I don't understand, you're trying to find a way to install CIAs through the eshop with the help of HANS and a code replacement ? Is that correct ?
- Status
Also just tried this before finding thread, got invalid icache. It looks like it verifies the size comparing it to the allocation it has or something??
I attempted running Eshop code and romfs on game card Super Mario 3DLand. Gonna watch this thread because I really want to get CIA installation on >9.2! (sorry if this post is badly formatted I'm new to this
)
I attempted running Eshop code and romfs on game card Super Mario 3DLand. Gonna watch this thread because I really want to get CIA installation on >9.2! (sorry if this post is badly formatted I'm new to this
)
I don't think "invalidated icache" is an error - it's just the last text it shows before it then crashes loading the code. When you run a ROMhack or load the eshop normally it also shows that message briefly, but then loads successfully.
The sections in the .code file (.text, .rodata and .data) needs to be aligned and the same size, we're working on it.Also just tried this before finding thread, got invalid icache. It looks like it verifies the size comparing it to the allocation it has or something??
I attempted running Eshop code and romfs on game card Super Mario 3DLand. Gonna watch this thread because I really want to get CIA installation on >9.2! (sorry if this post is badly formatted I'm new to this
Never noticed that, so it is hanging before running the code? It isn't a 'deep' hang because you can use L+R+Down+B to return, maybe it's being done purposely?
--------------------- MERGED ---------------------------
Ok, sorry posted at same time!
Actually, I think that the 3DS just fails to start the application. However, HANS doesn't crash. The application does.
--------------------- MERGED ---------------------------
According to Citra's source and 3dbrew, the sections location are in the exheader. However, the ones I got are incorrect. Maybe the decryption went wrong.
So, here is where we are.
.code files are made of .elf sections glued together without any separation. The exact size and addresses of those sections are stored in the ExHeader file.
We are 100% sure that the .code of the eShop is 2,961,408 bytes long. We actually managed to extract it properly decrypted.
.text section of eShop is 2,715,648 bytes long according to HANS, and begins at the very first byte of the .code.
The problem now is: we're too bad to correctly rip ExHeader. Yeah, that sounds as dumb as it is. Whatever methods we use, we get different but yet similar results, but obviously what would have interested us is always different.
And so, we're asking to anyone that already managed to dump the ExHeader of the eShop (from 9.0 to latest), to please contact us in PM. Thank you very much, we're pretty close to getting something to work.
Here is a MD5 checksum of the right .code, if it can help verifying the exactitude of your dump (dumped with braindump on 9.9) : a6e92f8b9f88eb597a5c4c5bf42c6821
Thanks!
.code files are made of .elf sections glued together without any separation. The exact size and addresses of those sections are stored in the ExHeader file.
We are 100% sure that the .code of the eShop is 2,961,408 bytes long. We actually managed to extract it properly decrypted.
.text section of eShop is 2,715,648 bytes long according to HANS, and begins at the very first byte of the .code.
The problem now is: we're too bad to correctly rip ExHeader. Yeah, that sounds as dumb as it is. Whatever methods we use, we get different but yet similar results, but obviously what would have interested us is always different.
And so, we're asking to anyone that already managed to dump the ExHeader of the eShop (from 9.0 to latest), to please contact us in PM. Thank you very much, we're pretty close to getting something to work.
Here is a MD5 checksum of the right .code, if it can help verifying the exactitude of your dump (dumped with braindump on 9.9) : a6e92f8b9f88eb597a5c4c5bf42c6821
Thanks!
Last edited by JustPingo,
Can we dump exHeaders under usermode or userland (I don't recall the exact term) ? You can ask smealum or the creator of braindumper, and also Kaphotics... I'm sure they can help you about that.
And what will you exactly do once you know the exact location of .code portions ?
Also, what if your homebrew exefs is bigger than the eshop exefs ? It would'nt work because the size must be equal, right ? So what if your homebrew exefs is smaller than the eshop exefs ? would it work?
Another thing: Let's say you have two applications, one called "dummytest" and the other "randomname", both with a .code and exHeader with the exact same locations but different content, if you swap the files (exefs of dummytest used by randomname and vice versa), launching "dummytest" would actually lauch "randomname" ?
I'm just curious, ask questions even if I can't help you at all, it's interesting
And what will you exactly do once you know the exact location of .code portions ?
Also, what if your homebrew exefs is bigger than the eshop exefs ? It would'nt work because the size must be equal, right ? So what if your homebrew exefs is smaller than the eshop exefs ? would it work?
Another thing: Let's say you have two applications, one called "dummytest" and the other "randomname", both with a .code and exHeader with the exact same locations but different content, if you swap the files (exefs of dummytest used by randomname and vice versa), launching "dummytest" would actually lauch "randomname" ?
I'm just curious, ask questions even if I can't help you at all, it's interesting
I don't know if it is possible in userland, however it is with 9.2 kernels. SciresM kindly sent us an US exheader for the eShop, but some from other regions would be appreciated as well to be sure it will be universal.
With those locations, we will almost do what you described. We have a special surprise as well
(by the way, sizes are fine)
With those locations, we will almost do what you described. We have a special surprise as well
(by the way, sizes are fine)
Last edited by JustPingo,
I can get you the 9.2 JPN exheader, what do I need to run to dump it?I don't know if it is possible in userland, however it is with 9.2 kernels. SciresM kindly sent us an US exheader for the eShop, but some from other regions would be appreciated as well to be sure it will be universal.
With those locations, we will almost do what you described. We have a special surprise as well
Great, thanks SciresM ! Now I hope everything will be okay, but I think you should have tested before with some small apps to make sure that it's possible with HANS to launch x from y, maybe smealum put restrictions to avoid piracy ?
It contains the first part of the code which is ran by the kernel.
Maybe. We don't know at the moment.
We can't dump exheaders in userland at the moment. neobrain said on his thread (if I remember correctly) that it would not be possible in userland.
Once we know that, we will override these .code portions with an homebrew .text, .rodata and .data.
The unused data will be filled by null bytes. We don't patch the entire exefs, just a portion of it.
We think that it would be. shinyquagsire23 told me that it was the reason for the crash. That's why Omega Ruby .code file boots on Alpha Sapphire and makes the game crash after a black screen, but patching the .code of a game with the .code of another game fails.
So... we have to rely on piracy just this once because nobody can get it legitimately unless on >9.2? I could try getting an old 3DS and flashing my firmware dump onto it to attempt to dump this and pm it to you or hto60?
We have to rely on kernel exploit to get exheaders. You can send it to hto60 or me, we're both working on it. However, I can't tell you if the exheader will be correctly dumped. I didn't even managed to do it
Last edited by Mrrraou,
- Status
Similar threads
-
-
-
-
@
K3Nv2:
I wish we could comment on Google reviews some of them just sound like they were written by r tards+2 -
-
-
-
-
-
-
-
S @ StealthD0g99:I think we as a society should take the Cave Johnson approach to scientific studies
-
-
-
@
K3Nv2:
Lmao now I can live the life of Juan https://store.playstation.com/en-us/product/UP5805-CUSA47233_00-0050709204508097
-
-
-
-
-
-
-
-
-
-
