Hacking Official [Release] CakesFW

[mid-kid]

here's a hint:
jump_table.s (cake)
arm11.s (pasta)

The jump table is a frankenstein made of Brahma's jump table, roxas75's jump table, and bootstrap's.
I literally had the three files open, copy/pasted and compared what I though was best.
Still no pasta here.

 

[hairyfairy]

The jump table is a frankenstein made of Brahma's jump table, roxas75's jump table, and bootstrap's.
I literally had the three files open, copy/pasted and compared what I though was best.
Still no pasta here.

oh alright, I thought it was pasta code. sorry for having called you a liar!

 

[Intronaut]

Thanks for this great CFW.

Waiting for the network CIA installer and 9.x MSET.

Have anyone tried the POC?

 

[Apache Thunder]

Ok tested this thing when I woke up. In sysnand mode, eshop spoof app doesn't work. I'm assuming because it boots 9.6 patched native firm. I would suggest you find a way of live patching 9.2 for sysnand mode at some point. Some folks might want to use eShop. That and the ability to boot into another CFW while in the Cakes would be convenient.

For me I guess it doesn't matter. I have an early test build that boots sysnand using 9.2 firm. It's not in a user friendly form though and I patched 9.2 firm myself.

I sent him 9.2 patched firm awhile back when I first made it. I'm sure he'll find a way of incorperating it. (hint look at Pasta code. It doesn't use firmlaunch to launch new native firm yet. )

Pasta is open source. There's no harm in using some of it to get sysnand mode working correctly.

EDIT: Just tested and just like with rxMode, DSiWare/GBA VC will work from emunand provided you also have a copy installed to sysnand.

 

[Suiginou]

Ok tested this thing when I woke up. In sysnand mode, eshop spoof app doesn't work. I'm assuming because it boots 9.6 patched native firm. I would suggest you find a way of live patching 9.2 for sysnand mode at some point. Some folks might want to use eShop. That and the ability to boot into another CFW while in the Cakes would be convenient.

Well, theoretically, if you don't need emuNAND, it should be as easy as changing the signature patch to http://pastebin.com/wdSUNt1a and replace 00000049 with 00000038 NATIVE_FIRM.

 

[mid-kid]

Ok tested this thing when I woke up. In sysnand mode, eshop spoof app doesn't work. I'm assuming because it boots 9.6 patched native firm. I would suggest you find a way of live patching 9.2 for sysnand mode at some point. Some folks might want to use eShop. That and the ability to boot into another CFW while in the Cakes would be convenient.

For me I guess it doesn't matter. I have an early test build that boots sysnand using 9.2 firm. It's not in a user friendly form though and I patched 9.2 firm myself.

I sent him 9.2 patched firm awhile back when I first made it. I'm sure he'll find a way of incorperating it. (hint look at Pasta code. It doesn't use firmlaunch to launch new native firm yet. )

Pasta is open source. There's no harm in using some of it to get sysnand mode working correctly.

The problem with that is that the signature patching location differs per firmware. I don't want to have different signature patches for every possible FIRM.
I've also tried to implement the brahma stuff, to continue booting the current FIRM, and it mostly requires changes to the jump_table, but it breaks booting it from the SD card. Though, admittedly, I didn't look much.
I hope the eShop spoofing can be implemented in any other way.

 

[Apache Thunder]

Well one way is simply having users download a firmware.bin from CDN that is of the 9.2 version and adding extra code to use that with the specific patches for it.

Of coarse that firmware.bin will have a different name. Like firmware2.bin or something. (and that one could be placed in cakes folder instead since rxTools wouldn't use it)

 

[b1l1s]

The problem with that is that the signature patching location differs per firmware. I don't want to have different signature patches for every possible FIRM.
I've also tried to implement the brahma stuff, to continue booting the current FIRM, and it mostly requires changes to the jump_table, but it breaks booting it from the SD card. Though, admittedly, I didn't look much.
I hope the eShop spoofing can be implemented in any other way.

Well someone else could take up the mantle to support another collection of cakes for 9.2 firm. I can give the rest of the offsets for 9.2 firms for emunand.

 

[Apache Thunder]

I think the next big project is getting this to boot from 9.x MSET. Then the road to getting it on the n3DS will become much easier.

 

[Suiginou]

I think the next big project is getting this to boot from 9.x MSET.

No network required to launch? Endless ejaculation!

 

[g386]

 

[mid-kid]

I think the next big project is getting this to boot from 9.x MSET. Then the road to getting it on the n3DS will become much easier.

Sorry to disappoint, but I'm more interested in CIA installation right now.

 

[X-ite_SDF]

Sorry to disappoint, but I'm more interested in CIA installation right now.

Thank you! Finally, there won't be need to rely on unstable GW hacks for that (and an option for 2DS for that matter).

 

[happydance]

CIA installation via network?
BTW how to you exactly achieve that, it's a feature on your CFW but nothing is said about that on the first page.

 

[Tokiopop]

Whoever gets this working on n3DS with OoT gets a donation from me

 

[Suiginou]

Whoever gets this working on n3DS with OoT gets a donation from me

How much?

 

[b1l1s]

CIA installation via network?
BTW how to you exactly achieve that, it's a feature on your CFW but nothing is said about that on the first page.

Not a feature yet, so that's why. Wait a couple of days.

 

[Intronaut]

Not a feature yet, so that's why. Wait a couple of days.

HYPE

 

[Tokiopop]

How much?

Up to whatever Cubic Ninja JP costs, depends on how well my bank balance is doing at the time. I'd use Pasta if Cubic Ninja JP wasn't so much..

 

[Vappy]

Easier method for obtaining firmkey.bin.
Start rxTools, under Decryption Options choose Decrypt Title Keys.
Open rxTools\decTitleKeys.bin under rxTools in a hex editor, copy the 16 bytes after 0004013800000002 to a new file, save it as firmkey.bin
Example with the keys censored, in this case it'd be the line "BBBB...."