Hacking Yifanlu releases 3ds cfw Cosmo3DS

[laharl22]

what firm file do you use ? for me always black screen with ctrbootmanager9

 

[Pecrow]

I'm not sure if it'll ever work correctly. Sure the serial is changed, but the CtCert (derived from OTP data) is not. NNID login checks both and they have to match. One thing you can try is to inject the CtCert--you need to dump ARM9 ITCM from the 2DS and inject it into your n3ds through firmlaunchhax. However, I don't know if anyone's done this publicly and if it works or not.

I've started looking into this.. do I have to do the whole downgrade to 2.1.0 to be able to extract OTP? (sample guide https://github.com/Plailect/Guide/wiki/Part-4-(Getting-the-OTP)) I also see that it exports a otp.bin file, how would I extract the CtCert from that?

 

[yifan_lu]

I've started looking into this.. do I have to do the whole downgrade to 2.1.0 to be able to extract OTP? (sample guide https://github.com/Plailect/Guide/wiki/Part-4-(Getting-the-OTP)) I also see that it exports a otp.bin file, how would I extract the CtCert from that?

No. You can't replace the OTP (literally that's what it means by "one time programable"). But CtCert is derived from it and placed into the ITCM on boot. The idea is that you replace the ITCM data for the ctcert (documented on the wiki) with one you dumped from another 3DS upon boot either with firmlaunchhax or a9lh. You don't even have to dump OTP for this.

 

[breakingspell]

So i'm eager to get started on the procedure detailed at http://gist.github.com/yifanlu/e80db121d38aceb8cca0e03cefd5853b

I've got a hardmodded A9LH O3DS XL and a region-changed (SecureValue_A) N3DSJ, both running 9.2.0U downgraded from 11.0.0U, and a proxy set up and running on my server to intercept the requests.
However, I seemingly can't get code.bin with my server's IP to execute using Spider on the O3DS, it drops me back to the system menu, and my proxy doesn't pick up the requests when starting a system transfer.
It may be staring me in the face, but I probably need to compile code.bin, as at the moment, I can open it and edit the contents.
I'm running Luma3DS on both consoles, is there a way I can build this patch directly into Luma? Can't find any documentation on integrating NIM patches..

 

[yifan_lu]

So i'm eager to get started on the procedure detailed at http://gist.github.com/yifanlu/e80db121d38aceb8cca0e03cefd5853b

I've got a hardmodded A9LH O3DS XL and a region-changed (SecureValue_A) N3DSJ, both running 9.2.0U downgraded from 11.0.0U, and a proxy set up and running on my server to intercept the requests.
However, I seemingly can't get code.bin with my server's IP to execute using Spider on the O3DS, it drops me back to the system menu, and my proxy doesn't pick up the requests when starting a system transfer.
It may be staring me in the face, but I probably need to compile code.bin, as at the moment, I can open it and edit the contents.
I'm running Luma3DS on both consoles, is there a way I can build this patch directly into Luma? Can't find any documentation on integrating NIM patches..

Sure you can. Those instructions were written before 3ds_injector was a thing.

 

[breakingspell]

Sure you can. Those instructions were written before 3ds_injector was a thing.

Awesome, so I just drop code.s into /patches and make? In the process of rounding up all the dependencies, haven't set up a build enviro in a while.

EDIT: Luma3DS builds fine, but the output doesn't mention it picking up on the patch. Can't find any info in it's documentation about where to place patches for the 3ds_injector component, i'll keep poking around though.

 

[yifan_lu]

Awesome, so I just drop code.s into /patches and make? In the process of rounding up all the dependencies, haven't set up a build enviro in a while.

EDIT: Luma3DS builds fine, but the output doesn't mention it picking up on the patch. Can't find any info in it's documentation about where to place patches for the 3ds_injector component, i'll keep poking around though.

No... of course you can't just do that. Honestly, no offense, but if you can't get this part down, I really don't think you should be attempting this. This is the part of the instructions that I thought were so easy, I didn't even have to mention it... so as for the rest of the instructions...

 

[breakingspell]

No... of course you can't just do that. Honestly, no offense, but if you can't get this part down, I really don't think you should be attempting this. This is the part of the instructions that I thought were so easy, I didn't even have to mention it... so as for the rest of the instructions...

Yeah, i've been reading your guide up and down all day, i'm no stranger to intercepting network traffic, but building has never been my strong suit. I'm confident it won't be long before there's a more efficient process, but i'll keep at it, see if I can get it working. Worst-case scenario, i'll have learned a little

 

[yifan_lu]

Yeah, i've been reading your guide up and down all day, i'm no stranger to intercepting network traffic, but building has never been my strong suit. I'm confident it won't be long before there's a more efficient process, but i'll keep at it, see if I can get it working. Worst-case scenario, i'll have learned a little

Basically you need to translate the patches I wrote for NTR into 3ds_injector. So--assuming you're on the right FW version--that's just a matter of finding the title id of the process that patch corresponds to and coding the patch directly into the injector. But of course, the "easier" way is to just make sure you're on 9.2.0-20U (vanilla--no cfw, no hacked titles, etc) and run the spider code.bin.

 

[DjoeN]

@yifan_lu

Getting compile errors:

make[1]: Entering directory `/d/CFWs/Cosmo3DS/injector'
fsldr.c
arm-none-eabi-gcc -MMD -MP -MF /d/CFWs/Cosmo3DS/injector/build/fsldr.d -fl
to -Wall -Os -mword-relocations -fomit-frame-pointer -ffunction-sections -fdata-
sections -march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft -I/d/CFWs/
Cosmo3DS/injector/include -I/c/devkitPro/libctru/include -I/d/CFWs/Cosmo3D
S/injector/build -DARM11 -D_3DS -c /d/CFWs/Cosmo3DS/injector/source/fsldr.
c -o fsldr.o
d:/CFWs/Cosmo3DS/injector/source/fsldr.c: In function 'FSLDR_OpenFileDirec
tly':
d:/CFWs/Cosmo3DS/injector/source/fsldr.c:91:22: error: request for member
'id' in something not a structure or union
   cmdbuf[2] = archive.id;
                      ^
d:/CFWs/Cosmo3DS/injector/source/fsldr.c:92:22: error: request for member
'lowPath' in something not a structure or union
   cmdbuf[3] = archive.lowPath.type;
                      ^
d:/CFWs/Cosmo3DS/injector/source/fsldr.c:93:22: error: request for member
'lowPath' in something not a structure or union
   cmdbuf[4] = archive.lowPath.size;
                      ^
d:/CFWs/Cosmo3DS/injector/source/fsldr.c:98:44: error: request for member
'lowPath' in something not a structure or union
   cmdbuf[9] = IPC_Desc_StaticBuffer(archive.lowPath.size, 2);
                                            ^
d:/CFWs/Cosmo3DS/injector/source/fsldr.c:99:29: error: request for member
'lowPath' in something not a structure or union
   cmdbuf[10] = (u32) archive.lowPath.data;
                             ^
make[2]: *** [fsldr.o] Error 1
make[1]: *** [build] Error 2
make[1]: Leaving directory `/d/CFWs/Cosmo3DS/injector'
make: *** [build/patches.h] Error 2

Also i bet it will error out when using latest ctrulib since it gives errors on all cfw/homebrew that uses cakebrah/brahmaloader on latest ctrulib.