Homebrew [Request] CTRAging (3ds debug app) research.

[Suiginou]

My exefs .code and exheader is fine (banner is corrupt but who cares). Romfs has a problem in level 3.

For those wondering how to tell what parts are fine or broken, you just use the following command on a decrypted .cxi:
ctrtool -i -y ctraging.cxi > info.txt
And then Cntr-F FAIL to see which parts are broken. Signatures can be broken, that's no big deal. The sha256 hashes are the important ones.
Another thing the OP left out is extracting the correct size of ctraging from your ctr-nand. You take the u32 (4 bytes) right after the 'NCCH' and multiply X 0x200. Don't forget that size is in little endian (reverse byte order) and to start from the beginning of the "NCCH" - 0x100.

What we need is a way to piece a working copy together. Don't know how we'd organize such a project though.

Your .code is fine?! We need this, pronto!

 

[windwakr]

Yes, from an original 4.5.0-10U XL. Version 02 according to NCCH 0x112.

What is the file size in bytes?

 

[loco365]

I wouldn't mind a copy of this, O3DS or N3DS. I remember the old NITRO EVA one when it first came around, and I'd love to see the CTRAging test on any of my 3DS consoles, however, I haven't had any luck dumping it as it's been long overwritten.

 

[zoogie]

Your .code is fine?! We need this, pronto!

I was wrong, I got the .code mixed up with the banner.

Still, maybe the wrong parts don't overlap on our respective .code's.

 

[Suiginou]

I was wrong, I got the .code mixed up with the banner.

Still, maybe the wrong parts don't overlap on our respective .code's.

Send it to @Normmatt for analysis, I guess.

 

[zoogie]

What is the file size in bytes?

It's 0x28B000

 

[windwakr]

It's 0x28B000

The whole NCCH?

I have 3 copies of a 14,152,192 bytes version, and 4 copies of a 15,072,768 bytes ones.

 

[zoogie]

The whole NCCH?

I have 3 copies of a 14,152,192 bytes version, and 4 copies of a 15,072,768 bytes ones.

Its the 15,072,768 one.

 

[PabloMK7]

We can use N3DS romfs with O3DS code, because they are the same (there are images for each mode of 3ds). The O3DS romfs lacks the first 600 bytes for some reason but using another romfs first 600 bytes u can extract it, however most files are corrupted. We only need the .code to make the O3ds copy work. About sharing it, I'm asking someone's permission to share it somewhere, I'll tell you. I'll also update the first post with a noobish method.

EDIT: As well as NTR EVA, holding START on boot shows a menu almost identical to its predecesor!

Spoiler

 

[zoogie]

"(25/01/16) Got a O3DS copy with matching exefs hashes, however, the keyY line at the signature to decrypt it is corrupted. "
--from OP

I have the uncorrupted o3ds RSA sig.

Also, what's with this "getting permission" to upload? I hope you're not emailing Nintendo
Don't see what the big deal is. The only site where you can't upload it is here, ironically.

 

[PabloMK7]

"(25/01/16) Got a O3DS copy with matching exefs hashes, however, the keyY line at the signature to decrypt it is corrupted. "
--from OP

I have the uncorrupted o3ds RSA sig.

Wait, I'm stupid. I also have O3DS dumps with valid RSA signatures.

--------------------- MERGED ---------------------------

None of them match with the uncorrupted part of the copy I have It has to be the same version so the signatures match, (afaik)

 

[zoogie]

Wait, I'm stupid. I also have O3DS dumps with valid RSA signatures.

--------------------- MERGED ---------------------------

None of them match with the uncorrupted part of the copy I have It has to be the same version so the signatures match, (afaik)

Are the first two bytes of your 'wrong' signature 92 9D?

 

[PabloMK7]

Are the first two bytes of your 'wrong' signature 92 9D?

The first 28 bytes are the corrupted ones, the last bytes of the signature are: 3B 75 04

 

[zoogie]

The first 28 bytes are the corrupted ones, the last bytes of the signature are: 3B 75 04

Ok, I have the correct bytes of that signature. Only the first 16 need to be correct for decryption to work.

 

[Normmatt]

Ok, I have the correct bytes of that signature. Only the first 16 need to be correct for decryption to work.

I also have the rsa signature for that one.

92 9D 43 AD 92 C5 D7 F5 BD B5 A8 8F F0 8E 89 B8.

Just because the header sigs match doesn't mean the hashes in the exefs are valid... my dump has an invalid .code section

I have another dump where 0x28 bytes are corrupted and the last few bytes are 89 BC 1B 93 if anyone has the full header for that i'd appreciate it.

 

[zoogie]

I also have the rsa signature for that one.

92 9D 43 AD 92 C5 D7 F5 BD B5 A8 8F F0 8E 89 B8.

Just because the header sigs match doesn't mean the hashes in the exefs are valid... my dump has an invalid .code section

I know, he claims his might be clean (I doubt it). Thanks for posting that keyY.
@PabloMK7 - there you go.

 

[Dev5359]

Super excited about this! If you do share it don't post the link on this thread. I think that's against the rules.

 

[PabloMK7]

I don't know how I checked the hashes, but I checked again and don't match..... anyway... decompressing the code outputs a 2GB file, but I have an idea, if we now know which versions are the same thanks to the signature, we could reconstruct the code, (I've also recovered the O3DS icon, it is the same as New3DS).

EDIT: Right now, I have 4 copies of the same version of ctraging

 

[Naked_Snake]

Who can PM me a CIA lol

 

[ketal]

I'd like to have one of those cias too