1. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    As a fun project I've written an homebrew (a simple hello world) with the intent to inject it inside a XCI.
    So what I did:
    1) compiled my code and obtained my main.nso
    2) using hactool I've extracted one of my XCI
    3) still using hactool I've extracted the exefs/romfs from the corresponding NCA
    4) I've deleted the original main (nso) and I've put my main (nso)
    5) I've rebuilt the NCA using hacpack
    6) I've rebuild the XCI using hacbuild

    Now, I can mount the XCI without any problem, but when I start it I get a generic error. I've the suspect that I've to path the main.npdm file inside the exeFS, but there might be more to patch elsewhere. Or maybe I've to generate some meta for the new NCA?

    Any informations to share? thanks ;)
     
    Last edited by SwitchMods, Oct 24, 2018
  2. Bigjokker

    Bigjokker GBAtemp Regular
    Member

    Joined:
    Jan 4, 2015
    Messages:
    115
    Country:
    United States
    For a working XCI/NSP you need a minimum 3 NCAs a Control, Program and a meta.
     
  3. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    How is the meta nca generated? Maybe I need to generate a new meta for my customized program nca. Also are the name of ncas meaningful?
     
  4. Bigjokker

    Bigjokker GBAtemp Regular
    Member

    Joined:
    Jan 4, 2015
    Messages:
    115
    Country:
    United States
    Using hacpack-GUI select the meta nca tab. Select the Program NCA browse button and select your Program NCA. Select the Control NCA browse button and select your Control NCA. Then Build Meta NCA.

    I never changed the NCA name but if I had to guess it would cause some problems.
     
  5. JRoad

    JRoad Developer
    Developer

    Joined:
    May 18, 2018
    Messages:
    1,002
    Country:
    Spain
    4 for an xci, but i did put a fix in my topic https://gbatemp.net/threads/xci-builder.516977/page-10
    And will post an updated version of hacbuild during the weekend that will do more than 4nca in secure.
    And you actually can build with 2nca, although it'll be a placeholder. I'll add a placeholder function to my builder too.

    Take into mind that this is a quick fix that won't go in the main line since i'll update my builder during the weekend.
     
    Last edited by JRoad, Oct 24, 2018
  6. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    Thanks both @Bigjokker and @JRoad for your replies!

    The XCI I'm working on have 4 NCAs in the secure partition (one is EXEFS/ROMFS, one is meta, and idk what are the other two). How can I find which one is the Control NCA?

    Many thanks!

    EDIT: Nvm, I found that I can check the content type using the -i option in hactool!

    So the NCAs are:

    1) ExeFS/RomFS
    2) RomFS
    3) Control
    4) Manual

    When using hackpack to build the meta: Program NCA is the first one, Control NCA in the 3rd one. Then is "Legal Informations" NCA the 4th one? and is "Data NCA" the 2nd one?
     
    Last edited by SwitchMods, Oct 24, 2018
  7. JRoad

    JRoad Developer
    Developer

    Joined:
    May 18, 2018
    Messages:
    1,002
    Country:
    Spain
    Data is for the dlcs.
    1. Program
    2. Control
    3. Manual/Legal
    4. Meta > linking the other 3.
     
    SwitchMods likes this.
  8. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    Yeah it was obvious xD Sorry for not having figured out immediately! Thanks you :)

    Anyway I've an update:
    I tryied to extract the exefs, romfs, etc, then repack them and generate a new meta (but without editing the contents of exefs) and after repacking the xci, I can boot it successfully :D
    The problem now is when I swap the original main (nso) with my own main (nso) in exefs... after doing this, the xci refuse to boot.......
    I have the suspect that I can't just swap the main executable without generating a valid main.npdm file... right?
     
  9. JRoad

    JRoad Developer
    Developer

    Joined:
    May 18, 2018
    Messages:
    1,002
    Country:
    Spain
    exefs/romfs is the program one. You didn't check the nca types when extracting?
    Yeah I think you need a new .npdm but I can't help you with that one.
     
  10. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    Yeah I did, but was in a hurry this afternoon sorry :)

    Okay I'm going to study a method to generate a valid .npdm... What about the other files in exeFS: rtld, sdk and subsdk0? should I patch them too?

    When I'll be done, I think I'll write a tutorial so other ppl can mod/hack their xcis too
     
  11. Bigjokker

    Bigjokker GBAtemp Regular
    Member

    Joined:
    Jan 4, 2015
    Messages:
    115
    Country:
    United States
    To get you started Switch-tools-https://github.com/switchbrew/switch-tools can be used to create your npdm file.

    rtld, sdk and subsdk0 files belong to the original games Main. You can just delete them.
     
  12. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    Thanks. I've compiled the source, and I've figured out that it needs a json to build a npdm. I've dumped the original game npdm to json (using hactool) but now I don't know how to proceed. There is a list of permissions and a list of syscalls, but idk which one my helloworld homebrew requires. Uhmmm..

    Also, as a side note, I've found that there is also another folder called "normal" that contains another copy of the game manual nca and a meta nca (I've replaced this one with the one that I've generated and copied to secure, right?)

    EDIT: I was thinking.... is there anything that I should patch/edit inside the control nca also? (I'm asking this because I saw a .nacp file inside this nca, and libnx generated a .nacp file for me when I biult my homebrew)
     
    Last edited by SwitchMods, Oct 24, 2018
  13. Bigjokker

    Bigjokker GBAtemp Regular
    Member

    Joined:
    Jan 4, 2015
    Messages:
    115
    Country:
    United States
    If your don't have the game installed on your system then you can keep the same titleID in the npdm and not have to rebuild one. The normal folder can be empty. Just delete and put everything in the secure folder.

    You can open the control.nacp file with a hex editor and rename the game title to "Hello World" and the icon_AmericanEnglish.dat is just a 256x256 jpg. You can change that to any pic you like.
     
  14. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    @Bigjokker thank you. All your help is really appreciated. So the nacp file is not "crucial" for booting the game... I'll leave it as it is for the moment. And I'm glad that you confirmed that the normal folder is correctly configured.

    Uhm, I haven't understood this part. The game I'm hacking is currently installed on my switch, and when I try to boot with the hacked xci I get memory permission error (matching my error code with the switchbrew list), so well I think that npdm need to be patched...
    I can ofcourse try to remove the original game from my switch and run it with the hacked xci, but I doubt I'll be able to boot without a patched npdm :(

    I know that I'm abusing your patience, but do you know if there is a way to autogenerate an npdm with only my main.nso? Thank you very much
     
  15. Bigjokker

    Bigjokker GBAtemp Regular
    Member

    Joined:
    Jan 4, 2015
    Messages:
    115
    Country:
    United States
    The only crucial thing about the nacp file is it contains the titleID in it(in little-endian). If the titleIDs don't match up then you will run into errors.



    What I mean is if the Original game is already installed on your system then that titleID is being used for that game. You can't install your hello world program with that titleID because it will conflict with the game.

    As long as the titleID is not being used you should be able to use npdm.
     
    Last edited by Bigjokker, Oct 24, 2018
  16. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    I haven't touched the original nacp file so I should be good (I've just swapped the main.nso with my own main.nso, and afaik the nso have no titleid nor check the titleid)

    Well, I'm usign XCI here (not nsp) so what I can do is removing the software from the horizon main screen. Anyway I've already done that, and I still get the same error as before (that is according to switchbrew "
    Process already started/Wrong memory permission?"). I'm still convinced that the problem is in the npdm that I'm using (the original one), because ofcourse the original nso have different permissions/attributes than my homebrew. I think that the only way to be able to boot is to create a proper npdm.

    Well, thank you very much for all your help @Bigjokker ! I really appreciated it :)
     
  17. SwitchMods
    This message by SwitchMods has been removed from public view by Quantumcat, Oct 25, 2018, Reason: Dupes.
    Oct 24, 2018
  18. SwitchMods
    This message by SwitchMods has been removed from public view by Quantumcat, Oct 25, 2018, Reason: Dupes.
    Oct 24, 2018
  19. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    A quick update for all ppl that are following this adventure.

    I was eventually able to generate a valid npdp (and I'm 100% sure that it is working because I tried it with the original nso), but the kernel panic is still there (when using my nso). So I tried many other nso from other homebrews, and every one gave me the same kernel panic. Uhmmmm.....

    Well tomorrow I'll try to create an xci from scratch using an nso from an actual NSP game. If I'll succeed, then I'll raise my suspect that there might be some bug in libnx that generate invalid/corrupted NSO and that's the reason of the kernel panic. We will see...
     
  20. SwitchMods

    OP SwitchMods Member
    Newcomer

    Joined:
    Aug 27, 2018
    Messages:
    37
    Country:
    Netherlands
    Good news: I managed to make it to boot! I mean, I used the executable o metal slug injected in street fighter and it works! :D :D

    No, the bad news: I'm almost sure now that there is a bug in the NSO generated by libnx (devkitpro), because these are the only executables that cause the kernel panic when booting.

    @Bigjokker what do you think we should do? Should we report this bug to libnx devs?
     
    Last edited by SwitchMods, Oct 27, 2018
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - hacking, problem, should