rxTools with Signatures patched out!

Discussion in '3DS - Flashcards & Custom Firmwares' started by AHP_person, Jun 11, 2015.

Thread Status:
Not open for further replies.
  1. Riku

    Riku GBAtemp Regular

    Member
    7
    May 3, 2009
    United States
    Extract both exefs', put .code from fbi and icon/banner from original app (important, since system caches them), build compressed exefs. Edit FBI exheader: replace name at beginning, ProgramID (stored in 3 places), remove SD flag and set SysApp flag (in 2 places). Re-Xor them both and inject inside CXI. In CXI header edit new ExeFS size, new exheader hash and new exefs hash. Pad exeFS to 4096, compare original CXI size and modified and create new RomFS to fill size (I used original RomFS, just cutted some audio file), rexor and insert it into cxi along with new romfs hash and new size. Last step is generating new TMD hashes.

    That's all I remember, too much info. :wacko:
     
    Last edited by Riku, Jun 19, 2015
    piratesephiroth, samiam144 and Vappy like this.
  2. pikatsu

    pikatsu GBAtemp Advanced Fan

    Member
    5
    Apr 16, 2014
    Argentina
    Is this injection working with every app or game?
     
  3. pakrett

    pakrett GBAtemp Maniac

    Member
    6
    Apr 6, 2015
    France
    Downgrade by gateway method = 100% safe
     
  4. Suiginou

    Suiginou (null)

    Member
    5
    Jun 26, 2012
    Gambia, The
    pc + 8
    Of what is the TMD content info hash a hash? I presume they also need to be updated, not only the TMD content hash.
     
  5. samiam144

    samiam144 Régulier

    Member
    9
    Aug 19, 2007
    Canada
    On step 16, can we use FBI again to install? I assume the title ID will be different, right?
     
  6. VerseHell

    VerseHell GBAtemp Psycho!

    Member
    8
    Jun 29, 2014
    France
    Yes you're right. :)
     
  7. samiam144

    samiam144 Régulier

    Member
    9
    Aug 19, 2007
    Canada
    Sweet. I wish I had my friends 2DS to test it out, so far I don't think any 2DS user has tried :/ but it should be completely safe since it only modifies emunand correct?
     
  8. Falo

    Falo GBAtemp Advanced Fan

    Member
    9
    Jul 22, 2012
    Germany
    It's not 100% safe and i'm not trusting that method.

    There are 3 hashs,
    first (0xB14) hashes the content (app file),
    second (0x208) hashes the content table (0xB04 - 0xB33)
    third (0x1E4) hashes the content index table (0x204 - 0xB03)
    All simple sha256.

    I did all that, now the icon/banner is there and i'm able to start it, but then "An error has occured, please restart console...".
    Some error on my side or it's not working...
     
    Syphurith likes this.
  9. Riku

    Riku GBAtemp Regular

    Member
    7
    May 3, 2009
    United States
    Try to install original 0004001000020300 v2050 and inject my files. You won't be able to see it in HOME menu, but launching from FBI list should work. And if it does work feel free to decrypt and compare.
     
  10. pakrett

    pakrett GBAtemp Maniac

    Member
    6
    Apr 6, 2015
    France
    Almost 100% safe, like all stuff you can found here.

    If you have, like me, an EUR old3ds I don't see the problem. I've doing it so many times with my console and with my friends one, no prblm.
    NVD -> your choice.
     
    Last edited by pakrett, Jun 19, 2015
  11. Falo

    Falo GBAtemp Advanced Fan

    Member
    9
    Jul 22, 2012
    Germany
    The main reason i'm doing this is because i CAN'T install anything... (i don't want to downgrade my console).
    I already did decrypt your app and compared it, except for region flags in icon.bin, different program id in exheader/ncch and a different ncch size it's the same...

    note: EUR is 0004001000022300 v3077, if you want, i can send you the nand files and xorpads.
     
  12. Riku

    Riku GBAtemp Regular

    Member
    7
    May 3, 2009
    United States
    I'll make EUR version for you later.
     
    Vappy, Ambassador, pakrett and 2 others like this.
  13. VerseHell

    VerseHell GBAtemp Psycho!

    Member
    8
    Jun 29, 2014
    France
    Would you be able to do it for the US version too? It would be great for all the people with a 9.0-9.2 2DS. :)
     
    zoogie likes this.
  14. Riku

    Riku GBAtemp Regular

    Member
    7
    May 3, 2009
    United States
    Falo, Vappy and VerseHell like this.
  15. masterz87

    masterz87 GBAtemp Fan

    Member
    4
    Apr 21, 2013
    United States
    Since this thing is supposed to work with dsiware, has _anyone_ gotten it to work like at all? Does it _only_ work with the browser exploit or something?

    I keep getting the damned "an errorhas occurred".

    I am using emunand as I hate installing anything to sysnand unless absolutely required.
     
    Last edited by masterz87, Jun 19, 2015
  16. pikatsu

    pikatsu GBAtemp Advanced Fan

    Member
    5
    Apr 16, 2014
    Argentina
    Is that for every Eur Console and which versions range?
     
  17. VerseHell

    VerseHell GBAtemp Psycho!

    Member
    8
    Jun 29, 2014
    France
    It should be for every eu consoles on 9.8 emunand.
     
  18. pikatsu

    pikatsu GBAtemp Advanced Fan

    Member
    5
    Apr 16, 2014
    Argentina
    and all this process to xor and rexor is for emunand?
     
  19. VerseHell

    VerseHell GBAtemp Psycho!

    Member
    8
    Jun 29, 2014
    France
    What do you mean?
     
  20. pikatsu

    pikatsu GBAtemp Advanced Fan

    Member
    5
    Apr 16, 2014
    Argentina
Loading...
Thread Status:
Not open for further replies.