Hacking Official [Release] CakesFW

[bache]

Will this MSET patch boot any CFW's Launcher.dat? I'd love to try out CakeFW, but I also need access to Ninjhax compatible CFWs to dump xorpads on my N3DS.
Failing that, mid-kid mentions that you could just download the 9.0 firmware.bin and modify the offsets, but I don't know how to modify them. Would someone be willing to do it for me?

 

[happydance]

I don't see how though. The profile exploit was fixed (in 7.0 I think?) and the MSET ROP is for 4.x. Are you sure you aren't on 9.0 emunand when you checked the version?

i used a new 2gb sd card (no emunand) and checked again... and your right i have a downgraded mset, but the problem was when you use the mset downgrader of rxtools the version number of the system settings remains the same in this case 0x200B... but when i manually updated it the mset 9.x doesn't work any more so i manually downgraded it this time and the 9.x mset works and when i check on FBI it displays the correct version number now 0xc06

the i manually updated the systems settings to 0x200B the used rxtools mset downgrade and same result an downgraded mset but show the wrong ver on FBI, i'll forward ths on the rxtools tread

but the cake 9.X mset was sweeeet!

 

[b1l1s]

Will this MSET patch boot any CFW's Launcher.dat? I'd love to try out CakeFW, but I also need access to Ninjhax compatible CFWs to dump xorpads on my N3DS.
Failing that, mid-kid mentions that you could just download the 9.0 firmware.bin and modify the offsets, but I don't know how to modify them. Would someone be willing to do it for me?

I think @mid-kid is simplifying it a bit when he said that. The offset to Process9 is now hardcoded for firm 9.6. If you're willing to jump into modifying it I can help you get started.

; For firm 38 (9.0)
    firm_size            equ 0x000E9000

    patch000_addr        equ 0x0801A4C0 ; cake emunand
    patch001_addr        equ 0x0801B564 ; cake emunand
    patch002_addr        equ 0x080282F8 ; cake emunand
    patch003_addr        equ 0x08078724 ; cake emunand <- sd redir hook
    patch004_addr        equ 0x08078764 ; cake emunand <- sd redir hook
    patch005_addr        equ 0x080858E0 ; cake reboot
    patch008_addr        equ 0x08094200 ; cake reboot
    patch009_addr        equ 0x08063324 ; cake sig
    patch010_addr        equ 0x0805D458 ; cake sig

    fopen                equ 0x0805AF20
    fread                equ 0x0804D828
    pxi_wait_recv        equ 0x08054FB0

    sd_handle            equ 0x080D8670
    sdmmc_unk0            equ 0x08062840
    sdmmc_unk1            equ 0x08078868
    sdmmc_unk2            equ 0x08078648

    aes_setkey            equ 0x080573EC
    aes_unk                equ 0x0805F994

Please share the resulting cakes with us once you're done! Forking the repo is better though.

i used a new 2gb sd card (no emunand) and checked again... and your right i have a downgraded mset, but the problem was when you use the mset downgrader of rxtools the version number of the system settings remains the same in this case 0x200B... but when i manually updated it the mset 9.x doesn't work any more so i manually downgraded it this time and the 9.x mset works and when i check on FBI it displays the correct version number now 0xc06

the i manually updated the systems settings to 0x200B the used rxtools mset downgrade and same result an downgraded mset but show the wrong ver on FBI, i'll forward ths on the rxtools tread

but the cake 9.X mset was sweeeet!

Thanks for updating us!

 

[mid-kid]

I'm back; uploaded a new build of Cakes, along with a new CakesROP.nds (I won't version the latter).
MSET 9.0-9.2 support was added, though you have to downgrade your MSET to 4.x, using either gateway or rxTools or if you have compiled it, DHS.
I haven't tested them, but given the successful test results from people in this thread, I think it should work.
Note that it's only for 9.0-9.2.

MSET info:
JPN: 0004001000020000 v3074
USA: 0004001000021000 v3078
EUR: 0004001000022000 v3075
CHN: 0004001000026000 v8 (I guess...)
KOR: 0004001000027000 v1026
TWN: 0004001000028000 v8 (I guess...)

 

[Riku]

It seems downgrading MSET to 4.x on 2DS causes sort of a brick:
http://gbatemp.net/threads/nand-flash-dump-2ds.390964/
6.x MSET should work, though.

 

[mid-kid]

It seems downgrading MSET to 4.x on 2DS causes sort of a brick:
http://gbatemp.net/threads/nand-flash-dump-2ds.390964/
6.x MSET should work, though.

We don't have it working on MSET 6.x yet, unfortunately.
For now you should just avoid triggering the first-time configuration.

 

[Suiginou]

6.x MSET should work, though.

'xcept for the whole part where you find out there's no CakesROP for mset 6.x on 9.2 sysnand.

 

[TheNerdWIzard]

I'm back; uploaded a new build of Cakes, along with a new CakesROP.nds (I won't version the latter).
MSET 9.0-9.2 support was added, though you have to downgrade your MSET to 4.x, using either gateway or rxTools or if you have compiled it, DHS.
I haven't tested them, but given the successful test results from people in this thread, I think it should work.
Note that it's only for 9.0-9.2.

MSET info:
JPN: 0004001000020000 v3074
USA: 0004001000021000 v3078
EUR: 0004001000022000 v3075
CHN: 0004001000026000 v8 (I guess...)
KOR: 0004001000027000 v1026
TWN: 0004001000028000 v8 (I guess...)

Is installing MEST for 9.2 any different compared to 4.x?

 

[mid-kid]

Is installing MEST for 9.2 any different compared to 4.x?

Except that you have to downgrade the MSET app to the version specified in the post, no.

 

[TheNerdWIzard]

@mid-kid
Your latest revision doesn't work for me. I'm still using the spider exploit, but when it reboots, it is either not loading the cfw, or the cfw isn't working. I don't know which. My 3ds behaves like there have been no patches applied, and now my title manager and the latest gba cia that I installed has disappeared from the main menu. Everything else is still there. A white icon flashes where they should be at, so they are still there, just not displaying.

 

[zoogie]

It seems downgrading MSET to 4.x on 2DS causes sort of a brick:
http://gbatemp.net/threads/nand-flash-dump-2ds.390964/
6.x MSET should work, though.

Worked fine for me. Running 9x cake on 9.2 2ds without issue.

Seems like he was doing a bunch of stuff besides downgrading mset. mset 4x and whitelist downgrade are my two only mods. (i can confirm an official system restore can be troublesome though) but that's to be expected tbo.

 

[TheNerdWIzard]

@mid-kid
Your latest revision doesn't work for me. I'm still using the spider exploit, but when it reboots, it is either not loading the cfw, or the cfw isn't working. I don't know which. My 3ds behaves like there have been no patches applied, and now my title manager and the latest gba cia that I installed has disappeared from the main menu. Everything else is still there. A white icon flashes where they should be at, so they are still there, just not displaying.

Booting into pasta fixes the icon issue.

 

[Suiginou]

Worked fine for me. Running 9x cake on 9.2 2ds without issue.

Seems like he was doing a bunch of stuff besides downgrading mset. mset 4x and whitelist downgrade are my two only mods. (i can confirm an official system restore can be troublesome though) but that's to be expected tbo.

One important thing: The guy in the thread ran the "format system" option in the mset menu.

 

[zoogie]

One important thing: The guy in the thread ran the "format system" option in the mset menu.

That's what I meant by official system restore. It goes into an infinite loop though for me. Easily fixed with a GW system restore.

I actually did a full 4.5 system restore on that 2ds for fun once. The screen was badly distorted and mset didn't work. Was only able to flash back because I left my wifi on lol.

 

[mid-kid]

@mid-kid
Your latest revision doesn't work for me. I'm still using the spider exploit, but when it reboots, it is either not loading the cfw, or the cfw isn't working. I don't know which. My 3ds behaves like there have been no patches applied, and now my title manager and the latest gba cia that I installed has disappeared from the main menu. Everything else is still there. A white icon flashes where they should be at, so they are still there, just not displaying.

Make 100% sure your firmware.bin is the latest. Also make sure you've updated all the files in the zip.
Please also state your firmware version, and spider version.

 

[Suiginou]

That's what I meant by official system restore. It goes into an infinite loop though for me. Easily fixed with a GW system restore.

I actually did a full 4.5 system restore on that 2ds for fun once. The screen was badly distored and mset didn't work. Was only able to flash back because I left my wifi on lol.

I kinda wonder what would happen if I installed 1.0 mset on a 9.2 O3DS and tried to format the system through that.

 

[zoogie]

I kinda wonder what would happen if I installed 1.0 mset on a 9.2 O3DS and tried to format the system through that.

Don't do it unless you have a nand mod.

 

[TheNerdWIzard]

Make 100% sure your firmware.bin is the latest. Also make sure you've updated all the files in the zip.
Please also state your firmware version, and spider version.

I did update all files in the zip, I was using cakes_23 right before updating to cakes_26. My firmware is 9.0.0-20U. I don't know how to get the spider version number. I guess the default one.

 

[mid-kid]

I did update all files in the zip, I was using cakes_23 right before updating to cakes_26. My firmware is 9.0.0-20U. I don't know how to get the spider version number. I guess the default one.

I changed how the menu works from version 24. You have to select patches every time you boot.
Are you sure you've selected all the patches you need?
If you don't like this menu, you can stay on 23 for now. There's not much that has changed, and I still have to do autoboot/selection saving stuffs.

 

[TheNerdWIzard]

I changed how the menu works from version 24. You have to select patches every time you boot.
Are you sure you've selected all the patches you need?
If you don't like this menu, you can stay on 23 for now. There's not much that has changed, and I still have to do autoboot stuffs.

I understand I have to select patches, wait I just noticed while looking at the menu again, I misread "Disable signature checks" as "Disable signature patch". Lol, stupid me. I thought the sig check was automatic due to that.