syscalls. There's still 2 open syscalls that can be used to downgrade.

 

[astronautlevel]

It enforces it on some of the wrong syscalls. There's still 2 open syscalls that can be used to downgrade.

I remember that being mentioned in 3dsdev but iirc it still can't be used to downgrade NFIRM.

 

[dankzegriefer]

I remember that being mentioned in 3dsdev but iirc it still can't be used to downgrade NFIRM.

No, there's one call for downgrading NFIRM if I am correct.

 

[Kazuma77]

No, there's one call for downgrading NFIRM if I am correct.

Still, if you can downgrade other things, it could lead to NFIRM being downgraded, right? Like the old process of adding Trucha signing back to the Wii. In other words, you can't downgrade NFIRM directly, so you downgrade something else, just for example, MSET, build a new ROP chain, use kernel mode access to patch the version check, full downgrade.

 

[PaiiNSteven]

nightly 173 arm9loaderhax.bin file for those who want/need it. just extract it.

If it matters, do you have a working cetk and firmware.bin for this? I cant load it from CtrBoot9.

 

[pbanj]

If it matters, do you have a working cetk and firmware.bin for this? I cant load it from CtrBoot9.

no sorry. i stopped using cakes a while ago. i just make the arm9loaderhax.bin files for the people who need them.

 

[pbanj]

here is the arm9loaderhax.bin for the 175 nightly

 

[Kazuma77]

If it matters, do you have a working cetk and firmware.bin for this? I cant load it from CtrBoot9.

We can't upload firmware files here. There's a 175 that's ready to use on a certain iso site though ("CFW Discussions" forum).