Do you remember, last week the 3DS 7.x KeyX were released by GovanifY. With it, came the possible to decrypt games which need 7.x keys.
Now even better news arrived :)GovanifY has released or leaked the yellows8’s cfw? It lets you install .CIA files to your 3DS and patches the firmware to run unsigned code.
Easily found 3DS roms can be converted to .CIA files by 3dsguy’s makerom software. So this enables piracy and homebrew at the same time. We all know that we’ll see more piracy out of this, then homebrew 🙁 but we all need to look beyond that. Lets just hope, it’s used for the better and it would be nice to we see some real cool customs themes and homebrew for the 3DS.
Q&A from GovanifY’s site:
GovanifY personal database……
So, today he decided to do another leak. He actually did his own tools for this, but apparently peoples still prefer semi privately leaked work, it’s always better than the work of a stealer and liar right?
For all drama and explainations, about who are real guys you can find it here
So there you go, enjoy a 3DS CFW
Tutorial:
1) Backup your own 4.5 NAND(not 6.x, 7.x or anything, 4.5)
2) Replace your emuNAND or anything at the sector one of your SD card by your NAND(/!\ It needs to not be into the FAT32 partition of the SD card/!\)
3) Launch the CFW by the normal way(by putting the whole folder 3DS_STUFF on your SD card), and keep L pressed. It willn’t boot everytime so you’ll surely have to retry several time! (The ROP tool installed must be the Launcher homebrew 4.x one!)
4) You should’ve rebooted into the home menu. If you didn’t, then go back to step 3.
5) Get the IP Adress of your 3ds(or set it in the settings), replace it by the one to replace in the file run.bat(use notepad for this) and execute run.bat
6) If the message “failed to connect” appear, retry. If it still not work after several times, then you should think about relaunching the CFW when pressing L.
7) If a list of messages like “Sending CIA Install command…” appear, then wait for them to stop and go to step 8.
8) Turn off your 3ds, then turn it on. Go launch the CFW, but this time, no need to press L button.
9) Once you’re back on the home menu, the CIA you wished to install should appear as a gift! If it don’t, then retry several times to launch the CFW and launch the run.bat command.
If after several times it still didn’t worked, you should consider to install some apps on your sd then reinstall the 4.5 NAND.
Quick overview:
This is a 3ds CFW. It will patch the signature checks, and some other parts of the firmware. It have the ability to run a CIA server and to use it for install the CIA wanted.
This CFW works only on 4.5 because, firstly, the keyX isn’t implemented, the mem allocations of the Home Menu, for exemple, changed between firmwares, etc…
This CFW is launching something that can be compared to Gateway’s emuNAND system(I’ll call it redNAND from now), then patching parts of the firmware for let it launch unsigned code.
This allows a lot of things, such as piracy(you can convert CCI(3ds roms) to CIA(Home menu apps)using 3dsguy’s makerom software.) and home menu homebrews. Tho this would need mods in the CFW for allows so.
Little FAQ:
Q: Did you made this tool?
A: No, yellows8 made it
Q: Will this help me in anyways?
A: Only if you’re in a firmware under 4.5 and that you want to install freely CIAs on your 3ds.
Q: OMGWTFBBQ THIS GUY IS AN H4X0R HIS SOFT HIS BACKDOORED DON’T RUN IT OMG
A: This soft is a mod of an open source tool available here. If you still don’t trust me run IDA Pro on it.
Q: Why did you leaked it and blowed this scene?
A: Several reasons + some peoples think it is better to release an half finished work like this than your own in which you spended time.
Q: Did you made your own tools? And if you did will you release them one day?
A: Yes I did, I have my own CFW and CIA Installer. I may release my CFW one day, it’ll depends.
Q: This exploit is not working and I want to optimize it! Can I have his source?
A: Again, this CFW was made by yellows8. If you want the source, I’m afraid you’ll have to reverse it. Also you should consider about reversing arm9 and boot.bin parts first if you do.
Q: Why did you included the devMenu in this package? It’s illegal you know?
A: Because it was into the original one. You can use it as an exemple one.
Other infos:
The format of the run.bat file is: IP Adress of the 3ds, followed by the mediatype of the CIA you want to install(0 to NAND, 1 to SD, 2 to gamecard) and his name.
This CFW is redirecting all NAND functions to sector 1 of your SD. Your NAND need to be written to the sector one of your SD card or it will NOT WORK.
This CFW is pretty unstable and booting only rarely because of multithread and ARM11 injection bullshits if I’m not wrong.
This CFW is patching basic signature checks, redirecting NAND, and injecting an am:net server code if L button is pressed. That’s why it is called a CFW.
So don’t had that much more to say, excepted one thing:
Here is a database of DevMenu ARM11 code, for anyone that wish to make a legal CIA Manager w/o limitations right here (again I just did it pretty quickly so almost nothing is reversed/commented/renamed excepted main CIA functions.)
Also I did it in like 10mins so don’t expect something really huge.
Anyways, Good luck for getting this CFW to work and Enjoy this blowed up scene!
http://govanify.x10host.com/3DS_CFW.html