Homebrew [Request] CTRAging (3ds debug app) research.

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,603
Trophies
2
Age
24
Location
Yoshi's Island
XP
5,000
Country
Spain
Do you remember the debug card AGING-NTR also known as NTR-EVA which had some tests for the NDS?

CTRAging, the 3DS equivalent to AGING-NTR, is an app used for testing the hardware at the factory, before it is approved for selling.
And after the tests, it uninstalls itself as well as other test apps, such as DevMenu.
However, uninstall isn't equal to fully deleted from NAND, that means:

YOU PROBABLY STILL HAVE IT IN YOUR FAT16 PARTITION OF YOUR NAND.

Great right!? Well.... no. Each time the console writes to NAND, it has a chance to overwrite it, because since it is no longer installed, the 3ds doesn't care about overwriting it. That means, the most used the system is, less probabilities to still have it in NAND. As stated here, sometimes only the TitleID is kept in NAND, other times its header, or nothing. I tried with my two o3ds, the first, which went throught many updates (5.0 to 9.2), didn't have it at all. However, my 2nd 3DS, which went from 1.0 to 4.5 with a card update (yes, I know I shouldn't have to update), only had the TitleID (000400000F980000) between a lot of FF.

If you want to try a working copy on your N3DS (O3DS crashes), you can go to pastebin and search for 3DS ctraging.

(29/05/16) The N3DS dump is working, it has to be launched from DevMenu. Video by @CrispyYoshi (thanks :))



Holding START shows a menu!
ePhcPsj.jpg

So if you feel like you have a OLD 3DS which never updated, and hasn't been used much, you may be lucky. Dump and decrypt your fat16 partition and search for the TitleID, here it is how:

EDIT: check the following post for an updated tool and instructions.

Put that file on your 3DS SD, run Decrypt9 and select NCCH Decryptor. If you can read "Exheader / Exefs / Romfs: whatever / OK / whatever" let me know :)
 
Last edited by PabloMK7,

Suiginou

(null)
Member
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
Note a launchday 1.0 O3DS doesn't necessarily have a clean CTRAging, either. Even just the initial system setup tasks have a chance to botch it. Some 3DSes contain no factory titles at all.

An unbooted or barely used N3DS has a decent chance of having a full CTRAging, but it seems neutered in terms of service lists (exheader) compared to the O3DS one, so the O3DS one is more interesting.

Also worth to note: It seems what gets overwritten in terms of NAND sectors is pretty much random. I found a bunch of factory titles (only a broken CTRAging, however) on a 3DS that had gone through a lot of versions before the first NAND dump. Even people with a O3DS not in prime conditions should try and dump CTRAging.
 
Last edited by Suiginou,
Joined
Feb 15, 2015
Messages
1,464
Trophies
0
XP
1,099
Country
United States
Note a launchday 1.0 O3DS doesn't necessarily have a clean CTRAging, either. Even just the initial system setup tasks have a chance to botch it. Some 3DSes contain no factory titles at all.

An unbooted or barely used N3DS has a decent chance of having a full CTRAging, but it seems neutered in terms of service lists (exheader) compared to the O3DS one, so the O3DS one is more interesting.
So the N3DS one is dumped?
 

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,603
Trophies
2
Age
24
Location
Yoshi's Island
XP
5,000
Country
Spain
would this be a legit signed thing? and it uninstalls devmenu? seems like it could lead to something (or I'm just hopeful)
You already need to have kernel to install legit cias, so there is no point to use ctraging to get kernel access, and anyway, all it is supposed to do is make a factory setup.
 
Last edited by PabloMK7,

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,603
Trophies
2
Age
24
Location
Yoshi's Island
XP
5,000
Country
Spain
Do you have a working ticket for it? or should i make a fake one? i'd test it on my n3ds
I only converted the cxi to a cia, it Imported fine, but crashed at the Nintendo 3ds logo.
I was able to see the App title: Test Programm Nintendo Co, and the icon, the same as safety info. The banner doesn't display because is incorrect, it has 2 CGFX which can't be opened in EFE or ohana.
 

Reisyukaku

Onii-sama~
Developer
Joined
Feb 11, 2014
Messages
1,534
Trophies
2
Website
reisyukaku.org
XP
5,422
Country
United States
I just tried it on both sysnand and emunand.. same result.
It boots up and gets past the logo, it sits at a black screen for a second, then you see the backlight come on for a second, then I get the 'power button error'
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
I just tried it on both sysnand and emunand.. same result.
It boots up and gets past the logo, it sits at a black screen for a second, then you see the backlight come on for a second, then I get the 'power button error'

Maybe it needs the 178MB mode? Just a guess, though.
 
  • Like
Reactions: kiwiis

Suiginou

(null)
Member
Joined
Jun 26, 2012
Messages
565
Trophies
0
Location
pc + 8
XP
738
Country
Gambia, The
I have an N3DS that came with 9.0E, NAND.bin was dumped with emuNAND9 pretty much as soon as initial setup was complete after purchase. Would that be of use to anyone trying to examine CTRAging traces?
Yes, that'd be prime material... Well, except there's a CTRAging dump already, but maybe there were more factory titles, so whatever.

Note since the NAND keys are console-unique, you'll also need a dump of the FAT16 xorpad for CTRNAND.
 

PabloMK7

Red Yoshi! ^ω^
OP
Developer
Joined
Feb 21, 2014
Messages
2,603
Trophies
2
Age
24
Location
Yoshi's Island
XP
5,000
Country
Spain
I have an N3DS that came with 9.0E, NAND.bin was dumped with emuNAND9 pretty much as soon as initial setup was complete after purchase. Would that be of use to anyone trying to examine CTRAging traces?
Use rxtools or whatever to generate fat16 xorpad. I'll update first post with a tool to decrypt fat16.
 
  • Like
Reactions: NekoMichi

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    We don't question people
  • ZeroT21 @ ZeroT21:
    me neither, i just bash them
  • K3Nv2 @ K3Nv2:
    We just question @AncientBoi
  • ZeroT21 @ ZeroT21:
    it wasn't a question, it was fact
  • BigOnYa @ BigOnYa:
    He said he had 3 different doctors apt this week, so he prob there. Something about gerbal extraction, I don't know.
    +1
  • ZeroT21 @ ZeroT21:
    bored, guess i'll spread more democracy
  • LeoTCK @ LeoTCK:
    @K3Nv2 one more time you say such bs to @BakerMan and I'll smack you across the whole planet
  • K3Nv2 @ K3Nv2:
    Make sure you smack my booty daddy
    +1
  • LeoTCK @ LeoTCK:
    telling him that my partner is luke...does he look like someone with such big ne
    eds?
  • LeoTCK @ LeoTCK:
    do you really think I could stand living with someone like luke?
  • LeoTCK @ LeoTCK:
    I suppose luke has "special needs" but he's not my partner, did you just say that to piss me off again?
  • LeoTCK @ LeoTCK:
    besides I had bigger worries today
  • LeoTCK @ LeoTCK:
    but what do you know about that, you won't believe me anyways
  • K3Nv2 @ K3Nv2:
    @BigOnYa can answer that
  • BigOnYa @ BigOnYa:
    BigOnYa already left the chat
  • K3Nv2 @ K3Nv2:
    Biginya
  • BigOnYa @ BigOnYa:
    Auto correct got me, I'm on my tablet, i need to turn that shit off
  • K3Nv2 @ K3Nv2:
    With other tabs open you perv
  • BigOnYa @ BigOnYa:
    I'm actually in my shed, bout to cut 2-3 acres of grass, my back yard.
  • K3Nv2 @ K3Nv2:
    I use to have a guy for that thanks richard
  • BigOnYa @ BigOnYa:
    I use my tablet to stream to a bluetooth speaker when in shed. iHeartRadio, FlyNation
  • K3Nv2 @ K3Nv2:
    While the victims are being buried
  • K3Nv2 @ K3Nv2:
    Grave shovel
  • BigOnYa @ BigOnYa:
    Nuh those goto the edge of the property (maybe just on the other side of)
    BigOnYa @ BigOnYa: Nuh those goto the edge of the property (maybe just on the other side of)