Hacking [Release] rxTools - Roxas75 3DS Toolkit [fw 2.0 - 9.2]

Status
Not open for further replies.
AlbertoSONIC

AlbertoSONIC

Pasta Team Member
Member
Level 8
Joined
Jun 27, 2014
Messages
927
Trophies
0
Age
52
Website
www.albertosonic.com
XP
1,396
Country
Italy
We, me and @nastys , are happy to announce that we have added 3D support for custom themes! Check out latest github commit!

TOPL.bin is for the left framebuffer
TOPR.bin is for the right framebuffer

Now there's also an option in the settings screen to enable/disable 3d.

P.S. If you want to see 3d, you have to enable it with the slider BEFORE booting rxtools, as arm9 doesn't react to 3d slider... ;)
 
  • Like
Reactions: DSoryu, satan89, VinsCool and 8 others
nastys

nastys

ナースティス
Member
Level 9
Joined
Aug 5, 2014
Messages
1,730
Trophies
0
Age
26
Location
Earth
XP
1,794
Country
Italy
AlbertoSONIC said:
We, me and @nastys , are happy to announce that we have added 3D support for custom themes! Check out latest github commit!

TOPL.bin is for the left framebuffer
TOPR.bin is for the right framebuffer

Now there's also an option in the settings screen to enable/disable 3d.

P.S. If you want to see 3d, you have to enable it with the slider BEFORE booting rxtools, as arm9 doesn't react to 3d slider... ;)
Click to expand...
I almost forgot...
There is also a new option that hides "Press R to show the menu", loads the proper image and boots quicker :)

Latest rxTools.dat: http://gbatemp.net/threads/rxtools-with-pasta-cfw-theme-thread.392626/page-3#post-5579933
 
  • Like
Reactions: chronoss, JJTapia19 and AlbertoSONIC
morvoran

morvoran

President-Elect
Member
Level 10
Joined
Dec 19, 2010
Messages
1,032
Trophies
0
Location
MAGA Country
XP
2,358
Country
United States
Would it be possible for someone to add the ability to dump the "seedbin" file to rxtools dumping feature on a future revision?

The file is located at NAND:\data\<console-unique>\sysdata\0001000f\00000000

With most (if not all) new eshop games having the new seedbin encryption, it can be tedious to extract your nand/emunand, extract the fat16 partition, and extract the seedbin file every time a new game comes out that you want to decrypt. It would be a lot easier to just have rxtools dump this file instead.
 
chronoss

chronoss

Well-Known Member
Member
Level 15
Joined
May 26, 2015
Messages
3,009
Trophies
1
XP
4,907
Country
Congo, Republic of the
Last edited by chronoss,
  • Like
Reactions: nastys
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,809
Trophies
2
Age
48
Location
Japan
XP
3,716
Country
United States
Gadorach said:
Ninjhax 2.0 dosen't hook the browser applet, and therefore doesn't depend on its presence. It works regardless of whether or not you have one installed. But for consistency's sake, most new consoles have the browser installed.
Click to expand...
Then how does it download the payload?

ccfman2004 said:
I am using 2.6b and I'm not, weird. What is you SD Card capacity, speed and brand? I'm using a Polaroid 64GB Class 10.
Click to expand...
Class 10 isn't all that relevant with regards to speed. There are class 10's that read at 35MB/s and there are Class 10's that read at 45MB/s, then there are UHS 1's that are compatible with Class 10's that read at 90MB/s or more...
 
Gadorach

Gadorach

Electronics Engineering Technologist
Member
Level 6
Joined
Jan 22, 2014
Messages
970
Trophies
0
Location
Canada
XP
956
Country
Canada
urherenow said:
Then how does it download the payload?
Click to expand...
If the 3DS couldn't download anything without the internet browser installed, then how exactly would non-browsered consoles and safe-mode firmware connect to the Nintendo servers to grab updates?

HTTP access is a service, not an applet. The web browser just has access to the HTTP service. Cubic Ninja natively has access to the HTTP service as well, no browser required. The browser was used to steal additional system service permissions, not to download the 2nd-stage payload.
 
  • Like
Reactions: Hashtastrophe and lemanuel
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,809
Trophies
2
Age
48
Location
Japan
XP
3,716
Country
United States
Gadorach said:
If the 3DS couldn't download anything without the internet browser installed, then how exactly would non-browsered consoles and safe-mode firmware connect to the Nintendo servers to grab updates?

HTTP access is a service, not an applet. The web browser just has access to the HTTP service. Cubic Ninja natively has access to the HTTP service as well, no browser required. The browser was used to steal additional system service permissions, not to download the 2nd-stage payload.
Click to expand...
Ninjhax 1 works on N3DS and the N3DS browser has never been exploited, so I don't buy it. It wasn't needed to gain additional services. It was used to download the payload.

Edit: Ninjhax 1 definitely does not work with no browser installed.
 
Gadorach

Gadorach

Electronics Engineering Technologist
Member
Level 6
Joined
Jan 22, 2014
Messages
970
Trophies
0
Location
Canada
XP
956
Country
Canada
urherenow said:
Ninjhax 1 works on N3DS and the N3DS browser has never been exploited, so I don't buy it. It wasn't needed to gain additional services. It was used to download the payload.

Edit: Ninjhax 1 definitely does not work with no browser installed.
Click to expand...
Once again, the browser is used to steal service permissions. Ninjhax launches the app, grabs the process handle, and injects code into it to make it use its elevated permissions to grant the Ninjhax process additional service permissions. The browser is not directly attacked, or exploited, in the traditional fashion. It makes no use of the webkit exploit that you're basing the browser's hack-ability on. HTTP is a service, not an applet.

http://smealum.net/?p=517

Read the write up. You'll find that Ninjhax downloads and installs the complete payload long before the browser is taken over. http:C is the specific service, and Cubic Ninja has native access to this service.
 
Apache Thunder

Apache Thunder

I have cameras in your head!
Member
Level 17
Joined
Oct 7, 2007
Messages
4,453
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,862
Country
United States
Any chance one could add a "CTR Encrypter" option? We can decrypt CXI/CCI with CTR Decrypter. But it would be cool to be able to re-encrypt using retail keys. That would allow for custom system apps in CFW (as system apps must be encrypted with retail keys on firmware 7+. Though I'm unsure when exactly encryption started to be enforced for system apps).

Currently CFW doesn't allow for zero key encrypted content like Gateway does.

It would make modifying existing system apps easier as well. :D
 
  • Like
Reactions: I pwned U!, DSoryu, WhoAmI? and 3 others
dkabot

dkabot

Better With Others' Systems Than Their Own
Member
Level 5
Joined
Sep 9, 2014
Messages
1,042
Trophies
0
XP
626
Country
United States
Rioluwott said:
How can i install rxtools on a 2.2u 3ds?
Click to expand...
Depends on the exact version. 2.2-XXU where XX is the browser version. If it's there and supported you could just use it as normal maybe.
Otherwise maybe update to 4.x with cart and use MSET?
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Hardware  New Nintendo 3DS XL Louvre

What's the best 3DS emulator (especially after Citra's shutdown)?

So what's the current state of hacking and freeshop?

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

Accidentally snapped sd card in half, what to do now?

Hacking Homebrew  3DS System Transfer Questions

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @K3Nv2, RIP Felix does great videos on the PS3 yellow-light-of-death.