[Request] CTRAging (3ds debug app) research.

Do you remember the debug card AGING-NTR also known as NTR-EVA which had some tests for the NDS?

CTRAging, the 3DS equivalent to AGING-NTR, is an app used for testing the hardware at the factory, before it is approved for selling.
And after the tests, it uninstalls itself as well as other test apps, such as DevMenu.
However, uninstall isn't equal to fully deleted from NAND, that means:

YOU PROBABLY STILL HAVE IT IN YOUR FAT16 PARTITION OF YOUR NAND.

Great right!? Well.... no. Each time the console writes to NAND, it has a chance to overwrite it, because since it is no longer installed, the 3ds doesn't care about overwriting it. That means, the most used the system is, less probabilities to still have it in NAND. As stated here, sometimes only the TitleID is kept in NAND, other times its header, or nothing. I tried with my two o3ds, the first, which went throught many updates (5.0 to 9.2), didn't have it at all. However, my 2nd 3DS, which went from 1.0 to 4.5 with a card update (yes, I know I shouldn't have to update), only had the TitleID (000400000F980000) between a lot of FF.

If you want to try a working copy on your N3DS (O3DS crashes), you can go to pastebin and search for 3DS ctraging.

(29/05/16) The N3DS dump is working, it has to be launched from DevMenu. Video by @CrispyYoshi (thanks )



Holding START shows a menu!

Spoiler

So if you feel like you have a OLD 3DS which never updated, and hasn't been used much, you may be lucky. Dump and decrypt your fat16 partition and search for the TitleID, here it is how:

EDIT: check the following post for an updated tool and instructions.

Put that file on your 3DS SD, run Decrypt9 and select NCCH Decryptor. If you can read "Exheader / Exefs / Romfs: whatever / OK / whatever" let me know

 

You already need to have kernel to install legit cias, so there is no point to use ctraging to get kernel access, and anyway, all it is supposed to do is make a factory setup.

 

Thanks to IcySon55, I managed to decrypt CTRAging contents. Trying to run it directly crashes, probably because it is N3DS only.

There are some interesting things, such as instructions of how to test the gyroscope

 

I only converted the cxi to a cia, it Imported fine, but crashed at the Nintendo 3ds logo.
I was able to see the App title: Test Programm Nintendo Co, and the icon, the same as safety info. The banner doesn't display because is incorrect, it has 2 CGFX which can't be opened in EFE or ohana.

 

Use rxtools or whatever to generate fat16 xorpad. I'll update first post with a tool to decrypt fat16.

 

You have to open the fat16 image with HxD and search 0000980F00000400