Yifan Lu yifanlu

## gist:a589c9655e05acbd30dc
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><GetSystemUpdateResponse xmlns="urn:nus.wsapi.broadon.com"><Version>1.0</Version><DeviceId>21384193388</DeviceId><MessageId>1</MessageId><TimeStamp>1414627502761</TimeStamp><ErrorCode>0</ErrorCode><ContentPrefixURL>http://nus.cdn.c.shop.nintendowifi.net/ccs/download</ContentPrefixURL><UncachedContentPrefixURL>https://ccs.c.shop.nintendowifi.net/ccs/download</UncachedContentPrefixURL><TitleVersion><TitleId>0004001000021200</TitleId><Version>2064</Version><FsSize>2408448</FsSize><TicketSize>848</TicketSize><TMDSize>4708</TMDSize></TitleVersion><TitleVersion><TitleId>0004001000021500</TitleId><Version>3088</Version><FsSize>5324800</FsSize><TicketSize>848</TicketSize><TMDSize>4708</TMDSize></TitleVersion><TitleVersion><TitleId>0004001000021700</TitleId><Version>2055</Version><FsSize>5537792

## code.bin
/*
 * uvloader.c - Userland Vita Loader entry point
 * Copyright 2012 Yifan Lu
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *

## gist:5d16e134332622d26944
This documentation is mostly for archival purposes. I will not provide support or clarifications because the process is complicated and others issues not noted in the steps will occur. The way I patched the requests/responses is set up Charles Proxy to forward all ECS/NUS/IVS requests (at ip:8888) to Nintendo's server (ClCert needed). Then I put a breakpoint on all requests/responses. Modifying requests will change what Nintendo sees. Modifying responses will change what the 3DS sees. Both are needed.

Prerequisites:

1) Both O3DS and N3DS are on 9.2.0-20U
2) N3DS has been formatted after region swap and no NNID linked

O3DS code.bin patches needed: https://gist.github.com/yifanlu/b59b6d83d11bdb244cbd

System Transfer:

## gpg_to_pem.py
# requires https://github.com/mitchellrj/python-pgp
from pgp.packets import constants
from pgp.packets import parsers
from Crypto.PublicKey import RSA
import sys

"""
Converts an GnuPG key to a PEM key
If the input is password protected, the same password will be used to protect
the PEM output.

## gist:e80db121d38aceb8cca0e03cefd5853b
This is an ADVANCED guide and should not be attempted by anyone who does not COMPLETELY understand each step and what it does to their device. Additionally, the prerequisite is that you have already performed a region change on your 3DS. You also need access to another 3DS on the target region that you can format to a non-NNID linked state (you can use emuNAND here). For simplicity, I am going to assume you are region changing a N3DS from Japan to USA and have access to a USD O3DS. The guide is in two parts: System Transfer and NNID Linking. For those who wish to just have access to USA eShop (and the ability to download free games; if you only want to use eShop to purchase games, you do not have to link a NNID) you can skip to the second part.

To modify requests, I use Charles Proxy to set breakpoints so I can change requests and responses as they come in. However, you can do it in any why you choose. Also, since 9.2 eShop was disabled, you may have to additionally modify all requests from the 3DS to send a

## firm.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3s+2/D0z6VX9rJDoiBew
A6FrmqtycHkyoqCMuzNvsHaWLsTpLtiPksAtTUEP3kUbJTy+N2tFgiHmTbEjgYK2
gWK3MPRgS8f38BcMtXWId5NSY3DwC8ZzQ0Hu5PBx7MjBMsTcqZkdMbikft0ZBA8C
qBqvs0iaKSleSYTglBHRfquywER+oRtenQ0a+QKaLlMDLUiWfCym16zx7SsYuwHL
E7mspu5VADd8aWFiiQFUd58HXSY0OqlJpa/yXgZRtxzg3tpcC5+YwhX9utipmQCr
pI5KFp1mKuhWZLK2wJOvTTigFlzkvWLCRmvJWllKclj9ssw2hzCF6KEEW+AXm9Ds
mwIDAQAB
-----END PUBLIC KEY-----

## dynarec.c
#include <psp2/kernel/sysmem.h>

int dynarec_test(void)
{
  int block;
  int ret;
  void *base;
  int (*func)(void);

  // allocate block in VM domain

## exitwp.py
#!/usr/bin/env python

import codecs
import os
import re
import sys
from datetime import datetime, timedelta, tzinfo
from glob import glob
from urllib import urlretrieve
from urlparse import urljoin, urlparse

## promote.c
#include "promoterutil.h"

int promote(const char *path)
{
	int res;
	int ret;
	int state;

	ret = sceSysmoduleLoadModuleInternal(SCE_SYSMODULE_PROMOTER_UTIL);
	printf("sceSysmoduleLoadModuleInternal: 0x%x\n", ret);

## safe-homebrew-psa.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              8 comments
            
          
          
            
              
              4 stars
            
          
        
        
          
              
          
          
            
                yifanlu
                / safe-homebrew-psa.md
            
            
              Created
              October 28, 2016 15:21
            
              
                PSA for homebrew devs
              
          
        
      
        
  
      
    The next update for HENkaku will be a major one and in order to protect the safety of our users, we are making two changes that might affect how your homebrew runs:

Safe Homebrew will be outputted by default by the toolchain. Currently, you must specify a flag for marking your homebrew as safe. In the future you will do the opposite. By default, homebrew will be marked as safe. If you wish to use unsafe/vsh functions you must build with an unsafe flag. A warning will show up if you attempt to use unsafe/vsh functions in a safe homebrew and it will not work by default on the Vita. More information about the specific SDK changes will be posted at a later date.
Unsafe Homebrew will be blocked by default on HENkaku enabled consoles. To run unsafe homebrew, the user must set a configurable option. Unsafe homebrew will not be launchable by default. This is basically how Android does it.

If your homebrew currently builds with the vita-make-fself -s flag, you do not have to do anything! Your homebrew is alr
	/*
	* uvloader.c - Userland Vita Loader entry point
	* Copyright 2012 Yifan Lu
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	This documentation is mostly for archival purposes. I will not provide support or clarifications because the process is complicated and others issues not noted in the steps will occur. The way I patched the requests/responses is set up Charles Proxy to forward all ECS/NUS/IVS requests (at ip:8888) to Nintendo's server (ClCert needed). Then I put a breakpoint on all requests/responses. Modifying requests will change what Nintendo sees. Modifying responses will change what the 3DS sees. Both are needed.

	Prerequisites:

	1) Both O3DS and N3DS are on 9.2.0-20U
	2) N3DS has been formatted after region swap and no NNID linked

	O3DS code.bin patches needed: https://gist.github.com/yifanlu/b59b6d83d11bdb244cbd

	System Transfer:
	# requires https://github.com/mitchellrj/python-pgp
	from pgp.packets import constants
	from pgp.packets import parsers
	from Crypto.PublicKey import RSA
	import sys

	"""
	Converts an GnuPG key to a PEM key
	If the input is password protected, the same password will be used to protect
	the PEM output.
	This is an ADVANCED guide and should not be attempted by anyone who does not COMPLETELY understand each step and what it does to their device. Additionally, the prerequisite is that you have already performed a region change on your 3DS. You also need access to another 3DS on the target region that you can format to a non-NNID linked state (you can use emuNAND here). For simplicity, I am going to assume you are region changing a N3DS from Japan to USA and have access to a USD O3DS. The guide is in two parts: System Transfer and NNID Linking. For those who wish to just have access to USA eShop (and the ability to download free games; if you only want to use eShop to purchase games, you do not have to link a NNID) you can skip to the second part.

	To modify requests, I use Charles Proxy to set breakpoints so I can change requests and responses as they come in. However, you can do it in any why you choose. Also, since 9.2 eShop was disabled, you may have to additionally modify all requests from the 3DS to send a
	-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3s+2/D0z6VX9rJDoiBew
	A6FrmqtycHkyoqCMuzNvsHaWLsTpLtiPksAtTUEP3kUbJTy+N2tFgiHmTbEjgYK2
	gWK3MPRgS8f38BcMtXWId5NSY3DwC8ZzQ0Hu5PBx7MjBMsTcqZkdMbikft0ZBA8C
	qBqvs0iaKSleSYTglBHRfquywER+oRtenQ0a+QKaLlMDLUiWfCym16zx7SsYuwHL
	E7mspu5VADd8aWFiiQFUd58HXSY0OqlJpa/yXgZRtxzg3tpcC5+YwhX9utipmQCr
	pI5KFp1mKuhWZLK2wJOvTTigFlzkvWLCRmvJWllKclj9ssw2hzCF6KEEW+AXm9Ds
	mwIDAQAB
	-----END PUBLIC KEY-----
	#include <psp2/kernel/sysmem.h>

	int dynarec_test(void)
	{
	int block;
	int ret;
	void *base;
	int (*func)(void);

	// allocate block in VM domain
	#!/usr/bin/env python

	import codecs
	import os
	import re
	import sys
	from datetime import datetime, timedelta, tzinfo
	from glob import glob
	from urllib import urlretrieve
	from urlparse import urljoin, urlparse
	#include "promoterutil.h"

	int promote(const char *path)
	{
	int res;
	int ret;
	int state;

	ret = sceSysmoduleLoadModuleInternal(SCE_SYSMODULE_PROMOTER_UTIL);
	printf("sceSysmoduleLoadModuleInternal: 0x%x\n", ret);