Trouble running custom .code

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by JustPingo, Oct 26, 2015.

Thread Status:
Not open for further replies.
  1. JustPingo
    OP

    JustPingo GBAtemp Fan

    Member
    497
    996
    Jan 11, 2015
    France
    Hello everyone!

    So, I'm having trouvle using HANS. So, I extracted properly code.bin using ctrtool and those commands :

    ctrtool --contents=contents myCIA.cia
    ctrtool -p --exefs=exefs.bin contents.0000.WHATEVER
    ctrtool -t exefs --exefsdir=exefs --decompresscode exefs.bin

    My CIA is a homebrew that has nothing to do with any of the app I'm trying to inject it into, but it doesn't have any romFS, so I guess its .code could run alone (it's a simple homebrew).
    So then, I wanted to inject it on the eShop to try, so I renamed it and placed it like this:

    sd:/hans/00022900.code

    In HANS, I set the region to EUR because my console is EUR, no special language, O3DS-type clock speed, Code to YES, Romfs to NO, Save to NO. Then I start. But I get this, and can't figure out why:

    Warning: Spoilers inside!
    (sorry for the terrible quality, the last line is invalidated icache)

    I tried with other apps to inject in, changing the name in the hans folder, but same error. When there is no .code, it just gets back to homebrew menu so the .code is detected. It is 544KB by the way.

    Do you guys have any idea?
    Thanks in advance!
     


  2. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    That's something I tried too, and I couldn't get it to work either. At the moment, HANS is closed source, so it doesn't help.
     
    Last edited by Mrrraou, Oct 26, 2015
  3. JustPingo
    OP

    JustPingo GBAtemp Fan

    Member
    497
    996
    Jan 11, 2015
    France
    Up, I guess...
     
  4. MRJPGames

    MRJPGames Pretty great guy

    Member
    1,090
    708
    Aug 17, 2013
    Netherlands
    The Netherlands
    Possibly intentionally so we can't pirate with this...

    Did you remove the first 1000 or so bytes of data(Search Smea's Twitter for the actual amount)? Just try that, shouldn't make a difference but might be worth the shot?
     
    CeeDee likes this.
  5. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    0x1000 bytes isn't 1000 bytes, but 4096 bytes (Hexadecimal -> decimal) ;) And these instructions are only for the romfs, but I'll try.
     
  6. MRJPGames

    MRJPGames Pretty great guy

    Member
    1,090
    708
    Aug 17, 2013
    Netherlands
    The Netherlands
    I only vaguely remembered from Twitter, actually pretty proud I got the amount of zero's right XD
     
  7. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    However, I still don't think that it would work, because the .code file is ARM compiled code.

    — Posts automatically merged - Please don't double post! —

    Still the same crash even with removing the 0x1000 first bytes.
     
  8. MRJPGames

    MRJPGames Pretty great guy

    Member
    1,090
    708
    Aug 17, 2013
    Netherlands
    The Netherlands
    As I said: "shouldn't make a difference but might be worth the shot", but yeah I hoped it would work however unlikely it was... :(
     
  9. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    Yeah. However, I'm still actively looking to do it.
    And smea just said that he won't release the source soon: https://twitter.com/smealum/status/659103610932822016
     
  10. JustPingo
    OP

    JustPingo GBAtemp Fan

    Member
    497
    996
    Jan 11, 2015
    France
    The thing is that we don't even have a proper explanation on what it does, even without the details. So we can't even try to do stuff and we get blocked by any difficulty because we're completely blind on what's going on behind the scene.
     
    Mrrraou likes this.
  11. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    That's the whole problem, and nobody would explain us how to do that.
     
  12. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,961
    3,231
    Nov 18, 2012
    United States
    Las Vegas
    It's most likely compressed. I believe ctrtool or 3dstool has an option to decompress on extracting. Also, the sections have to line up to the original, so update code bins can't be loaded (easily).

    Edit: probably not compressed actually, could be borked on the HANS side though.
     
    Last edited by shinyquagsire23, Oct 27, 2015
    JustPingo and Mrrraou like this.
  13. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    By sections, I'm not sure what are you talking about exactly.
    Is there a way we can modify a game .code to run an homebrew instead ? Even if we have to do it manually, how can we do that ?
     
  14. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    How do we know the section locations in the .code file ? And do you know a good ARM disassembler ?
     
  15. hippy dave

    hippy dave Butts Butts Megabutts

    Member
    2,572
    1,792
    Apr 30, 2012
  16. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
  17. RainThunder

    RainThunder GBAtemp Regular

    Member
    212
    133
    Jun 22, 2012
    Hanoi
    It's stored inside exheader. Braindump currently doesn't support dumping it, so you have to use rxTools or Decrypt9.
     
    Last edited by RainThunder, Oct 28, 2015
  18. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    Thanks a lot, I'm going to try that.
     
    Last edited by Mrrraou, Oct 28, 2015
  19. nallar

    nallar Member

    Newcomer
    42
    41
    Dec 10, 2014
    Had a (probably stupid) idea relating to code replacement:

    HANS can edit the eshop. Does the eshop have access to the service needed to install .cia files? If so, you could edit the eshop exefs with something which could install "legit" CIAs, which won't fail the signature check.
     
  20. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    We can. That's what I'm trying to do. But we can even do better.
     
    Gonchan, Thelostrune, nallar and 2 others like this.
Thread Status:
Not open for further replies.