Hacking [Release] rxTools - Roxas75 3DS Toolkit [fw 2.0 - 9.2]

ccfman2004 · Jul 18, 2015

zerolinks said:
I'm having these issues on Rxtools 2.6 with emunand 9.9.

I am using 2.6b and I'm not, weird. What is you SD Card capacity, speed and brand? I'm using a Polaroid 64GB Class 10.

AlbertoSONIC · Jul 18, 2015

We, me and @nastys , are happy to announce that we have added 3D support for custom themes! Check out latest github commit!

TOPL.bin is for the left framebuffer
TOPR.bin is for the right framebuffer

Now there's also an option in the settings screen to enable/disable 3d.

P.S. If you want to see 3d, you have to enable it with the slider BEFORE booting rxtools, as arm9 doesn't react to 3d slider...

nastys · Jul 18, 2015

AlbertoSONIC said:
We, me and @nastys , are happy to announce that we have added 3D support for custom themes! Check out latest github commit!

TOPL.bin is for the left framebuffer
TOPR.bin is for the right framebuffer

Now there's also an option in the settings screen to enable/disable 3d.

P.S. If you want to see 3d, you have to enable it with the slider BEFORE booting rxtools, as arm9 doesn't react to 3d slider...

I almost forgot...
There is also a new option that hides "Press R to show the menu", loads the proper image and boots quicker

Latest rxTools.dat: http://gbatemp.net/threads/rxtools-with-pasta-cfw-theme-thread.392626/page-3#post-5579933

morvoran · Jul 18, 2015

Would it be possible for someone to add the ability to dump the "seedbin" file to rxtools dumping feature on a future revision?

The file is located at NAND:\data\<console-unique>\sysdata\0001000f\00000000

With most (if not all) new eshop games having the new seedbin encryption, it can be tedious to extract your nand/emunand, extract the fat16 partition, and extract the seedbin file every time a new game comes out that you want to decrypt. It would be a lot easier to just have rxtools dump this file instead.

AHP_person · Jul 18, 2015

KashiToxicBlood said:
http://pastebin.com/qRPRwKig here is some code, it's a process9 decryptor,

the thing that is patched w/ CFWs
aka ARM9 section
crypted on N3DS, goes along with the pretty keys that were leaked by someone yesterday

http://pastebin.com/7r4tgn0n :/

andrew weeks · Jul 18, 2015

AHP_person said:
http://pastebin.com/7r4tgn0n :/

So, could this lead to some 9.3+ arm9 exploit?

AHP_person · Jul 18, 2015

andrew weeks said:
So, could this lead to some 9.3+ arm9 exploit?

No, the quote in my post had a paste that was just an older version of the paste I posted.

Blinker · Jul 19, 2015

How can u upgrade rxTools, i have 2.4 and i want to update to 2.6?

ccfman2004 · Jul 19, 2015

Blinker said:
How can u upgrade rxTools, i have 2.4 and i want to update to 2.6?

You just download the new rxTools.dat file on your computer and put it on the SD card.

VerseHell · Jul 19, 2015

You also need to redownload the firmware.bin.

Shadow#1 · Jul 19, 2015

Anything broken in nh2.0?

andrew weeks · Jul 19, 2015

Shadow#1 said:
Anything broken in nh2.0?

People's remaining minimal hopes for CFW, that's been broken

chronoss · Jul 19, 2015

nastys said:
I almost forgot...
There is also a new option that hides "Press R to show the menu", loads the proper image and boots quicker

Latest rxTools.dat: http://gbatemp.net/threads/rxtools-with-pasta-cfw-theme-thread.392626/page-3#post-5579933

It was my idea and it works very well

Thanks a lot

urherenow · Jul 19, 2015

Gadorach said:
Ninjhax 2.0 dosen't hook the browser applet, and therefore doesn't depend on its presence. It works regardless of whether or not you have one installed. But for consistency's sake, most new consoles have the browser installed.

Then how does it download the payload?

ccfman2004 said:
I am using 2.6b and I'm not, weird. What is you SD Card capacity, speed and brand? I'm using a Polaroid 64GB Class 10.

Class 10 isn't all that relevant with regards to speed. There are class 10's that read at 35MB/s and there are Class 10's that read at 45MB/s, then there are UHS 1's that are compatible with Class 10's that read at 90MB/s or more...

Gadorach · Jul 19, 2015

urherenow said:
Then how does it download the payload?

If the 3DS couldn't download anything without the internet browser installed, then how exactly would non-browsered consoles and safe-mode firmware connect to the Nintendo servers to grab updates?

HTTP access is a service, not an applet. The web browser just has access to the HTTP service. Cubic Ninja natively has access to the HTTP service as well, no browser required. The browser was used to steal additional system service permissions, not to download the 2nd-stage payload.

urherenow · Jul 19, 2015

Gadorach said:
If the 3DS couldn't download anything without the internet browser installed, then how exactly would non-browsered consoles and safe-mode firmware connect to the Nintendo servers to grab updates?

HTTP access is a service, not an applet. The web browser just has access to the HTTP service. Cubic Ninja natively has access to the HTTP service as well, no browser required. The browser was used to steal additional system service permissions, not to download the 2nd-stage payload.

Ninjhax 1 works on N3DS and the N3DS browser has never been exploited, so I don't buy it. It wasn't needed to gain additional services. It was used to download the payload.

Edit: Ninjhax 1 definitely does not work with no browser installed.

Gadorach · Jul 19, 2015

urherenow said:
Ninjhax 1 works on N3DS and the N3DS browser has never been exploited, so I don't buy it. It wasn't needed to gain additional services. It was used to download the payload.

Edit: Ninjhax 1 definitely does not work with no browser installed.

Once again, the browser is used to steal service permissions. Ninjhax launches the app, grabs the process handle, and injects code into it to make it use its elevated permissions to grant the Ninjhax process additional service permissions. The browser is not directly attacked, or exploited, in the traditional fashion. It makes no use of the webkit exploit that you're basing the browser's hack-ability on. HTTP is a service, not an applet.

http://smealum.net/?p=517

Read the write up. You'll find that Ninjhax downloads and installs the complete payload long before the browser is taken over. http:C is the specific service, and Cubic Ninja has native access to this service.

Apache Thunder · Jul 19, 2015

Any chance one could add a "CTR Encrypter" option? We can decrypt CXI/CCI with CTR Decrypter. But it would be cool to be able to re-encrypt using retail keys. That would allow for custom system apps in CFW (as system apps must be encrypted with retail keys on firmware 7+. Though I'm unsure when exactly encryption started to be enforced for system apps).

Currently CFW doesn't allow for zero key encrypted content like Gateway does.

It would make modifying existing system apps easier as well.

Rioluwott · Jul 19, 2015

How can i install rxtools on a 2.2u 3ds?

dkabot · Jul 19, 2015

Rioluwott said:
How can i install rxtools on a 2.2u 3ds?

Depends on the exact version. 2.2-XXU where XX is the browser version. If it's there and supported you could just use it as normal maybe.
Otherwise maybe update to 4.x with cart and use MSET?

Hacking [Release] rxTools - Roxas75 3DS Toolkit [fw 2.0 - 9.2]

Well-Known Member

Pasta Team Member

Well-Known Member

President-Elect

Well-Known Member

Well-Known Member

Well-Known Member

New Member

Well-Known Member

Well-Known Member

Wii, 3DS Softmod & Dumpster Diving Expert

Well-Known Member

Well-Known Member

Well-Known Member

Electronics Engineering Technologist

Well-Known Member

Electronics Engineering Technologist

I have cameras in your head!

Well-Known Member

Better With Others' Systems Than Their Own

Similar threads

Popular threads in this forum