Some custom firmwares such as AuReiNand now have region-free built into them, so you should use that instead if you just care about playing out-of-region games.
This could still be useful if you wanted to extract and rebuild Home Menu (or any system title) though.
This should go without saying, but using a patched Home Menu or NS will only work if using EmuNAND or arm9loaderhax with SysNAND. If you do this and install the modified Home Menu/NS to SysNAND without arm9loaderhax, you will brick.
Some might wait for a custom firmware to have this built in, some might want the Home Menu itself to do this. I like having this because it's more like actual custom firmware (loading pre-patched code into memory), but to each their own
And finally, this isn't really my work. The patch for Home Menu and NS is taken from Free multi Patcher, @daxtsu and I found out we could rebuild a Home Menu/NS CIA with these included.
Free multi Patcher searches for some bytes in memory when you try to use its region-free patch. Well, these bytes exist with Home Menu and NS system-module code.bin. If you can figure out how to rebuild a CIA (without doing 3DS -> CIA, unless that's possible for system titles?), then you can put these directly into the code.
Home Menu needs to be patched to show out-of-region icons, NS only needs to for out-of-region game cards due to the update partition. If you are only using out-of-region CIAs, you don't need to patch NS.
The exact bytes to patch are here:
https://github.com/hartmannaf/Free-...7ec2e99eedb07213/source/patches.cpp#L158-L186
The offsets for these change depending on region and version. For instance, here's 10.6.0-31U Home Menu:
For the Home Menu, 16 bytes need to be replaced. FMP only replaces 8, so the extra 8 are all 00.
NS only needs 4 bytes to be replaced with 4. This appears in the code twice, at least with 10.0 - 10.3.
I can't give a full tutorial on how to rebuild the CIA, however if you know how to use 3dstool and things, this might help you get started. Please back up your Sys/EmuNAND before you mess with important system titles.
Decrypt the original CIA first with Decrypt9 (Game Decryptor Options -> CIA Decryptor (deep)).
Once the CIA has been created, encrypt NCCH using Decrypt9 before installing, or it won't boot (Game Decryptor Options -> CIA Encryptor (NCCH)).
(Thanks to this post for helping with extracting and rebuilding the CXI)
Here's the video I made showing it off with normal ReiNand:
This could still be useful if you wanted to extract and rebuild Home Menu (or any system title) though.
This should go without saying, but using a patched Home Menu or NS will only work if using EmuNAND or arm9loaderhax with SysNAND. If you do this and install the modified Home Menu/NS to SysNAND without arm9loaderhax, you will brick.
Some might wait for a custom firmware to have this built in, some might want the Home Menu itself to do this. I like having this because it's more like actual custom firmware (loading pre-patched code into memory), but to each their own
And finally, this isn't really my work. The patch for Home Menu and NS is taken from Free multi Patcher, @daxtsu and I found out we could rebuild a Home Menu/NS CIA with these included.
Free multi Patcher searches for some bytes in memory when you try to use its region-free patch. Well, these bytes exist with Home Menu and NS system-module code.bin. If you can figure out how to rebuild a CIA (without doing 3DS -> CIA, unless that's possible for system titles?), then you can put these directly into the code.
Home Menu needs to be patched to show out-of-region icons, NS only needs to for out-of-region game cards due to the update partition. If you are only using out-of-region CIAs, you don't need to patch NS.
The exact bytes to patch are here:
https://github.com/hartmannaf/Free-...7ec2e99eedb07213/source/patches.cpp#L158-L186
The offsets for these change depending on region and version. For instance, here's 10.6.0-31U Home Menu:
Code:
normal: 00 00 55 E3 01 10 A0 E3 11 00 A0 E1 03 00 00 0A
patched: 01 00 A0 E3 70 80 BD E8 00 00 00 00 00 00 00 00
Code:
normal: 0C 18 E1 D8
patched: 0B 18 21 C8Decrypt the original CIA first with Decrypt9 (Game Decryptor Options -> CIA Decryptor (deep)).
Once the CIA has been created, encrypt NCCH using Decrypt9 before installing, or it won't boot (Game Decryptor Options -> CIA Encryptor (NCCH)).
Code:
# extract CIA contents
ctrtool --contents=contents 0004003000008F02.cia
# extract CXI contents - the content ID (00000083) changes depending on region and version
3dstool -xvtf cxi contents.0000.00000083 --header ncch.header --exh exheader.bin --exefs exefs.bin --romfs romfs.bin --plain plain.bin
# extract ExeFS contents and header
3dstool -xvtf exefs exefs.bin --exefs-dir exefs --header exefs.header
# decompress code
3dstool -uvf exefs/code.bin --compress-type blz --compress-out code-orig.bin
# copy "code-orig.bin" to "code-patched.bin" and patch here
# re-compress code
3dstool -zvf code-patched.bin --compress-type blz --compress-out exefs/code.bin
# re-create ExeFS
3dstool -cvtf exefs exefs2.bin --exefs-dir exefs --header exefs.header
# re-create CXI
3dstool -cvtf cxi patched.cxi --header ncch.header --exh exheader.bin --exefs exefs2.bin --romfs romfs.bin --plain plain.bin
# re-create CIA
makerom -f cia -o HomeMenu-U-10.6-patched-noncch.cia -content patched.cxi:0 -ver 45000
# "ver" can be hex or an integer. you can change this without rebuilding by changing the two bytes at offset 0x2F9C of the CIA fileHere's the video I made showing it off with normal ReiNand:
Last edited by ihaveahax,
