Hacking [RELEASES] Eshop Spoof & Region Free for PastaCFW

lPolarisl · May 21, 2015

Gonna sound like a pirate with this, but is there a way to install and lauch out-of-region CIAs ?
(Awesome work btw)

The Real Jdbye · May 21, 2015

felipejfc said:
Hello all, I'm here to share with you 2 homebrews that i've developed today.

Ygw Eshop Spoofer (Allows you to enter eshop being on SYSNand<9.7 on both O3DS and N3DS 9.0~9.2)

Instructions:

Boot into PastaCFW, install the CIA with FBI or your preferred CIA installer, run it and press A, then just use eshop normally, it will not prompt for an update.

Download
Github Repo

Ygw Free Region Title Loader (Allows you to play games from allregions on both N3DS and O3DS, must work in any firmware compatible with PastaCFW)

Instructions:

Boot into PastaCFW, install the CIA with FBI or your preferred CIA installer, put the game into the console, run ygw free region title and press A, the console will reboot directly into the game.

Download
Github Repo

P.S.1. YGW stands for "Y a Gateway!?"
P.S.2. I have plans on injecting this 2 capabilities directly inside pastacfw and make them automatic, maybe capito27 or AlbertoSONIC can work with me for doing it.

Enjoy. Feel free to send pull requests.

Long live for the open source community.

Thanks to:
I'll list the thanks tomorrow as there are so many people and i have to sleep now.

And f*** those who keeps their work just for themselves and use it just for showing off and give false hope to others... You know who I'm talking 'bout...

Nice work, but wouldn't it be better to patch the cfw to be region free instead of having a separate loader that just does what DevMenu does?

felipejfc · May 21, 2015

The Real Jdbye said:
Nice work, but wouldn't it be better to patch the cfw to be region free instead of having a separate loader that just does what DevMenu does?

Sure, it would be better, if I discover a way for doing that I'll send a pull-request into pastacfw repo... I think it may be just a little patch in the home process.

capito27 · May 21, 2015

felipejfc said:
Sure, it would be better, if I discover a way for doing that I'll send a pull-request into pastacfw repo... I think it may be just a little patch in the home process.

I may sound like a total ignorant, but can you patch home process (or for the matter any process) through Brahma (ARM9 environment) ?

Alkéryn · May 21, 2015

lPolarisl said:
Gonna sound like a pirate with this, but is there a way to install and lauch out-of-region CIAs ?
(Awesome work btw)

Yup but you will have to launch them with pasta + ntr or from bbm

VerseHell · May 21, 2015

Alkéryn said:
Yup but you will have to launch them with pasta + ntr or from bbm

Not if the cia is patched for region free.

The Real Jdbye · May 21, 2015

felipejfc said:
Sure, it would be better, if I discover a way for doing that I'll send a pull-request into pastacfw repo... I think it may be just a little patch in the home process.

I think the function Home Menu uses to read the icon/check the region lock would be in one of these, but I don't really see anything that's obviously related.
http://3dbrew.org/wiki/Application_Manager_Services
http://3dbrew.org/wiki/NS_and_APT_Services
Either patching the home menu to ignore the region lock, or patch the related function so that it always returns 0x7FFFFFFF would work.

There's a lot of information on the Home Menu boot process here.
http://3dbrew.org/wiki/Home_Menu#Home_Menu_startup
It doesn't specifically mention where the banner is read or where the region lock is checked though.

Pizzakoe · May 21, 2015

Can I use this to update my Mii Plaza?

DJPlayer · May 21, 2015

Pizzakoe said:
Can I use this to update my Mii Plaza?

yes you can. Did it on my 3DS, too

felipejfc · May 22, 2015

capito27 said:
I may sound like a total ignorant, but can you patch home process (or for the matter any process) through Brahma (ARM9 environment) ?

I'm still studying that bit I think that no, we have to inject ARM11 code through ARM9...
Or create a .3dsx and call it somehow using firm launch arguments

Alkéryn · May 22, 2015

shinyquagsire23 said:
Nice work, kinda silly how nobody even thought to just do the proper calls which regionthree did to get this. Still neat though, I never liked region locking. Always felt kinda silly to me

So you admit that even if it is a piracy cfw it is still a cool cfw?

MelonGx · May 22, 2015

I want to visit e-shop with 4.X. Will it support PBT installing?

cearp · May 22, 2015

VerseHell said:
Not if the cia is patched for region free.

sure of course, but we might as well do one more patch to the cfw to allow region free, than have to decrypt and patch every single game in existence to make it 'region free'

cearp · May 22, 2015

MelonGx said:
I want to visit e-shop with 4.X. Will it support PBT installing?

pasta cfw is nicer than pbt. but, now, we need cubic ninja to launch pasta.

MelonGx · May 22, 2015

cearp said:
pasta cfw is nicer than pbt. but, now, we need cubic ninja to launch pasta.

That's OK.....

--------------------------------

Just tested that this app doesn't work on MT-card emuNAND 9.4.0-21J.
It can be installed and executed. But after applied the spoof, the e-shop still reminds me updating firmware.

shinyquagsire23 · May 22, 2015

Alkéryn said:
So you admit that even if it is a piracy cfw it is still a cool cfw?

I never said a piracy CFW was cool, I said this was cool. eShop spoof is nice for several things and it's nice to see it usable from something besides NTR.

Alkéryn · May 22, 2015

shinyquagsire23 said:
I never said a piracy CFW was cool, I said this was cool. eShop spoof is nice for several things and it's nice to see it usable from something besides NTR.

I like it mostly for 100 % success rate :3

NewWorldOrder · May 22, 2015

NewWorldOrder said:
process patching from arm9 is not a trivial task i'd say. maybe the pasta cfw can be modified to set firm launch parameters in a way so that your CIA application will automatically be launched after reboot/firmlaunch. see http://www.3dbrew.org/wiki/FIRM#FIRM_Launch_Parameters

"The FIRM-launch parameters structure is located at FCRAM+0, size 0x1000-bytes."
we're talking physical addresses in arm9 context here. so this should be 0x23000000.

0x440 0x10 Titleinfo structure, used by NS during NS startup, to launch the specified title when the below flag is set.
0x460 0x4 Bit0: 0 = titleinfo structure isn't set, 1 = titleinfo structure is set.

get title id of your process patching application and make arm9 code of pasta cfw (loader.bin) set the above fields at offset 0x440 and 0x460. didnt try myself but should be worth a shot.
sth like
memcpy((void *)0x23000440, &titleinfo, sizeof(titleinfo));
*(u32 *)0x23000460 |= 1;

Alkéryn · May 22, 2015

Could you patch system menu or region lock so we can also use others region cia?

NewWorldOrder · May 22, 2015

Alkéryn said:
Could you patch system menu or region lock so we can also use others region cia?

doesn't the ntr firmware remove cia region lock? the guy who wrote brahma has a disassembly of the ntr firmware on his github, so you could just look it up there and "steal" the technique

Hacking [RELEASES] Eshop Spoof & Region Free for PastaCFW

Well-Known Member

*is birb*

Well-Known Member

Well-Known Member

Moon Dweller ~

Well-Known Member

*is birb*

Member

Banned!

Well-Known Member

Moon Dweller ~

Well-Known Member

瓜老外

瓜老外

Well-Known Member

SALT/Sm4sh Leak Guy

Moon Dweller ~

Active Member

Moon Dweller ~

Active Member

Similar threads

Popular threads in this forum

is birb

is birb