Testing report for EUR New and Old3DS (EUR crashing issues)

[iCRON862]

Hello, i have used time to testing the exploit in EUR n3ds and o3ds.

• Both wont works. Systems are on 11.17 and the game version is 1.2 as cartridge. It crashes after pressing 'Start Race'.

• the .bat says that i need to put in an hard drive in \device\harddisk2\dr2. I must close the window 3 times. Is this normal?

• If you set the language to english then you can't get past after open 'Streetpass List' because it crashes on the mii list.

[zoogie]

"\device\harddisk2\dr2" what in the world is this, lol. Are you using Windows? 3ds wifi off?

[iCRON862]

"\device\harddisk2\dr2" what in the world is this, lol. Are you using Windows? 3ds wifi off?

Hello, yeah i used windows 7, i used windows 10 too, same result 😅 wifi on console turned off. That's the message from the .bat in ger. You need an tranzlator to english 😅

[zoogie]

When the app crashes, does it go to a luma crash screen? And what is your sd card's drive letter?

[iCRON862]

When the app crashes, does it go to a luma crash screen? And what is your sd card's drive letter?

The system is crashed to normal home menu. The sd drive letter is F:

[zoogie]

Can you make a copy of your backup folder, and from that backup - copy, click on the backup_EUR.bat, the upload the 307 folder? I just want to see what the system might have done to alter the save.

[iCRON862]

307.zip That's the exploited backup from Old. The backup-bat get the missing hard driver window too.

[zoogie]

As long as you get the

Clearing the original contents... Importing new contents... "extdata/307\boss" "extdata/307\boss\wTRu2!!!(`!!+s(@" "extdata/307\icon" "extdata/307\user" "extdata/307\user\data.dat" Finished Press any key to continue . . .

Then I suppose that nonsense warning is ok. Are you sure you downloaded that 307 folder from the 3ds and not the extdata folder from the Release_BETA archive?

[iCRON862]

As long as you get the Clearing the original contents... Importing new contents... "extdata/307\boss" "extdata/307\boss\wTRu2!!!(`!!+s(@" "extdata/307\icon" "extdata/307\user" "extdata/307\user\data.dat" Finished Press any key to continue . . .

Then I suppose that nonsense warning is ok. Are you sure you downloaded that 307 folder from the 3ds and not the extdata folder from the Release_BETA archive?

I have installed the exploit on an clean o3ds to test. Then i go to my pc and maked an backup-dump from the exploit extdata used the backup-bat what created this 307 in 'backup' folder.

[zoogie]

Try this if you don't mind: change your region to United Kingdom / Scotland (this is old3ds EUR only btw) Confirm the language is English and try again.

I have a bad feeling this is super skaterhax all over again.

[iCRON862]

Try this if you don't mind: change your region to United Kingdom / Scotland (this is old3ds EUR only btw) Confirm the language is English and try again.

I have a bad feeling this is super skaterhax all over again.

Not working, crashes after streetpass list button

[zoogie]

debug_luma.zip Could you run the exploit with that so I can get a crash dump? This is the last thing I'll ask today. That particular luma doesn't have rosalina, so it can boot homebrew.

[iCRON862]

crash_dumps.zip

I have dumps from your english and one for the other languages settings. Have a nice day.

[zoogie]

Thank you very much for your help.

[zoogie]

@iCRON862 If you have some time to spare, could you try the this new test data on your old3ds EUR set to English? EUR_test_mk7v1.2.zip It's intended for this to crash. The debug data I need will be displayed in r0 of the crash dump, ex. R0 0x44440120. That's all I need -- except if the R0 value doesn't start with 0x4444, then just upload the full .dmp file please.

Thanks!

[iCRON862]

@iCRON862 If you have some time to spare, could you try the this new test data on your old3ds EUR set to English? EUR_test_mk7v1.2.zip It's intended for this to crash. The debug data I need will be displayed in r0 of the crash dump, ex. R0 0x44440120. That's all I need -- except if the R0 value doesn't start with 0x4444, then just upload the full .dmp file please.

Thanks!

crash_dumps.zip

the ...000 is with Germany/ -- and ...001 is with your UK/ Scotland setting

[zoogie]

@iCRON862 If you have some time to spare, could you try the this new test data on your old3ds EUR set to English? EUR_test_mk7v1.2.zip It's intended for this to crash. The debug data I need will be displayed in r0 of the crash dump, ex. R0 0x44440120. That's all I need -- except if the R0 value doesn't start with 0x4444, then just upload the full .dmp file please. Thanks!

crash_dumps.zip

the ...000 is with Germany/ -- and ...001 is with your UK/ Scotland setting Unfortunately, both of those crash dumps are corrupted, they both crash python.

Was English the set language on both? My research so far has shown that region/subregion don't matter, only lang matters. In any event, try to get crash dumps where the game reaches "start race: OK", and report which languages crash early by not making it past "Streetpass List", but I don't need .dmps from those.

[iCRON862]

@iCRON862 If you have some time to spare, could you try the this new test data on your old3ds EUR set to English? EUR_test_mk7v1.2.zip It's intended for this to crash. The debug data I need will be displayed in r0 of the crash dump, ex. R0 0x44440120. That's all I need -- except if the R0 value doesn't start with 0x4444, then just upload the full .dmp file please. Thanks!

crash_dumps.zip the ...000 is with Germany/ -- and ...001 is with your UK/ Scotland setting Unfortunately, both of those crash dumps are corrupted, they both crash python.

Was English the set language on both? My research so far has shown that region/subregion don't matter, only lang matters. In any event, try to get crash dumps where the game reaches "start race: OK", and report which languages crash early by not making it past "Streetpass List", but I don't need .dmps from those.

Yeah both are english. So any language except english go past the streetpass list up to 'OK' with the same crash dump. crash_dump.zip

[zoogie]

@iCRON862 If you have some time to spare, could you try the this new test data on your old3ds EUR set to English? EUR_test_mk7v1.2.zip It's intended for this to crash. The debug data I need will be displayed in r0 of the crash dump, ex. R0 0x44440120. That's all I need -- except if the R0 value doesn't start with 0x4444, then just upload the full .dmp file please. Thanks!

crash_dumps.zip the ...000 is with Germany/ -- and ...001 is with your UK/ Scotland setting Unfortunately, both of those crash dumps are corrupted, they both crash python.

Was English the set language on both? My research so far has shown that region/subregion don't matter, only lang matters. In any event, try to get crash dumps where the game reaches "start race: OK", and report which languages crash early by not making it past "Streetpass List", but I don't need .dmps from those.

Yeah both are english. So any language except english go past the streetpass list up to 'OK' with the same crash dump. crash_dump.zip

Gah, zero bytes! Well, we'll try something different...

This will be the last thing today. Could you use that debug luma I posted above to make make an fcram dump? This works by simply pressing START when you see the luma crash screen and then waiting about 15 seconds until the system turns off automatically. On the SD root will be a file, "fcram.bin". Just zip that up and upload it.

Again, only do this with a crash that gets to ""start race: OK". Thank you VERY much : ) I'm certain this file will shed some light on things.

[iCRON862]

No problem,

Gah, zero bytes! Well, we'll try something different...

This will be the last thing today. Could you use that debug luma I posted above to make make an fcram dump? This works by simply pressing START when you see the luma crash screen and then waiting about 15 seconds until the system turns off automatically. On the SD root will be a file, "fcram.bin". Just zip that up and upload it.

Again, only do this with a crash that gets to ""start race: OK". Thank you VERY much : ) I'm certain this file will shed some light on things.

No problem, i like testing exploits

(PS. Do you need the new3ds dump too?)

[zoogie]

Just old3ds is fine for now, but you may need to redump or reupload that fcram file.

It's 0 bytes again, like the previous crash dumps. Is your sd card almost out of memory?

[iCRON862]

Just old3ds is fine for now, but you may need to redump or reupload that fcram file.

It's 0 bytes again, like the previous crash dumps. Is your sd card almost out of memory?

Oh, yeah. My sd space was full. Now the fcram is bigger as before. Now i hope these is complete fcram.zip

[zoogie]

With all those sd files showing up as 0 bytes I'd imagine extdata (where the exploit is installed) must have been corrupted too.

But anyway, here's something for you to try. Try to run it in whatever configuration your 3ds was in when you made the fcram dump. EUR_test2_mk7v1.2.zip Old or New 3ds but I'd start with old. They're combined now. This is the first test of a major refactor.

[iCRON862]

With all those sd files showing up as 0 bytes I'd imagine extdata (where the exploit is installed) must have been corrupted too.

But anyway, here's something for you to try. Try to run it in whatever configuration your 3ds was in when you made the fcram dump. EUR_test2_mk7v1.2.zip Old or New 3ds but I'd start with old. They're combined now. This is the first test of a major refactor.

Nothing changes but here is the things you need fcram.zip crash_dump_00000000.zip

[zoogie]

Lets try this: EUR_test3_mk7v1.2.zip btw - if a crash occurs at streetpass list, don't send those. Can't even begin debugging them. Just send Start Race: OK crashes.

Thanks for your continued help.

[iCRON862]

Lets try this: EUR_test3_mk7v1.2.zip btw - if a crash occurs at streetpass list, don't send those. Can't even begin debugging them. Just send Start Race: OK crashes.

Thanks for your continued help.

The only change i see is that R0 have 000000001 in the dmp. Here we go again. Yeah these get past streetpass list up to OK. crash_dump_00000001.zip fcram.zip

[zoogie]

Lets try this: EUR_test3_mk7v1.2.zip btw - if a crash occurs at streetpass list, don't send those. Can't even begin debugging them. Just send Start Race: OK crashes. Thanks for your continued help.

The only change i see is that R0 have 000000001 in the dmp. Here we go again. Yeah these get past streetpass list up to OK. crash_dump_00000001.zip fcram.zip

That was quite different from the last one. Unfortunately, it looks even more unmanageable. The initial exploit context is completely lost.

I have 6 consoles from the 3 major regions and this works perfectly almost every time. Unless I can figure out what makes my consoles different from yours, I don't see how I can fix this.

I'll let you know if I can think of anything else to try.

[iCRON862]

Lets try this: EUR_test3_mk7v1.2.zip btw - if a crash occurs at streetpass list, don't send those. Can't even begin debugging them. Just send Start Race: OK crashes. Thanks for your continued help.

The only change i see is that R0 have 000000001 in the dmp. Here we go again. Yeah these get past streetpass list up to OK. crash_dump_00000001.zip fcram.zip

That was quite different from the last one. Unfortunately, it looks even more unmanageable. The initial exploit context is completely lost.

I have 6 consoles from the 3 major regions and this works perfectly almost every time. Unless I can figure out what makes my consoles different from yours, I don't see how I can fix this.

I'll let you know if I can think of anything else to try.

What if you dumping your working exploit extdata with jksm and send it here that i can try to install this on my console to test it out?

[JustAnotherGalaxyGuy]

One thing that i find is weird, that most of the time it crashes when you go to streetpass list, and sometimes you can start the race, but the game crashes then.

[zoogie]

Crashing at the streetpass list is very very bad and I can't even begin debugging it. Crashing at Start Race: OK is much closer to expected behavior.

[JustAnotherGalaxyGuy]

Yeah, but it's kinda rng

[JustAnotherGalaxyGuy]

Sometimes goes to "Start Race" sometimes doesn't.

[Devine3DS]

On my unhacked EUR 2DS i get to start race tab easily but then it mostly crashes with whitescreen and power off or a blackscreen and then it crashes

[JustAnotherGalaxyGuy]

I've never got a black screen, only the crashing after start race

[Devine3DS]

Maybe zoogie can upload the latest version because im unable to compile it....

[JustAnotherGalaxyGuy]

dunno

[JustAnotherGalaxyGuy]

wait what ur talking about 1.2?

[JustAnotherGalaxyGuy]

1.2 is already out

[Devine3DS]

Nah he updated the sourcecode 4 hours ago

[zoogie]

Testing time! EUR_test4_mk7v1.2.zip Set to English in system settings, try 2-3 times then go down the list and try different languages. (remember to keep wifi off)

It's now showing Red -> Blue -> White on the bottom screen based on exploit stage. Any color Red and above is good, keep trying. Change language faster if you don't see any Red, Blue, etc.

[Devine3DS]

Is this for OLD or New 3DS?

[Devine3DS]

Okay i tried german spanish polish and italian. with the first 3 langs you come to the start race page but it crashs with a white screen with italien it freezes on the Mii

[Devine3DS]

Update with English language it goes red and stays on blue

[Devine3DS]

AND it worked!! i could install UnsafeMode! https://www.youtube.com/shorts/iD-MIjrWJsI

Thank you for your awesome work!!

[zoogie]

Yeah when you see red or blue, you're really close. It's always good to keep trying when you see those colors, else change language.

Keep in mind this build is biased towards the offsets I saw in ICRON862's fcram dump, which happen to be a lot lower than mine. I think only English has a real chance with that address range for most people. I'm thinking about posting one that's more tailored to "typical" addresses here in a minute. Maybe others will have an easier time with it.

[Devine3DS]

I can test the Exploit on a few more devices if you want i got 2 more N3DS XL models and 1 2DS XL sadly my 2 old 3DS XLs passed away

[zoogie]

Yeah, if you have the time, that'd be great. Thanks!

I'd like to add a test5 here in a minute, that'd be a great starting point for those systems.

[Devine3DS]

Yes i got some spare time i can test but these systems all have cfw

[zoogie]

Yes i got some spare time i can test but these systems all have cfw

Cfw is totally fine. If the exploit works perfectly, you'll get a Luma crash with "Current Process: menu". Failed attempts will crash on process "MarioKar". The failed crash dumps can actually be really helpful (although it takes more time to upload them, so you don't have to).

[Devine3DS]

Okay i got a crash but i used the german language i will change it to english now on my n2DS XL arm11.zip

the first one was with german language the second one english on the old 2ds the exploit worked with english language

BTW does the 3DS ROP xPloit Injector Unsafemode backup the Saveslots? or do you need to remove the hacked wifi slots manually?

[zoogie]

It backs them up. Use the app slotTool.3dsx to restore the old wifi slots. It should be in the guide.