[Request] CTRAging (3ds debug app) research.

By PabloMK7, Jan 23, 2016 77,004 550 21

Page 1 of 28
  1. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer
    Level 12

    Joined:
    Feb 21, 2014
    Messages:
    2,438
    Country:
    Spain
    Do you remember the debug card AGING-NTR also known as NTR-EVA which had some tests for the NDS?

    CTRAging, the 3DS equivalent to AGING-NTR, is an app used for testing the hardware at the factory, before it is approved for selling.
    And after the tests, it uninstalls itself as well as other test apps, such as DevMenu.
    However, uninstall isn't equal to fully deleted from NAND, that means:

    YOU PROBABLY STILL HAVE IT IN YOUR FAT16 PARTITION OF YOUR NAND.

    Great right!? Well.... no. Each time the console writes to NAND, it has a chance to overwrite it, because since it is no longer installed, the 3ds doesn't care about overwriting it. That means, the most used the system is, less probabilities to still have it in NAND. As stated here, sometimes only the TitleID is kept in NAND, other times its header, or nothing. I tried with my two o3ds, the first, which went throught many updates (5.0 to 9.2), didn't have it at all. However, my 2nd 3DS, which went from 1.0 to 4.5 with a card update (yes, I know I shouldn't have to update), only had the TitleID (000400000F980000) between a lot of FF.

    If you want to try a working copy on your N3DS (O3DS crashes), you can go to pastebin and search for 3DS ctraging.

    (29/05/16) The N3DS dump is working, it has to be launched from DevMenu. Video by @CrispyYoshi (thanks :))



    Holding START shows a menu!
    [​IMG]

    So if you feel like you have a OLD 3DS which never updated, and hasn't been used much, you may be lucky. Dump and decrypt your fat16 partition and search for the TitleID, here it is how:

    EDIT: check the following post for an updated tool and instructions.

    Put that file on your 3DS SD, run Decrypt9 and select NCCH Decryptor. If you can read "Exheader / Exefs / Romfs: whatever / OK / whatever" let me know :)
     
    Last edited by PabloMK7, Jun 6, 2019
    ry755, Subötaï, 8BitWonder and 18 others like this.
  2. Reisyukaku

    Reisyukaku Onii-sama~
    Developer
    Level 16

    Joined:
    Feb 11, 2014
    Messages:
    1,534
    Country:
    United States
    I've been looking for this for a while as well. I dumped my Animal Crossing N3DS NAND before the first power on, and no goodies were found.
     
    cearp likes this.
  3. froggestspirit

    froggestspirit D/P/Pt Demix Guy
    Member
    Level 8

    Joined:
    Jul 28, 2011
    Messages:
    1,269
    Country:
    United States
    would this be a legit signed thing? and it uninstalls devmenu? seems like it could lead to something (or I'm just hopeful)
     
  4. Suiginou

    Suiginou (null)
    Member
    Level 6

    Joined:
    Jun 26, 2012
    Messages:
    565
    Country:
    Gambia, The
    Note a launchday 1.0 O3DS doesn't necessarily have a clean CTRAging, either. Even just the initial system setup tasks have a chance to botch it. Some 3DSes contain no factory titles at all.

    An unbooted or barely used N3DS has a decent chance of having a full CTRAging, but it seems neutered in terms of service lists (exheader) compared to the O3DS one, so the O3DS one is more interesting.

    Also worth to note: It seems what gets overwritten in terms of NAND sectors is pretty much random. I found a bunch of factory titles (only a broken CTRAging, however) on a 3DS that had gone through a lot of versions before the first NAND dump. Even people with a O3DS not in prime conditions should try and dump CTRAging.
     
    Last edited by Suiginou, Jan 23, 2016
    Seamus9999 likes this.
  5. MassExplosion213

    MassExplosion213 .
    Member
    Level 7

    Joined:
    Feb 15, 2015
    Messages:
    1,464
    Country:
    United States
    So the N3DS one is dumped?
     
  6. Suiginou

    Suiginou (null)
    Member
    Level 6

    Joined:
    Jun 26, 2012
    Messages:
    565
    Country:
    Gambia, The
    Yes, IcySon55 on the CakesFW IRC got a full dump where exefs and romfs hashes check out.
     
    alivebacon, PabloMK7 and Seamus9999 like this.
  7. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer
    Level 12

    Joined:
    Feb 21, 2014
    Messages:
    2,438
    Country:
    Spain
    You already need to have kernel to install legit cias, so there is no point to use ctraging to get kernel access, and anyway, all it is supposed to do is make a factory setup.
     
    Last edited by PabloMK7, Jan 24, 2016
  8. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer
    Level 12

    Joined:
    Feb 21, 2014
    Messages:
    2,438
    Country:
    Spain
    Mhetralla and Vappy like this.
  9. Reisyukaku

    Reisyukaku Onii-sama~
    Developer
    Level 16

    Joined:
    Feb 11, 2014
    Messages:
    1,534
    Country:
    United States
    Do you have a working ticket for it? or should i make a fake one? i'd test it on my n3ds
     
  10. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer
    Level 12

    Joined:
    Feb 21, 2014
    Messages:
    2,438
    Country:
    Spain
    I only converted the cxi to a cia, it Imported fine, but crashed at the Nintendo 3ds logo.
    I was able to see the App title: Test Programm Nintendo Co, and the icon, the same as safety info. The banner doesn't display because is incorrect, it has 2 CGFX which can't be opened in EFE or ohana.
     
  11. Reisyukaku

    Reisyukaku Onii-sama~
    Developer
    Level 16

    Joined:
    Feb 11, 2014
    Messages:
    1,534
    Country:
    United States
    I just tried it on both sysnand and emunand.. same result.
    It boots up and gets past the logo, it sits at a black screen for a second, then you see the backlight come on for a second, then I get the 'power button error'
     
  12. NekoMichi

    NekoMichi Retro Collector
    Member
    Level 11

    Joined:
    Jun 4, 2015
    Messages:
    1,441
    Country:
    I have an N3DS that came with 9.0E, NAND.bin was dumped with emuNAND9 pretty much as soon as initial setup was complete after purchase. Would that be of use to anyone trying to examine CTRAging traces?
     
  13. daxtsu

    daxtsu GBAtemp Guru
    Member
    Level 14

    Joined:
    Jun 9, 2007
    Messages:
    5,627
    Country:
    Antarctica
    Maybe it needs the 178MB mode? Just a guess, though.
     
    kiwiis likes this.
  14. shutterbug2000

    shutterbug2000 Cubic NINJHAX!
    Member
    Level 14

    Joined:
    Oct 11, 2014
    Messages:
    1,088
    Country:
    United States
    Huh. My N3DS is fairly new(lol). How would I know if I have it?
     
  15. Suiginou

    Suiginou (null)
    Member
    Level 6

    Joined:
    Jun 26, 2012
    Messages:
    565
    Country:
    Gambia, The
    Yes, that'd be prime material... Well, except there's a CTRAging dump already, but maybe there were more factory titles, so whatever.

    Note since the NAND keys are console-unique, you'll also need a dump of the FAT16 xorpad for CTRNAND.
     
  16. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer
    Level 12

    Joined:
    Feb 21, 2014
    Messages:
    2,438
    Country:
    Spain
    Use rxtools or whatever to generate fat16 xorpad. I'll update first post with a tool to decrypt fat16.
     
    NekoMichi likes this.
  17. ketal

    ketal aiueo
    Member
    Level 5

    Joined:
    Aug 20, 2015
    Messages:
    744
    Country:
    Italy
    My nand dump from a brand new console is clean, didn't find the app there
     
  18. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer
    Level 12

    Joined:
    Feb 21, 2014
    Messages:
    2,438
    Country:
    Spain
    You have to open the fat16 image with HxD and search 0000980F00000400
     
    Last edited by PabloMK7, Jan 25, 2016
  19. piratesephiroth

    piratesephiroth I wish I could read
    Member
    Level 11

    Joined:
    Sep 5, 2013
    Messages:
    3,441
    Country:
    Brazil
    More like "you probably don't have it, but you could try anyway"
     
    smallissue, Ricken, ketal and 1 other person like this.
  20. ketal

    ketal aiueo
    Member
    Level 5

    Joined:
    Aug 20, 2015
    Messages:
    744
    Country:
    Italy
    That's what I did
     
531 more messages...
Page 1 of 28
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - [Request], CTRAging, research

  1. ThomasTom

    [Request] load .bin onto amiibo via Wii U Homebrew

    ThomasTom, Mar 8, 2017, in forum: Wii U - Homebrew
    Replies:
    2
    Views:
    1,835
    Farresb
    Feb 20, 2021 at 10:18 AM
  2. Mwc

    [REQUEST] Hyrule Warriors: DE editor?

    Mwc, Jun 5, 2018, in forum: Switch - ROM Hacking, Saves, Translations & Tools
    Replies:
    159
    Views:
    34,819
    iSharingan
    Feb 14, 2021
  3. rdavis0688

    Resident Evil Revelations 1 & 2 Research

    rdavis0688, Jul 11, 2018, in forum: Switch - ROM Hacking, Saves, Translations & Tools
    Replies:
    109
    Views:
    27,429
    CrisFTW
    Feb 9, 2021
  4. adrexr

    [Request] Crash Team Racing Nitro Fueled Save for latest version

    adrexr, Feb 8, 2021, in forum: PS4 - Games & Content
    Replies:
    0
    Views:
    199
    adrexr
    Feb 8, 2021
  5. Soukai

    [Request] Crash Team Racing Savedata for 5.05

    Soukai, Jan 28, 2021, in forum: PS4 - Games & Content
    Replies:
    4
    Views:
    381
    godreborn
    Feb 8, 2021