1. Idontknowwhattoputhere

    Member

    Joined:
    Jan 19, 2019
    Messages:
    759
    Country:
    United Kingdom
    As @Sono said
    You'd need a perfect dump of it
    not one byte of code missing
     
  2. Razor83

    Razor83 GBAtemp Fan
    Member

    Joined:
    Dec 23, 2009
    Messages:
    363
    Country:
    Great to hear you got v2 working Sono, even if its not as interesting as v1.

    I would love to know more about how you got v2 working - did you perform hex comparisons with v3 to manually repair the corrupted areas?

    Also just a random thought I had - do dev consoles go through the exact same factory installation procedure as retail consoles, or is it slightly different? If so might a dev console be more likely to have CTRAging v1 intact?
     
    Last edited: Jun 9, 2019
  3. Sono

    Sono Modern slave
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,948
    Country:
    Hungary
    I don't have any v3 dumps, only the publically leaked v3 version (N3DSEncrypted_CTRAging.cia), so I can't really compare it against it, considering how awfully unstable v3 is, which makes me think that the dump still includes some sort of corruption in its codebin.
    However, thanks to @PabloMK7 's suggestion, I was able to get almost everything working using the ROMFS from v3, except key test (all of the tests crash or hang, so they were skipped in the video), and the LCD test slightly below it (which is missing a top.bmp).

    I got v2 code working by a lot of bruteforcing and manual work. I did write 3 tools to help me with doing 13-way data comparison, but otherwise it's a very manual process of sitting in HxD, copypasting chunks of data from 13 files into a dummy file, doing more stuff with it on the other 2 tools, then putting it into IDA to see if the disassembly is valid or not.
    Repeat this until you recognize the CTRSDK _start sequence and you find SVC 3 as the last branch to signal success.

    My only enemies are bit corruptions though. For some dumps they are almost identical, except some BITS are different from the rest of the files. Due to almost all bit combinations creating valid disassembly which makes sense, it's impossible to 100% recreate the original code without some sort of reference (at which point you'd use the reference instead of just makeshifting up all this contraption).

    I'm pretty sure dev consoles (especially early ones) contain more goodies than a retail console, but good luck finding one which has NEVER EVER been turned on. Remember, if you get to see the setup screen then you know you're screwed, and you'll never be able to recover exefs from the NCCH.
     
    Razor83 and PabloMK7 like this.
  4. Sono

    Sono Modern slave
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,948
    Country:
    Hungary
    I have hard evidence to back up my claim that dumping CTRAging v1 is impossible.

    Looking at each encrypted NCCH (I have no idea why I have 3 decrypted NCCHs, or why they are decrypted in the first place) I have noticed that 0x1000 to 0x6000 and 0x8000 to 0xE000 are consistently corrupted with valid data. Inspecting the data more closely, it confirms that it's BOSS savedata. This is confirmed by a FAT inspection (/DATA/<ID>/SYSDATA/00010034/00000000), and the fact that a SAVE header is present right above the CTRAging NCCH.

    Looking at the data even more closely I noticed that a lot of times the CTRAging data is overwritten in the middle by random system applications (like Download Play, News applet, Home Menu), but there was this one lucky dump where there was a CVer title in the middle of the CTRAging dump. Dumping it reveals that CTRAging v1.00 still ships even with 4.2.0-U systems (assuming it was factory 4.2.0 and not updated), so there is still some slight hope of finding a dump where the BOSS savedata hasn't overwritten the two regions mentioned above.

    But yeah, unless there is some lucky 3DS out there where the BOSS savedata hasn't trolled itself into the start of CTRAging v1 then there is no way to ever finish the reconstruction of CTRAging v1. The rest of the code has been reconstructed, except where those two troll corruptions happen.
     
    Last edited: Jun 18, 2019
    Dionicio3 and PabloMK7 like this.
  5. Razor83

    Razor83 GBAtemp Fan
    Member

    Joined:
    Dec 23, 2009
    Messages:
    363
    Country:
    Might you know exactly when the BOSS (SpotPass) savedata is created? Is it in the factory, upon initial system setup, or after activating SpotPass in a game? Just trying to work out if theres even a chance we could recover CTRAging v1.
     
    Last edited: Jun 21, 2019
  6. Sono

    Sono Modern slave
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,948
    Country:
    Hungary
    I don't know because appearently all CTRAging dumps are from 3DSes which were sadly already turned on. By doing a shallow analysis on the BOSS data, it seems like there is a ~66% that the BOSS data is created during the initial setup (by the user, that is, not from the factory), so recovery might be possible.
     
    Razor83 and Dionicio3 like this.
  7. piratesephiroth

    piratesephiroth I wish I could read
    Member

    Joined:
    Sep 5, 2013
    Messages:
    3,402
    Country:
    Brazil
    So a hardmod is required
     
  8. Sono

    Sono Modern slave
    Member

    Joined:
    Oct 16, 2015
    Messages:
    1,948
    Country:
    Hungary
    Or ntrboot, but it's too risky, considering how bad the detection rate of flashcards is :/ I tried ntrcardhax on my destroyed Zelda old3DS, and it took 12 tries to boot into Decrypt9 :/
     
    Dartz150 likes this.
  9. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer

    Joined:
    Feb 21, 2014
    Messages:
    2,295
    Country:
    Spain
    I've successfully restored the home menu banner. It was an early format so the home menu was not being able to read it.
    [​IMG]
     
    Itzumi, Robz8, Sono and 3 others like this.
  10. Itzumi

    Itzumi 3DS Enthusiast, Audiophile, Trans
    Member

    Joined:
    Jun 27, 2018
    Messages:
    518
    Country:
    United States
    Somebody spent time making this banner and I want to know why
     
  11. 8BitWonder
    This message by 8BitWonder has been removed from public view by Quantumcat, Sep 11, 2019, Reason: Not image board.
    Sep 11, 2019 Show
  12. Itzumi
    This message by Itzumi has been removed from public view by Quantumcat, Sep 11, 2019, Reason: Reply to deleted post.
    Sep 11, 2019 Show
  13. HI_Ricky

    HI_Ricky Member
    Newcomer

    Joined:
    Nov 3, 2019
    Messages:
    21
    Country:
    Hong Kong
  14. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer

    Joined:
    Feb 21, 2014
    Messages:
    2,295
    Country:
    Spain
    Could you give more info about this? Where did you find it?
     
  15. HI_Ricky

    HI_Ricky Member
    Newcomer

    Joined:
    Nov 3, 2019
    Messages:
    21
    Country:
    Hong Kong
    it a revision X4 logic board 3ds on top
     
  16. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer

    Joined:
    Feb 21, 2014
    Messages:
    2,295
    Country:
    Spain
    Is it yours?
     
  17. HI_Ricky

    HI_Ricky Member
    Newcomer

    Joined:
    Nov 3, 2019
    Messages:
    21
    Country:
    Hong Kong
    yes, is me
     
  18. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer

    Joined:
    Feb 21, 2014
    Messages:
    2,295
    Country:
    Spain
    Is the 3ds part of the unit? Does it come with a cartridge? Does it come with an installed app? This is the first time I see one of these. :P
     
  19. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,197
    Country:
    United States
    Late reply, but if I had to guess, it's a demo for colors, animation, and 3D lighting. Notice that the colors are the three primaries, and the model is very rudimentary.
     
    Last edited: Dec 10, 2019
  20. HI_Ricky

    HI_Ricky Member
    Newcomer

    Joined:
    Nov 3, 2019
    Messages:
    21
    Country:
    Hong Kong
    yes 3ds is part of util for display message , no idea what app install on there , screen boot up is user mode , dev menu ( mean not normal 3ds system)
     
  21. PabloMK7

    OP PabloMK7 Red Yoshi! ^ω^
    Developer

    Joined:
    Feb 21, 2014
    Messages:
    2,295
    Country:
    Spain
    Is the cartridge port accessible? If it is it would be very interesting to dump the nand with ntrboot for research purposes.
     
  22. HI_Ricky

    HI_Ricky Member
    Newcomer

    Joined:
    Nov 3, 2019
    Messages:
    21
    Country:
    Hong Kong
    I have few revision 3DS , may be can try some day ...

    here is boot up .....:)
    View attachment 189739
     
    Last edited: Dec 12, 2019
    Razor83 likes this.
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - [Request], CTRAging, research