Tutorial How to dump factory titles (including CTRAging)

Did you find any factory titles?


  • Total voters
    5

Sono

cripple piss
OP
Developer
Joined
Oct 16, 2015
Messages
2,800
Trophies
2
Location
home
XP
9,221
Country
Hungary
Notice: in this tutorial when I say "3DS", I mean any kind of 3DS, including 2DS, new3DS, and even XL and LL editions.


First you need a decrypted ctrnand_fat.img beause that's what ff.exe can process.

You need a hex editor like HxD.

Open your ctrnand_full.img in HxD, then IMMEDIATELY "Save as" as ctrnand_fat.img to prevent accidental overwriting on your ctrnand_full.img.

Press CTRL-F and search for the hex values "E9 00 00 43 54 52", and click search.
There will be 6 bytes highlighted. Click on the very left of the selection, so the cursor will be on the left of E9.
Now, just hold SHIFT, and hold down PageUp until you reached the very top, and while still holding SHIFT, press Home once.
If you did it correctly then the Lenth value in HxD should have two zeroes at the end of it.
If you did everything right, then you could press Delete once and CTRL-S to save the changes, and you got a valid ctrnand_fat.img which is accepted by ff.exe
* you only have one chance at the magnet placement, so if you accidently boot into the OS then the remnants have a high chance of being overwritten by the OS booting (meaning that if you're extremely lucky then it will be still somehow intact)

= Setup
  • You need a sighaxed ntrcard. Check https://3ds.hacks.guide/ntrboot if you can do it to your own card and how to do it (links at the bottom of the page).
  • boot.firm must be Godmode9 on the 3DS's SDCard
  • SDCard with at least 800Megs free for CTRNAND-only,
    1Gigs for a NANDmin dump,
    ~1.8Gigs for both NAND and CTRNAND backup,
    or up to ~2.6Gigs if you have a big NAND and want to get everything in one go
= Procedure
  1. Insert the sighaxed ntrcard into the target 3DS and make sure it's inserted properly
  2. Insert the SDCard into the 3DS and make sure it's inserted properly
  3. Push the magnet against the B button (or turn ON the lock on the 2DS)
  4. Hold START + SELECT + X VERY FIRMLY; IF YOU ACCIDENTLY RELEASE IT BEFORE BOOTING INTO GM9 THEN YOU'RE SCREWED
  5. Without releasing the above buttons, hold the Power button for many seconds (on the 2DS it can take a long while until the blue LED comes on)
  6. If you're very lucky then you should be booted into GM9
    • if it's stuck on a black screen with the blue LED then you can turn the 3DS off by holding the power button and try again from step 1
    • if it booted into the initial setup then you're screwed most likely, but try again just in case, so turn off the 3DS and goto step 1
  7. Go to SYSNAND VIRTUAL
  8. Dump ctrnand_fat.bin
    • if you fill up the SDCard then go back to the main menu, R+B to unmount the SD, and copy the file off to your PC
    • re-inserting it will automatically re-mount the SD if you inserted it properly fast enough
  9. Dump nand_minsize.bin (or nand.bin if you don't care about the dump being anywhere between ~950Megs to ~1.8Gigs)
    • same as above if you fill up your SD
  10. Dump essentials.exefs
  11. Go back to main menu
  12. Go to MEMORY VIRTUAL
  13. Select otp.mem and copy to /gm9/out
  14. Press the power button to shutdown or START to reboot, you have everything you need for this step!
    • but make sure that you copy ctrnand_fat.img to your PC somehow
= Requirements
  • SDCard with at least ~1.8Gigs free (~1Gigs for a NANDmin + ~800Megs for ctrnand_fat.img)
  • Being able to boot GM9
= Procedure
  1. If not yet done, copy your NAND backup to your 3DS's SDCard
  2. Boot into GM9
  3. Select SD
  4. Browse for the NAND backup, select it, then mount it
  5. Go back to main menu
  6. Select IMGNAND VIRTUAL
  7. Select ctrnand_fat.img and copy to /gm9/out
    • if it fails due to not enough free space then check the filesize of ctrnand_fat.img, go back to the main menu, R+B to eject SD, then free up some space, and re-insert into 3DS
  8. Wait a quarter eternity
  9. That's it, press the power button to shutdown or START to reboot, you have everything you need for this step!
    • just make sure to copy ctrnand_fat.img to your PC somehow
= Preparation

== Requirements
  • Create an empty directory somewhere.
    In this tutorial it will be referred to as the "data folder".
  • You need the essentials.exefs and otp.bin from the console whose CTRNAND you want to dump.
    • If you don't have any of them then you need to make the console functional enough so you could boot into Godmode9 to get these files
  • boot9.bin

== Installing WinFsp
  1. Open http://www.secfs.net/winfsp/download/
  2. Click the blue "Download WinFsp Installer" button
  3. Download and open the installer
  4. When prompted, make sure to only "Core" is checked (default), unless you plan on using the other features
  5. Next-Next-Finish; click Yes when the UAC pops up (User Account Control, the annoying admin popup which darkens the background)

== Getting ninfs
  1. Open https://github.com/ihaveamac/ninfs/releases/latest
  2. Scroll down to the bottom until you see the file list
  3. Select ninfs-win64.zip or ninfs-win32.zip (try the win64 one first)
  4. Save and open the zip
  5. Grab ninfs.exe and place it into your data folder
= Procedure
  1. Open ninfs.exe
    • if it complains about missing boot9.bin then click the button and browse to an existing boot9.bin you dumped
  2. Drag your NAND dump into the big wide button at the top which says that stuff can be dragged into it
  3. Drag your otp.bin or otp.mem or a9f.bin into the OTP file field
  4. Create an empty directory inside your data folder named "3dsmount"
  5. In ninfs, select "Directory" mount, click "Browse...", browse to the newly created 3dsmount folder, go into it, and select it
  6. If everything checks out, pressing "Mount" should work, and many seconds later you should receive an explorer window opened to the 3dsmount folder
  7. Copy ctrnand_fat.bin to your data folder
  8. In ninfs, press Unmount
  9. You can safely close ninfs

Now that you have a ctrnand_fat.img, you can finally scan it for factory titles!

= Preparation
  • If not created yet, create an empty "data folder"
  • And you also need some amount of ctrnand_fat.img dumps (d'uh)
= Getting ff.exe
  1. Open https://gbatemp.net/threads/request-ctraging-3ds-debug-app-research.411704/page-25#post-8665431
  2. Download the attachment named "alltitle.zip" and open it once downloaded
    • if it's missing then look into the post, there should be a replacement link
  3. Grab ff.exe out of the zip (or ff32.exe if you have a 32bit system; try ff.exe first)
  4. Put ff.exe int your data folder
= For each ctrnand_fat.img
  1. Create an empty directory in the data folder
  2. Move ctrnand_fat.img into the new directory
  3. Open the new directory in a new explorer window (on Windows you can rightclick it and open it in a new window)
  4. Drag ctrnand_fat.img onto ff.exe and wait for it to close (might close so fast that you don't notice it)
    • if you're not on Windows then you can just do wine ff.exe path/to/ctrnand_fat.img
  5. Go into the directory where you just moved ctrnand_fat.img into
  6. Refresh the folder
  7. Investigate the result
    • if there are files then yay, you just dumped some non-retail titles!
    • if there are no files, then that means that either all of them got irrecoverably destroyed, or you have an invalid ctrnand_fat.img dump

Do not open this, and do not follow. This is for those who have very big difficulties with the text-based tutorials.
 
D

Deleted User

Guest
Does this mean that I can dump titles such as 3ds camera or face raiders?
 

Sono

cripple piss
OP
Developer
Joined
Oct 16, 2015
Messages
2,800
Trophies
2
Location
home
XP
9,221
Country
Hungary
Does this mean that I can dump titles such as 3ds camera or face raiders?

You can already do that with G9 without having to dump your whole NAND :P In fact, I think there is a title dumper homebrew somewhere...
...unless you have some pre-1.0.0 ctrnand_fat with these titles on them.

But yeah, if you mount an existing NAND backup then you can dump them using this handy page: https://www.3dbrew.org/wiki/Title_list
Go to SYSNAND CTRNAND --> /titles/<TID high>/<TID low>, and dump one of the .app files you want according to the 3dbrew page I linked.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +1
    Veho @ Veho: @AdRoz78 start a thread and post a photo of the chip. +1