oot3dhax

This is a 3DS savedata exploit for "The Legend of Zelda: Ocarina of Time 3D". Hence the datetime displayed for the save-slot, this haxx has existed since October 2012. The following regions are supported: JPN, USA, EUR, KOR, and CHNTWN(CHN and TWN have the exact same title). Since the gamecard(there's only one "version" of the main CXI used for the gamecard) and eShop versions of the game are basically identical, the exploit can be used with both(if one can get the exploit savedata written to the savedata used by the target game version of course).

KOR and CHNTWN support is currently broken somehow.

The Nintendo Selects versions of this game are supported.

This savegame haxx is the same one referred to here: https://www.3dbrew.org/wiki/5.0.0-11

For details on the vuln/etc, see source and here: https://www.3dbrew.org/wiki/3DS_Userland_Flaws

Haxx usage

  1. Goto the save-slot select screen.
  2. Select haxx save-saveslot.
  3. Begin loading the save-slot.
  4. Wait for the game to finish loading.
  5. Without moving Link, press A for triggering dialog handling.

11.0.0.33 support

11.0.0.33 is supported with the June 26, 2016, oot3dhax release builds.

Building

The built savefiles should be used with sploit_installer, but other savefile-writing tools could be used too. The built romfs data for sploit_installer is located at "finaloutput_romfs/".

Make command: "make EXECHAX={value} FWVER={value}"

EXECHAX values(see also https://www.3dbrew.org/wiki/3DS_System_Flaws):

  • 0 for arm9 pxips9hax(fixed with v5.0).
  • 1 for arm11code-loading via reading the savefile with fsuser directly to .text(fixed with system-version v4.0).
  • 2 for GSP arm11code-loading haxx. This is done with 3ds_ropkit.
  • 3 for arm9hax with AM(fixed with v5.0).

The arm9-code loads a payload from SD card, see source.

Note that any EXECHAX type using arm9hax will fail to build the KOR + CHNTWN savefiles, you can ignore this if you aren't using the KOR or CHNTWN savefiles.

Installation

The recommended way to install oot3dhax is with either sploit_installer(https://github.com/smealum/sploit_installer), which is included with the homebrew starter-kit(https://smealum.github.io/3ds/), or by writing save-images with a gamecard save dongle for example.

The release-archive saveimages doesn't include KOR and CHNTWN because newer save crypto is used with those regions' gamecard. Hence, you have to use sploit_installer to install oot3dhax for those regions(but currently there's no hosted *hax payloads available for the CHNTWN regions, as of July 29, 2016).

Raw save-images which can be written to the gamecard savedata flash are contained in the oot3dhax release-archive. The "saveimages" directory is for raw 0x20000-byte saveimages, while "saveimages_powersaves" is for Datel Powersaves. Those directories contain two sub-directories, each for a different cardid set. If you don't know what the cardids for your gamecard are(these are included with what are commonly called "gamecard-unique headers"), just try either directory until one of them works without the game triggering a savedata-corruption error at boot. These directories then contain sub-directories for each game region. The saveimage files under those region directories have the same filename as the payload contained in the savedata, you can use the filename from this to determine which saveimage filename to use: https://smealum.github.io/3ds/#otherapp

Before using the "saveimages" directory, you should verify that your savedata backup filesize matches the filesize from the files from that directory.

Instructions for using with Datel Powersaves:

    1. Backup your gamecard savedata with Powersaves, even if you don't want to keep that savedata.
    1. In Windows Explorer, goto "C:\Users\YourUsername\Powersaves3DS".
    1. Copy the saveimage you selected from the saveimages_powersaves directory in the release-archive as described above, to this Powersaves3DS directory.
    1. Rename your backup save to a different filename.
    1. Rename the oot3dhax saveimage to the filename which the backup save had originally.
    1. Use Powersaves to restore the save.

Credits

  • Myria: REing Powersaves for the additional save header(+ this tool https://github.com/Myriachan/Powersaves3DS/blob/master/MakePowersave.py), testing saveimages for the 3 regions(USA+EUR+JPN), and for Powersaves instructions which the above instructions are based on.
  • Shakey: Support for KOR + CHNTWN via running oot3dhax_geninc.sh / etc, and the testing for those regions.


oot3dhax

这是塞尔达传说:时间3D的Ocarina的3DS保存的利用。因此,为保存时段显示的日期时间,此haxx自2012年10月以来一直存在。支持以下区域:JPN,美国,EUR,KOR和CHNTWN(CHN和TWN具有完全相同的标题)。由于gamecard(只有一个版本的主要CXI用于gamecard)和eShop版本的游戏基本相同,漏洞利用可以同时使用(如果一个可以得到被保存的exploata被写入使用的目标游戏版本当然)。

Nintendo选择此游戏的版本是支持的。

这个savegame haxx与之相同: https://www.3dbrew.org/wiki/ 5.0.0-11

有关详细信息的详细信息,请参阅源代码和此处: https://www.3dbrew.org/wiki/3DS_Userland_Flaws < / a>

Haxx用法

  1. Goto the save-slot select screen.
  2. Select haxx save-saveslot.
  3. Begin loading the save-slot.
  4. Wait for the game to finish loading.
  5. Without moving Link, press A for triggering dialog handling.

11.0.0.33支持

11.0.0.33 在2016年6月26日的oot3dhax发行版中得到支持。

建设

构建的保存文件应与sploit_installer一起使用,但也可以使用其他保存文件写入工具。 sploit_installer的内置romfs数据位于finaloutput_romfs /“.

命令: make EXECHAX = {value} FWVER = {value}

EXECHAX值(另见 https://www.3dbrew.org/wiki/3DS_System_Flaws ):

  • 0为arm9 pxips9hax(用v5.0修复)。
  • 通过使用fsuser将savefile直接读取到.text(使用系统版本v4.0进行修复),可以将
  • 1用于arm11code加载。
  • 2用于GSP arm11code-loading haxx。这可以通过 3ds_ropkit 完成。
  • 3为arm9hax与AM(固定为v5.0)。

arm9代码从SD卡加载有效载荷,请参阅source。

请注意,使用arm9hax的任何EXECHAX类型将无法构建KOR + CHNTWN保存文件,如果不使用KOR或CHNTWN保存文件,则可以忽略此选项。

Installation

安装oot3dhax的推荐方法是使用sploit_installer( https://github.com/smealum/sploit_installer ),其中包含在自制起始器套件( https://smealum.github.io/3ds/ )中,或通过写入保存-image与gamecard保存加密狗为例。

release-archive saveimages不包括KOR和CHNTWN,因为较新的保存加密与这些区域的gamecard一起使用。因此,您必须使用sploit_installer为这些区域安装oot3dhax(但目前没有托管的* hax有效载荷可用于CHNTWN区域,截至2016年7月29日)。

可以写入gamecard savedata flash的原始保存图像包含在oot3dhax发行档案中。 saveimages目录用于原始0x20000字节的保存图像,而saveimages_powersaves用于Datel Powersaves。这些目录包含两个子目录,每个子目录用于不同的cardid集合。如果你不知道你的卡通卡是什么(这些被包含在通常被称为gamecard-unique头文件中),只需尝试一个目录,直到其中一个工作没有游戏触发被保存的损坏错误在启动。这些目录包含每个游戏区域的子目录。这些区域目录下的saveimage文件与saveata中包含的有效载荷具有相同的文件名,您可以使用此文件名来确定要使用的saveimage文件名:https://smealum.github.io/3ds/#otherapp

在使用saveimages目录之前,您应该验证您的savedata备份文件大小是否与该目录中的文件匹配。

使用Datel Powersaves使用说明:

    1. Backup your gamecard savedata with Powersaves, even if you don't want to keep that savedata.
    1. In Windows Explorer, goto "C:\Users\YourUsername\Powersaves3DS".
    1. Copy the saveimage you selected from the saveimages_powersaves directory in the release-archive as described above, to this Powersaves3DS directory.
    1. Rename your backup save to a different filename.
    1. Rename the oot3dhax saveimage to the filename which the backup save had originally.
    1. Use Powersaves to restore the save.

Credits

  • Myria:REing Powersaves附加保存标题(+此工具 https://github.com/ Myriachan / Powersaves3DS / blob / master / MakePowersave.py ),测试3个地区(美国+ EUR + JPN)的保存图像,以及上述说明基于的Powersaves指令。
  • Shakey:通过运行oot3dhax_geninc.sh / etc支持KOR + CHNTWN,并对这些区域进行测试。




相关问题推荐