4dsdev
Views: 613,206 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 11-17-17 06:07 PM
Guest:

0 users reading Injecting other apps over Health & Safety? | 1 bot

Main - Homebrew discussion - Injecting other apps over Health & Safety? New reply

Pages: 1 2 3
Syphurith
Posted on 11-02-15 10:26 AM Link | #667
Posted by d0k3
Glad to hear it worked with DevMenu, too!

I will streamline a lot of that by adding a new feature to Decrypt9. Decrypt9 can handle the TMD update, decryption and reencryption.

And, of course we can generate xorpads for decrypted NCSD/NCCH, using the Python script and real hardware, of course. Or did you mean something else?

Eh.. Yes if that is added to decrypt9 that could be super convinient.
However i think release a easy-to-use PC edition with xorpad decryption/encryption may be a starter kit for guys.
At least 3dstool did quite a bulk of dirty work.. Ha.
Still, i don't know if you have finally succeeded in the injection to your N3DS..
So i think using this PC edition to be a alpha/beta, and the code could be taken to decrypt9.

d0k3
Posted on 11-02-15 10:46 AM Link | #668
Posted by Syphurith
Eh.. Yes if that is added to decrypt9 that could be super convinient.
However i think release a easy-to-use PC edition with xorpad decryption/encryption may be a starter kit for guys.
At least 3dstool did quite a bulk of dirty work.. Ha.
Still, i don't know if you have finally succeeded in the injection to your N3DS..
So i think using this PC edition to be a alpha/beta, and the code could be taken to decrypt9.

I'll try it this evening (my timezone, obviously) and will write about it afterwards.

Moving everything to Decrypt9 would be too much, but...
o I'll add one feature to extract & decrypt the H&S app from SysNAND
o Generating the .app to inject would have to be handled on PC, obviously
o And I'll add another feature to encrypt & inject the new app and also adapt the TMD in the process

Not super convenient, but convenient enough, I think. Because of the decryption / encryption / xorpad generation, this can't be done without real hardware and Decrypt9 or similar anyways. If you have some ideas how to streamline it differently, that would be very good, too, as I don't want to force people to use Decrypt9.

Syphurith
Posted on 11-02-15 11:11 AM (rev. 2 of 11-02-15 11:13 AM) Link | #669
Posted by d0k3
I'll try it this evening (my timezone, obviously) and will write about it afterwards.

Moving everything to Decrypt9 would be too much, but...
o I'll add one feature to extract & decrypt the H&S app from SysNAND
o Generating the .app to inject would have to be handled on PC, obviously
o And I'll add another feature to encrypt & inject the new app and also adapt the TMD in the process

Not super convenient, but convenient enough, I think. Because of the decryption / encryption / xorpad generation, this can't be done without real hardware and Decrypt9 or similar anyways. If you have some ideas how to streamline it differently, that would be very good, too, as I don't want to force people to use Decrypt9.

Thanks for your effort.. Really.
Do you remember how they convert those 3DS/CXI to CIA?
Just generate the xorpad, and put the files in correct location, and let tools handle the work.
Also, you can get a file totally legal from CDN. Its decrypted CXI content can generate a good xorpad.
What i expected is:
1.User reads the manual to know what .app and .tmd he should get from the decrypted NAND/Decrypt9/other.
2.User puts the files in folder, and use generation xorpad tool. Then he uses decrypt9 or other for the xorpads.
3.User puts the xorpads in xorpads folder, and start the execution.
4.User gets the valid product from tool. He then puts the files to good location of SD card, following manual.
5.User then uses the decrypt9/other to done the injection.
Or for decrypt9 users: they just put the files in correct location, it would look for the overwritten app, and backup, generate, inject. All-In-One solution.

But still, why i listed all those as above?
1.You can not expect such unsigned contents without signature patched to work. Yes i know those generated ones NCCH signature - FAIL.
2.If the main part is done offline, they may have a better choice. Most of them already know "NOT UPDATE" - yup - so the APP and TMD version would be kept for a long time. They may want to try another APP for it if they like. Once injected failed, they can re-generate another with ease.
3.We can not say the tools would always work. So once something wrong happens a PC version might be quite easy to debug.
4.Yes CIA, CXI can be decrypted in decrypt9 super easily. However there are still guys used to use the xorpads.
5.Once the PC is likely stable, you can get a better base for your decrypt9 feature, and offer decrypt9 users a better option. Like 'Premium'.

You don't have to. I've already set up decrypt9 to boot via MSET. Let theirselves find this is better, they would spread the finding.

Syphurith
Posted on 11-02-15 06:57 PM (rev. 3 of 11-03-15 07:50 AM) Link | #670
I've found a relationship to a common error.
As you know sometimes injected the generated app, the H&S shows no banner.
This is actually caused by a wrong crypto mark. To be used there, you have to made the injection app Encrypted. However, in NCCH file, 0x01BF. The mark should be cleared to "Crypto:Secure(0)" or else it would show "Crypto:None". This is due to 3dstool implementation, it sometimes just throws this mark away. I know how you might think about it. Oh no. It wouldn't load a wrong crypto, nor a decrypted one. And, even it is without the romfs.bin it could still run - if the original injection app requires no romfs.bin. So dummy romfs.bin is not really that needed.

Finally I've got some correct injection apps. The tool is here: NodeJS version Link removed due to out-of-date.

d0k3
Posted on 11-03-15 05:04 AM Link | #671
Posted by Syphurith
I've found a relationship to a common error.
As you know sometimes injected the generated app, the H&S shows no banner.
This is actually caused by a wrong crypto mark. To be used there, you have to made the injection app Encrypted. However, in NCCH file, 0x01BF. The mark should be cleared to "Crypto:Secure(0)" or else it would show "Crypto:None". This is due to 3dstool implementation, it sometimes just throws this mark away. I know how you might think about it. Oh no. It wouldn't load a wrong crypto, nor a decrypted one. And, even it is without the romfs.bin it could still run - if the original injection app requires no romfs.bin. So dummy romfs.bin is not really that needed.

Finally I've got some correct injection apps. The tool is here: NodeJS version

Thanks a ton for pointing that out! But, at 0x1BF in the NCCH header, there is nothing ("reserved area", see here). Did you mean 0x18F?

As for the NodeJS version... does that require any additional stuff installed? To be pretty blunt, I'm hoping @Shadowtrance makes that GUI once we have that thing running stable enough :).

Syphurith
Posted on 11-03-15 06:36 AM (rev. 7 of 11-03-15 09:47 PM) Link | #672
Posted by d0k3
Thanks a ton for pointing that out! But, at 0x1BF in the NCCH header, there is nothing ("reserved area", see here). Did you mean 0x18F?

As for the NodeJS version... does that require any additional stuff installed? To be pretty blunt, I'm hoping @Shadowtrance makes that GUI once we have that thing running stable enough :).

Yes my mistake. It was 0x18F exactly.
The NodeJS version currently only works for stuffs from decrypted+unpacked CIA.
\cia\FBI.cia
\ori\0004001000020300-2050.0000.00000002 # Extracted from decrypted 0004001000020300-2050.cia
\ori\tmd
\xor\0004001000020300.Main.exefs_norm.xorpad # Xorpads generated from \ori\0004001000020300-2050.0000.00000002
\xor\0004001000020300.Main.exheader.xorpad
\xor\0004001000020300.Main.romfs.xorpad
I am now fixing it to let it auto rename those in ori so it would proceed as normal.

Now, I have its v5 edition, Get it Here Link removed due to out-of-date.
To run this package, you would need Nodejs executable.
You can get one from nodejs.org/dist/latest/. ie. x64 windows, get https://nodejs.org/dist/latest/win-x64/node.exe
Once you get it, place the executable along side with the extracted contents, with the do.js. And just do.bat. For Linux, open a console there and 'node do'.
Note: surely you would have to place the original H&S to ori (doesn't matter whether that is encrypted or not or even extracted from CIA), inject CIA to cia, and H&S xorpads to xor. It doesn't matter if there are more xorpads than the target H&S in the xor folder.
It would display what it actually called, and shows the result.

Oh yes, most users love the GUI. Even RxTools is getting weird.

Syphurith
Posted on 11-03-15 10:01 PM (rev. 2 of 11-03-15 10:02 PM) Link | #674
Oh man i'm feeling shame when i upload those again and again to fix some stupid bugs.
The old ones messed up the names with multiple contents.
Newest here:
Multiple contents would be generated in good names. I mean in their original IDs in the TMD.
So you might want to have a try. It finally get to a stage. Whoa.

ShadowTrance have injected FBI successfully into N3DS, which isn't supported by old rxTools and Riku packages.
Hope ShadowTrance can make a good UI for all these steps.

Shadowtrance
Posted on 11-04-15 02:01 AM (rev. 2 of 11-04-15 02:02 AM) Link | #677
Yeah I'm slowly (attempting) to write a GUI version, most of the node script makes no sense to me at all though. haha So kinda stalled a bit at the moment.
Someone want to translate it to something i can actually make sense of? :P yeah i don't get js at all...

Even the latest node script translated to batch would help to be honest. :)

d0k3
Posted on 11-04-15 03:27 AM Link | #678
@Syphurith, compared to my latest Windows .bat script - what is changed in your newest nodeJS script? Is it only the xorpad encryption, or is it more?

Syphurith
Posted on 11-04-15 04:12 AM (rev. 11 of 11-04-15 04:41 AM) Link | #679
Posted by Shadowtrance
Yeah I'm slowly (attempting) to write a GUI version, most of the node script makes no sense to me at all though. haha So kinda stalled a bit at the moment.
Someone want to translate it to something i can actually make sense of? :P yeah i don't get js at all...

Even the latest node script translated to batch would help to be honest. :)

Indeed you can just run it with something. Then BEFORE it finishes and let you close it, just take a look at all its output.

Posted by d0k3
@Syphurith, compared to my latest Windows .bat script - what is changed in your newest nodeJS script? Is it only the xorpad encryption, or is it more?

Not only the xorpad encryption.
1. It supports multiple contents. Yes, at least for N3DS users.
2. Maybe multiple platform supports. Should work with linux, when "node do" and proper tools prepared.
3. Auto fix the Crypto keys to Secure (0).
4. Removed dummy romfs generation (commented). Since i found it still works for me..


Also i have something to tell you all. Since you can generate xorpads from decrypted CXI. And we can repack a valid decrypted CXI. Then, we may have no limit on its file size, actually. However that leads to another routine, so would be much use if with decrypt9 and real console. Oh, or with a UI so the program can ask for xorpads if no good xorpad is given. Or, much simplier, just modify the ncchinfo_gen.py to get oversized (than H&S) xorpads. This could be a tool running against the decrypted CIA. Yes these are only several bytes different between the ncchinfo.bin.
I can confirm the xorpad should be generated correctly. Now testing the injected Spider browser - 15MB must be bigger than H&S itself....
Oh it finally found that is weird and stopped me, lol. So original file size may be recorded already..

d0k3
Posted on 11-04-15 09:07 AM Link | #680
I didn't think about the xorpad problem, either. You could make your script generate the ncchinfo.bin on it's own, it's actually pretty easy.

Btw, you already saw it anyways, but everyone keeping an eye on this thread:
Posted by d0k3 on GBAtemp.org
... AND IT WORKS!!!

Decrypt9 now includes two new features, one for dumping the H&S app, the other for injecting it. You need to compile from source, there's no binary release yet. And I suggest you use my last batch script to generate the inject .app (yup, .tmd / .xorpads not required), because the .app to inject needs to be the exact same size as the original H&S app (that requirement will most likely be removed later), and I'm not sure if @Syphurith's script makes sure of that.

I will most likely refine some of how this works now. And, btw, we can easily inject to other system apps, too, but I'm unsure if that would be a good idea.

Now, although the Decrypt9 way might be the more noob friendly in the long run, we still need @Syphurith's script - because only with Syphuriths method, the .app to inject can be bigger than the original H&S app (that would never work in Decrypt9). If @Shadowtrance makes that GUI, it best includes both ways (with / without D9).


Advantages of the Decrypt9 method:

Faster, needs only 3 steps (dump hs.app via D9, create inject app on PC, inject hs.app via D9).
You only need to handle the .app file, no .tmd or .xorpads.
Less room for error, much more noob friendly.
Also, safer. Injecting files into FAT images using tools like OSFmount might lead to fragmentation, which in turn might lead to unexpected results. With Decrypt9 that will never happen, as it will leave everything untouched but the actual files space.

@Syphurith, could you add the Decrypt9 method to your nodeJS script (as an alternative). It is the same as the other one, just with an already decrypted hs.app, no .tmd and no xorpads.

Syphurith
Posted on 11-04-15 10:28 AM Link | #681
Posted by d0k3
I didn't think about the xorpad problem, either. You could make your script generate the ncchinfo.bin on it's own, it's actually pretty easy.
Btw, you already saw it anyways, but everyone keeping an eye on this thread:

I've seen the post there. Let me show the update version:
http://pan.baidu.com/s/1hqEsBWw
Pages: 1 2 3

Main - Homebrew discussion - Injecting other apps over Health & Safety? New reply

Page rendered in 0.051 seconds. (2048KB of memory used)
MySQL - queries: 28, rows: 87/87, time: 0.034 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2015-10-07)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.