I see how this can be useful, but for now, I won't do it. We've got a decent lib, but one that only works for a handful of cards. There are also FatFS limitiations that would complicate this (the G:/ drive, f.e., would nto work, we'd need a numbered one). That being said, I'm not adverse to someone else trying their hand at it, and I'd also take pull requests if someone comes up with something good. More universal support would be prefered, though.
Well, I've been thinking "if,then,else" would be awesome. That way the same script could have different routines depending on things like O3DS/N3DS, has a valid secret sector/needs one copied over, etc. Though I'm guessing that would require massive changes. Don't bother if it's too much trouble.
I've actually managed to do the entire guide now with a single script (on a single card install, swapping cards will always take two for obvious reasons). And with only GM9 being used. I've also figured out A9LH is not console-specific apparently. I trimmed dumped firms back to the size of the original injected firm files (eliminating the padding), and compared them (and the secret sectors). No differences (between O3DS and N3DS files at that). So I tested said trimmed files, and they install A9LH successfully. So, I've got the old guide as a single script too. I have SHA checks in place for all files. And I verify what I can (obviously an A9LH firm0.bin will not, but the SHA is verified by multiple systems at least).
I still managed to find a use for the boot command. The "Cakes Launcher" scripts I made for easy firmware switching work great. I gave them their own folder since there's about 7 that work with each system.
Last edited by Kazuma77,
That sounds great! In fact, I see a lot of interesting script projects these days, yours I'll count among the top. Even if it's better to go for B9S (from an end user perspective), I'd very much like to see both scripts. When they're finished, of course.
"if" and "goto" will be coming, for else I'm still thinking (you can do everything "else" can with gotos).
Is there any possible way to firmware spoof a CIA from within GodMode9? Or is hex editing still an actual requirement? I'm just fooling around with fw9.8 and wondering about this Monster Hunter XX data converter getting stuck on the looping red screen. Seems like there should technically be a solution from within GM9. I was kind of surprised using it to dump the game didn't automatically do it, or even offer a (not really necessary) region free option somewhere along the way.
Hmmm... I didn't care about this because Luma does, tbh. What would you need that for?
Fooling around on 9.8. Today I ran into something that actually wouldn't boot, which is odd since I basically haven't hit something that wouldn't before. No special reason, kind of doing this for fun, but I do think that fw spoofing remains an underrated cia building option.
changing the minimum kernel version would require cia extracting and rebuilding (in the exheader). it would be easier for luma to patch the check out, or to use a newer FIRM.
Yeah I need to brush up on my extract/rebuild. For some reason I was losing ~4 megabytes off the cia just trying earlier. Maybe the code.bin question it asks, idk. I'll get it eventually. Does Luma currently stay on top of patching those checks out, and is that by default? I must also confess I was seeing how long I could make 7.0.5 last (which likewise was just for the heck of it and to see what challenges would eventually arise).
Edit: I was also wondering if it would be technically possible to somehow accomplish the extract/rebuild and hex edit all within GodMode9. I wouldn't be surprised either way.
Last edited by Pixel Eater,
OK, "goto" works just fine for me too. That's great news.
Well, I think I've got all of the bugs worked out. I've tested all the scripts and they seem to work very well. So, here's the whole installer (minus certain files that can't be included for obvious reasons). It's a good idea to have a second set of eyes look it over anyway.
For anyone else that wants to test this, feel free. I'd advise having NTRBootHax and/or a hard mod in case something goes wrong. I've tested them and they work for me, but I can't predict every setup out there. You may need to comment out or change the lines that install Luma to CTRNAND (UPDATE: these are now commented out so they won't run until you set them up). I did not include a copy of Luma because this is meant to work alongside a configuration that it gets copied over with, then get out of it's way, not act as a standalone. Also note that the B9S installer scripts are expecting to find a "boot.firm.bak" (which my unified configurations will include) to restore as "boot.firm" after the installation, and the script will fail at the cleanup section without this in place. The A9LH installer has no such requirement, but it's heavily advised to have an "arm9loaderhax.bin" before proceeding, because it will not set one up for you. I could include GM9 as one, but the whole idea is for this to install and then get out of the way of the configuration you presumably already put on the card before copying this over it (aside from doing it all in one, this also aims to avoid a second trip to the PC). So I prefer not to overwrite more files than necessary.
You may notice some extra files for older exploits in this as well. This should work fine with most regular *hax methods as long as you provide the keys needed (they're built in on the copy of GM9 I'm using, but I can't include that here for obvious reasons). My previous version of this worked just fine with Soundhax, so this should too. I even included "Oldloader.dat" for people still on MSET (not tested though). I want everyone that has a working exploit to be able to use this. And don't worry about it cluttering your card. The cleanup part of the script deletes it all.
To use the A9LH script, you will need to dump the secret sector and firm partitions from an existing clean A9LH install on the latest version via the S: drive. None of that multi-stage stuff can be present, either. If it is, you may need to zero it out via a hex editor. The firms must then be trimmed to their original sizes (995,328 and 991,232 respectively) so the hashes will match (for Windows there's a simple freeware app named "File Trimmer" that can do this, and any other OS should have "dd" of course). Place said files in the included "arm9loaderhax" folder and the installer should recognize them. I guess you could change the hashes, but these should be reproducible.
Also, I'd advise against using the "Dual Exploit" option. UPDATE: I've removed these since they're practically useless at this point. It won't break anything not having the folder there.
One last thing. If you want a backup of your original FIRMs and secret sector, they get copied to a folder in "gm9/out" by the scripts (so that wiping "boot9strap" doesn't delete them). They will use a different folder every time, also. So if you ran the A9LH one, then later ran the B9S one, you would have both retail and A9LH firm backups you could just copy back to S: if you ever wanted to go back. I actually made that part of the script more for my swap card, so I could have a backup for every install it does. But it works well, so, why change it?
EDIT: This project also needs a name. Calling it the "AIO CFW Pack" just seems boring, lackluster, and doesn't even scratch the surface of all it does now.
UPDATE7: Decided to make it possible to use this as a standalone installer to avoid complications. Installing Luma to CTRNAND is enabled now and should work without any modifications. Having a "boot.firm.bak" on the card when installing B9S is now optional. I'd still recommend it, because this does still reboot at the end. That's not something I plan to change, because it allows me to go straight into configuring Luma once the install completes.
UPDATE8: Switched from "allow -a S:/" to "allow S:/nand.bin" because the former wasn't working. Now the scripts should ask for permission before they do anything. Updated GM9 Build.
EDIT2: Some bugs I've observed in GM9 while testing this. Built-in keys do not seem to work when installing from the Soundhax->udsploit->Safehax method. The "sector0x96.bin" will not show up. With "aeskeydb.bin" it will. The latest build of GM9 is also not loading correctly from Oldloader on an N3DS running A9LH. It works fine on an O3DS, but I have to revert to 1.3.4 to get it to load on an N3DS for some reason. Also, "allow -a S:/" doesn't seem to work, but "allow S:/nand.bin" does. I'm guessing it's because of the drive's virtual nature?
Last edited by Kazuma77,
The twln and twlp partission are gone again! In this time, only EmuNAND TWLN / TWLP disappered. They displayed correctly with Godmode v1.1.8, but with 1.2.1~ 1.3.4, they disappered.EmuNANAD CTRNAND is still displayed and "twln.bin" and "twlp.bin" are gone from EmuNAND Virtual.
This happened with 32GB SD(RedNAND), but they displayed correctly with 4GB SD(RedNAND).so it seems to be an SD issue, but on 1.1.8, TWLN/TWLP partission on 32GB SD are works correctly(Readable and Writeable).
Please help me.
entrypoint : Boot9strap
EmuNAND created with : EmuNAND9(RedNAND) as boot9strap firm.
This happened with 32GB SD(RedNAND), but they displayed correctly with 4GB SD(RedNAND).so it seems to be an SD issue, but on 1.1.8, TWLN/TWLP partission on 32GB SD are works correctly(Readable and Writeable).
Please help me.
entrypoint : Boot9strap
EmuNAND created with : EmuNAND9(RedNAND) as boot9strap firm.
Rebuild is not possible for reasons of slow SD card access. Seriously, you wouldn't want to do that on console.
Great stuff, I always like seeing scripting getting put to good use!
And, you found bugs... I'll need to look into that. The key setup not working is expected - we don't have the keys in that entrypoint. OldLoader breaking was not intended, we'll look into it. And the global allow should work for virtual drives, too. I'll find out.
EDIT: Yup, you should have used "allow -a S:". Don't add that last slash.
EDIT2: Could you try OldLoader as arm9loaderhax.bin (or arm9loaderhax_si.bin earlier) and see if it still doesn't work? Also, @Kazuma77 - would be great to have you on IRC. Freenode #Cakey, if you want.
Duh... okay, in that case, does TWLN / TWLP still work on SysNAND? Ie. drives 2: / 3: available?
Last edited by d0k3,
Ah, so the "/" was the issue. That's the one thing that always gets me mixed up. When to use it, and when not to. Sure, I'll try it as "arm9loaderhax_si.bin" -- I already know it needs the "si" in the name from my tests launching Skeith with it. And I'm glad you liked the scripts. I've also got a swap card layout. And there's the unified configurations themselves. They'll be a bit difficult to customize because I had to give every chainloader it's own scripts folder, but the results speak for themselves.
IRC... it's been years. The last time I messed with that I was running Eggdrops and PsyBNC on an extra Xbox I had laying around. A bit unconventional, but it was perfect for EFNet. Drove attackers nuts
Anyway, I'll definitely consider it.Yes,SysNAND TWLN/TWLP still works.
This problem will be solved if I format my SD card.It's OK, but I'm wondering why does it work on 1.1.8 and doesn't work on 1.2.1~.
Well, if SysNAND TWLN / TWLP work, we don't have a key issue. If EmuNAND CTRNAND works, we don't have an IV issue either... that really leaves us with only an SD card issue or a corrupted partition. Now, SD cards arfe wonky sometimes, and the 3DS reader / writer hardware is not the best there is, but, still, pretty strange issue. Before you do anything, could you check twlmbr,bin on E:/? Maybe copy the same file over from S:/ to E:/? NOT(!) vice versa, copy from S:/, paste to E:/.
You may want to consider adding your scripts to the GM9 scripts megathread, doing your own thread for it, or putting them up on GitHub. Here, they will only be buried under the following posts. Also, best to try both, arm9loaderhax.bin and arm9laoderhax_si.bin. GodMode9 has it's own screeninit, and should, in theory, be able to run from arm9loaderhax.bin.Ah, so the "/" was the issue. That's the one thing that always gets me mixed up. When to use it, and when not to. Sure, I'll try it as "arm9loaderhax_si.bin" -- I already know it needs the "si" in the name from my tests launching Skeith with it. And I'm glad you liked the scripts. I've also got a swap card layout. And there's the unified configurations themselves. They'll be a bit difficult to customize because I had to give every chainloader it's own scripts folder, but the results speak for themselves.
IRC... it's been years. The last time I messed with that I was running Eggdrops and PsyBNC on an extra Xbox I had laying around. A bit unconventional, but it was perfect for EFNet. Drove attackers nuts
I'm planning to do my own release thread on multiple sites when it's done. I think all that's left is the documentation. But you said you wanted to see it, so, I figured I'd give you and anyone else paying attention to the thread a sneak peak. I also thought maybe you might spot any mistakes I missed.
Well, your screen init does not appear to kick in. As "arm9loaderhax.bin" it's only giving a black screen. Gives the same weird effects on the screen when run as "arm9loaderhax_si.bin" though. It's unusual that it's only happening on the N3DS. Maybe I should try another N3DS just to be sure.
EDIT: Tried it on my main N3DS since my test one kind-of has a messed up bottom screen that doesn't look right. I got similar results, but on my good one I can see some really tiny text on the bottom screen. The app is actually working, it's just like it's trying to run at the wrong screen resolution or something.
Last edited by Kazuma77,
@d0k3 I'd love to be able to take my SD card and copy the contents to my PC and then convert to cia or citra's format given that i supply the b o o t 9 stuff from my 3ds. Is it possible for you to port that part of the godmode9 code to a standalone windows utility? the ctrtool works for decrypting cia i already have on a pc but not decrypting the SD card content and it would be a lot faster than using the 3ds to do the work. Thanks for considering and great work!
It is possible, but rather complicated. If some other dev would be interested in tackling that project, I'd offer support and advice, btu for now I won't do it mysef.
Similar threads
