[Tutorial] How to have two emunand (MT + CFW) on the same SD for 4.X 3DS

Discussion in '3DS - Flashcards & Custom Firmwares' started by nop90, Feb 6, 2015.

  1. nop90
    OP

    nop90 GBAtemp Maniac

    Member
    1,422
    2,130
    Jan 11, 2014
    Italy
    Rome
    Here is a little tutorial to setup two emunand on a single Sd for a 4.X 3DS.

    This setup could be useful for people that don’t own a gateway and want to have on the same SD:

    • A MT emunand that you can update to last firmware to go online
    • CFW as second emunand to run homebrew.
    For me it was an experiment and really don't know if it's worth to have two emunand on the same SD or if it's better to have two SD to swap when you need it.


    Warnings:

    If you never installed a CFW, don’t start from this tutorial. Too many things to do for a noob and I’m assuming you know all the problems involving a new CFW setup.

    Some steps aren’t very easy to understand for noobs, but the middle experienced member of this forum will complete all the steps easily. If you have problems ask some help.

    To have a dual emunand SD card, the two emunand shouldn’t be linked (at least one of the two has to be formatted, or created from a formatted Sysnand after creating the other), otherwise you can’t maintain the content for both emunand installed in the “Nintendo 3DS” folder (this obviously apply only if you already have a CFW with installed CIAS and don’t want to start again with a fresh install).

    IMPORTANT WARNING: improper use of BBcopy can damage data on your HD. Study how it works before playing with partitions. In this tutorial I’m using BBcopy from command line. The BAT files attached can be an help to understand BBcopy usage or to speed up its use after understanding how to configure its parameters. Using the BAT files without studying them a little bit can be very dangerous for your HD: the use of this files is on your own responsibility. Please don’t blame me if you lose important data.


    Objective and prerequisites

    Following this tutorial we are going to have a classic Gateway/MT emunand starting on sector 1 of your SD and the CFW emunand starting on sector 2097153 (= 0x00200001). To boot the CFW we will use a modified launcher.

    Instead of 1gb of unallocated space, your SD will need 2Gb of unallocated space, so it’s better to use at least a 8Gb SD.

    It’s better to start with an already working CFW. Probably you can inject a clean dump of your sysnand and then setup a CFW as usual, but I didn’t tried it. Let me know if it works.

    My OS is Windows 7, so I’ll describe how to setup the dual emunand under Windows. I expect that a linux user could easily replicate this tutorial with linux tools.

    Tools needed:

    Tutorial

    1) Backup your CFW emunand running from a dos shell the command:
    bbcopy.exe bs=512 count=1953791 seek=1 ifd=1 of=cfwnand0.bin

    You have to run this command from the dir where is the BBcopy.exe file, and it will output the CFW NAND in file named cfwnand0.bin

    It will work in most cases without any changes, but it may need some customization for PC with more than a HD: ifd=1 means that the input disk to extract the emunand is disk 1, where disk 0 is always your primary HD. If you have only one HD and no removable disk other than the SD card with the emunand, your SD card will be disk 1. If you have more than one HD you have to guess the disk number of your SD and make some try with the above command. It’s no dangerous, so try and check if the output file is a valid NAND dump (e.g. you can check with an hex editor if the dumped file first sector looks like your sysnand backup).

    The parameter count=1953791 is for a Samsung NAND. For a Toshiba NAND use count=1931263.

    If you don’t know which NAND type you have, check the size of the NAND.bin backup made with the gateway or MT software:.
    · Toshiba NAND = 1931264 sectors = 988.807.168 bytes = 943 MB
    · Samsung NAND= 1953792 sectors= 1.000.341.504 bytes = 954 MB

    To make the backup simple, you can find some BAT file attached (to be placed in the same dir of BBCopy.exe).

    2) Setup on the target Sd card your MT or Gateway emunand, or use one you already have. You will not loose data if you follow carefully the steps

    3)Insert the SD with the emunand in your PC sd reader

    4) Backup all the sd content (you don’t need to backup the emunand, but it’s better to do it; just in case you mess up your sd playing with partitions)

    5) Open the command line and run diskpart

    6) Use the command “list disk” to list your disks and locate the disk number of your SD. Check the disks size to locate the SD. Disk 0 should be your C: drive. I’ll assume the Sd is Disk 1

    7)Type “Select Disk 1”. This select the SD disk. If your Sd has a different number, use it instead of the final “1”

    8) Type “List Partition”. This command list all the disk the partitions and if you selected the right disk you’ll see only a partition marked as Primary and starting from offset 1024 Mb

    What we are going to do is deleting this partition and creating new partition starting from offset 2048 Mb, so to have enough unallocated space on the SD for two NAND images

    9) Type “Select Partition 1”

    10) Type “Delete Partition”

    11) Type “Create Partition primary offset=2097152”

    12) Type “List Partition”. If we did everything right, now we have a primary partition starting from offset 2040 MB. Otherwise jump again to step 10).

    13) Type “format”.

    14) Copy the backupped content of the SD on the card
    Now if you want you can test on the 3DS if your Mt emunand works properly. If you did everything right your emunand will work as always.

    Next phase is to inject the CFW emunand and load it with a tweaked loader

    15) Inject the backup of your CFW on the SD starting from sector 2097153. From a dos shell use the command:

    bbcopy.exe bs=512 offs=2097153 ofd=1 if=cfwnand0.bin

    You have to run this command from the folder where are BBcopy.file and the previously created cfwnand0.bin

    WARNING: if you changed the ifd=1 parametere for dumping the CFW emunand, adjust the ofd=1 parameter accordingly. Beware that if you use the wrong disk number, you may loose some content on the destination disk. For this command too, attached to this tutorial there is a BAT file (that have to be placed in the same directory of BBcopy.exe and with the previously backupped CFW emunand).


    16) Copy from the “Nintendo 3DS” folder on the SD with you original CFW setup to the “Nintendo 3DS” folder on the new dual emunand SD the folder with the system data.

    If you are a noob probably now you don’t know what to copy. I’ll give you a hint for the common case, but if you still don’t understand what to do, please ask some help on the forum
    If you have a MT emunand and a CFW emunand, unlinked with the sysnand, on both SD you have two subfolder in the Nintendo 3DS folder. One subfolder has the same name in both SD: it’s the folder with the data of your sysnand. Simply copy the other folder from your CFW SD to the MT SD.


    17) Copy the CFW loader files on your SD root replacing boot.bin with the tweaked version in the zip file attached.

    18) Rename the CFW launcher.dat in msetforboss.dat (or use the one in the attached zip). Now you can use the multiroploader.nds from your DS cart to select the emunand to launch with the usual DS profile exploit.
    DONE.


    Here is a little explaination of the tweak I did on boot bin:
    To redirect the sysnand to the SD the read/write functions are patched to be redirected to some custom code that change the device from firm to sdmc and simply add or subtract the sector offset to the nand phisical address to be read/write.

    The offset is a four byte value placed at position 0x14 in the file boot.bin (01 00 00 00 in little endian, that means 0x00000001 = 1 sector offset).

    Changing this value in 0x00200001 with an hex editor (I simply changed the value at 0x16 from 00 to 20) the loader will point to an emunand placed after the MT emunand starting from sector 0x00200001.
     

    Attached Files:



  2. Drak0rex

    Drak0rex GBAtemp Advanced Maniac

    Member
    1,923
    700
    Oct 12, 2014
    United States
    Is it just me, or is 3DS hacking getting waaaay too complicated?:wtf:
     
    eriol33 likes this.
  3. vingt-2

    vingt-2 GBAtemp Regular

    Member
    112
    64
    Jan 30, 2015
    Canada
    That's what hacking is... Until someone makes a tool to do it for you.
     
    shinyquagsire23, neim81094 and Kafke like this.
  4. misterb98

    misterb98 Moral Gateway User. Wat.

    Member
    450
    142
    Aug 24, 2010
    United States
    This looks really nice! Ill look at trying this in a few days.
     
  5. Lord M

    Lord M GBAtemp Advanced Fan

    Member
    890
    194
    Oct 31, 2014
    Italy
    Cool :D
    This is how to have CFW+MT or same SD right?
    And you can add how to have both CFW on 1 SD? (Palantine CFW + NTR CFW)
     
  6. gamesquest1

    gamesquest1 Nabnut

    Member
    14,137
    9,479
    Sep 23, 2013
    same difference, install GW emunand and the NTR CFW launcher.dat, and then follow the steps for adding the cfw as a secondary emunand

    basically substitute any mention of MT for the NRT CFW,
     
  7. nop90
    OP

    nop90 GBAtemp Maniac

    Member
    1,422
    2,130
    Jan 11, 2014
    Italy
    Rome
    Exactly.

    You can have whatever emunand as primary setup, but Gateway is a not usefull since can' t boot without the cart and with the cart you can have all you need. A second CFW is also possible, but it is a nonsense.

    I think that MT and NRT CFW are the only two options that can profit with this setup.
     
  8. gamesquest1

    gamesquest1 Nabnut

    Member
    14,137
    9,479
    Sep 23, 2013
    yeah i didnt mean use the gateway launcher itself, but the NTR cfw uses the gateway emunand (as its simply a modified gateway launcher)....so for users who want to be able to take screenshots and stuff with their retails carts there is a small reason to have the NTR/CFW setup, but i agree for the most part i think the majority of people would be looking to have a MT/CFW setup

    if there was a way to have a NTR/GW setup that could also be handy(just for the plugins/screenshot mainly)....but that would require a modified GW launcher to read from a re-located emunand partition, right now its just *something*+CFW
     
  9. Lord M

    Lord M GBAtemp Advanced Fan

    Member
    890
    194
    Oct 31, 2014
    Italy
    Hmm... and, to the end, what is advantage of have 2 emunand linked? I can use eshop installed games launched also with NTR CFW? But im interested of use of SaveDataFiler and not swap SD each time XD
    Anyway... after turn on 3ds, how to launch first emunand and how to launch the second? ^^

    EDIT: ok i read this now:
    18) Rename the CFW launcher.dat in msetforboss.dat (or use the one in the attached zip). Now you can use the multiroploader.nds from your DS cart to select the emunand to launch with the usual DS profile exploit.

    So multiroploader.nds... this mean i need blu card inserted and not red?
     
  10. nop90
    OP

    nop90 GBAtemp Maniac

    Member
    1,422
    2,130
    Jan 11, 2014
    Italy
    Rome
    Any DS cart working on your 3DS is good. This is how CFW works.

    A couple of days ago have been post a way to setup the DS profile hack from web, so you can use this too. But it's still a wip at the moment.
     
  11. DarkMatterCore

    DarkMatterCore I like turtles.

    Member
    890
    199
    May 30, 2009
    Venezuela
    Cabimas, Zulia, Venezuela.
    I did it yesterday with GParted and DD before you decided to make this thread (I saw your post on the other tutorial). Thanks a lot!

    Since both EmuNANDs will access the same FAT32 partition, I decided to format the CFW one, in order to unlink them and avoid the CIA deletion through Data Management. This also allowed me to separate installed CIAs from eShop stuff on a single SD card, by having two unique directories under the "Nintendo 3DS" folder.
     
  12. gamesquest1

    gamesquest1 Nabnut

    Member
    14,137
    9,479
    Sep 23, 2013
    yeah atm the web setup only works for launcher.dat, i imagine it would be fairly simple to have an alternative so you can freely switch between launcher.dat and msetforboss.dat

    but atm this dual emunand method will only work if you have a compatible nds flashcard
     
  13. nop90
    OP

    nop90 GBAtemp Maniac

    Member
    1,422
    2,130
    Jan 11, 2014
    Italy
    Rome
    Still exist someone that can do things without a step by step tutorial. Great :lol:
     
  14. nop90
    OP

    nop90 GBAtemp Maniac

    Member
    1,422
    2,130
    Jan 11, 2014
    Italy
    Rome
    To launch msetforboss.dat you only have to change a memory address in the rop loader in the html page, and you can find what to change in the source code of multiroploader (if I remeber well it's opensource), so a web multirop loader is a very simple task if a skilled person really want to do it.
     
  15. DarkMatterCore

    DarkMatterCore I like turtles.

    Member
    890
    199
    May 30, 2009
    Venezuela
    Cabimas, Zulia, Venezuela.
    I even went as far as decrypting my previous CIA saves and XORing them back with the xorpads from the formatted CFW EmuNAND. Everything works great. I was particularly in deep need of something like this because I hated to switch SD cards over and over again, and the one where I had the MTNAND only has 4 GB of storage and is also slow as hell, compared to the CFW SD card (which has 32 GB of storage).

    Once again, thank you.
     
  16. nop90
    OP

    nop90 GBAtemp Maniac

    Member
    1,422
    2,130
    Jan 11, 2014
    Italy
    Rome
    I'm happy to have done something useful. As I said it was only a simple experiment.

    Now I'm working on making the CFW more stable and modify it to boot higher emunand version other than only 4.X (but without unsigned CIA support :P, I will not spread piracy).

    It should be easy at the point of RE I am, I only need unencrypted NAND dumps of target firmwares to locate where the patch have to be placed.

    But at the moment I have very few time for working on it, so it will be a long wait before any release (probably someone will anticipate me).
     
    DarkMatterCore likes this.
  17. Lord M

    Lord M GBAtemp Advanced Fan

    Member
    890
    194
    Oct 31, 2014
    Italy
    Hmm another thing: but if the dual emunand are linked, this mean that i can see my custom theme also if i launch NTR CFW? XD
     
  18. hippy dave

    hippy dave Butts Butts Megabutts

    Member
    2,588
    1,803
    Apr 30, 2012
    No, themes only work in 9.x
     
  19. Lord M

    Lord M GBAtemp Advanced Fan

    Member
    890
    194
    Oct 31, 2014
    Italy
    and for installed things? like eshop games or program like savedata? i can launch my eshop games on NTR CFW if is linked with 9.5 emunand?
     
  20. josamilu

    josamilu GBAtemp Fan

    Member
    383
    213
    Feb 1, 2015
    Gambia, The
    Saturn is better than Jupiter :P
    Wow this is awsome! Great tutorial.