Last active
August 22, 2017 19:24
-
-
Save zoogie/51856a507bf380fc38d82a87855e265f to your computer and use it in GitHub Desktop.
r4iGold.cn rev5 ntrboot patch script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#r4ids.cn rev5 ntr flasher - zoogie | |
#notes: for r4igold rev5, non-3ds sticker ONLY! (check above rightmost pin on back of card for your version) | |
#the existing ntrboot flasher works for RW, but since card shows up as hwrev 0x0 instead of 0xA7A7A7A7, you need to account for that and recompile | |
f=open("backup.bin","rb") | |
r4iflash=bytearray(f.read()) | |
f.close() | |
f=open("boot9strap_ntr.firm","rb") | |
b9s_payload_len=len(f.read()) - 0x200 | |
f.seek(0) | |
b9s_header=bytearray(f.read(0x200)) | |
b9s_payload=bytearray(f.read()) | |
f.close() | |
f=open("blowfish_retail.bin","rb") | |
blowfish=bytearray(f.read()) | |
f.close() | |
#write ntr retail blowfish to 0x0 | |
for i in range(0x1048): | |
r4iflash[i] = blowfish[i] | |
#encrypt ntr b9s payload (different memecrypto from new r4ids.cn cards) and write it to 0x82200 | |
b9s_payload_offset=0x82200 | |
for i in range(b9s_payload_len): | |
xorpad_byte=(b9s_payload_offset%256+9) & 0xFF | |
r4iflash[b9s_payload_offset] = xorpad_byte ^ b9s_payload[i] | |
b9s_payload_offset+=1 | |
#write ntr b9s header to last sector of r4iflash (total length of flash is 2MB in rev5, not 4MB as in later versions) | |
b9s_header_offset=0x1FFE00 | |
for i in range(0x200): | |
r4iflash[b9s_header_offset] = b9s_header[i] | |
b9s_header_offset+=1 | |
f=open("backup_patched.bin","wb") | |
f.write(r4iflash) | |
f.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment