• Stars
    star
    136
  • Rank 267,670 (Top 6 %)
  • Language
    Assembly
  • Created over 9 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

3DS OoT3D savegame haxx

oot3dhax

This is a 3DS savedata exploit for "The Legend of Zelda: Ocarina of Time 3D". Hence the datetime displayed for the save-slot, this haxx has existed since October 2012. The following regions are supported: JPN, USA, EUR, KOR, and CHNTWN(CHN and TWN have the exact same title). Since the gamecard(there's only one "version" of the main CXI used for the gamecard) and eShop versions of the game are basically identical, the exploit can be used with both(if one can get the exploit savedata written to the savedata used by the target game version of course).

KOR and CHNTWN support is currently broken somehow.

The Nintendo Selects versions of this game are supported.

This savegame haxx is the same one referred to here: https://www.3dbrew.org/wiki/5.0.0-11

For details on the vuln/etc, see source and here: https://www.3dbrew.org/wiki/3DS_Userland_Flaws

Haxx usage

  1. Goto the save-slot select screen.
  2. Select haxx save-saveslot.
  3. Begin loading the save-slot.
  4. Wait for the game to finish loading.
  5. Without moving Link, press A for triggering dialog handling.

11.0.0.33 support

11.0.0.33 is supported with the June 26, 2016, oot3dhax release builds.

Building

The built savefiles should be used with sploit_installer, but other savefile-writing tools could be used too. The built romfs data for sploit_installer is located at "finaloutput_romfs/".

Make command: "make EXECHAX={value} FWVER={value}"

EXECHAX values(see also https://www.3dbrew.org/wiki/3DS_System_Flaws):

  • 0 for arm9 pxips9hax(fixed with v5.0).
  • 1 for arm11code-loading via reading the savefile with fsuser directly to .text(fixed with system-version v4.0).
  • 2 for GSP arm11code-loading haxx. This is done with 3ds_ropkit.
  • 3 for arm9hax with AM(fixed with v5.0).

The arm9-code loads a payload from SD card, see source.

Note that any EXECHAX type using arm9hax will fail to build the KOR + CHNTWN savefiles, you can ignore this if you aren't using the KOR or CHNTWN savefiles.

Installation

The recommended way to install oot3dhax is with either sploit_installer(https://github.com/smealum/sploit_installer), which is included with the homebrew starter-kit(https://smealum.github.io/3ds/), or by writing save-images with a gamecard save dongle for example.

The release-archive saveimages doesn't include KOR and CHNTWN because newer save crypto is used with those regions' gamecard. Hence, you have to use sploit_installer to install oot3dhax for those regions(but currently there's no hosted *hax payloads available for the CHNTWN regions, as of July 29, 2016).

Raw save-images which can be written to the gamecard savedata flash are contained in the oot3dhax release-archive. The "saveimages" directory is for raw 0x20000-byte saveimages, while "saveimages_powersaves" is for Datel Powersaves. Those directories contain two sub-directories, each for a different cardid set. If you don't know what the cardids for your gamecard are(these are included with what are commonly called "gamecard-unique headers"), just try either directory until one of them works without the game triggering a savedata-corruption error at boot. These directories then contain sub-directories for each game region. The saveimage files under those region directories have the same filename as the payload contained in the savedata, you can use the filename from this to determine which saveimage filename to use: https://smealum.github.io/3ds/#otherapp

Before using the "saveimages" directory, you should verify that your savedata backup filesize matches the filesize from the files from that directory.

Instructions for using with Datel Powersaves:

    1. Backup your gamecard savedata with Powersaves, even if you don't want to keep that savedata.
    1. In Windows Explorer, goto "C:\Users\YourUsername\Powersaves3DS".
    1. Copy the saveimage you selected from the saveimages_powersaves directory in the release-archive as described above, to this Powersaves3DS directory.
    1. Rename your backup save to a different filename.
    1. Rename the oot3dhax saveimage to the filename which the backup save had originally.
    1. Use Powersaves to restore the save.

Credits

  • Myria: REing Powersaves for the additional save header(+ this tool https://github.com/Myriachan/Powersaves3DS/blob/master/MakePowersave.py), testing saveimages for the 3 regions(USA+EUR+JPN), and for Powersaves instructions which the above instructions are based on.
  • Shakey: Support for KOR + CHNTWN via running oot3dhax_geninc.sh / etc, and the testing for those regions.

More Repositories

1

hblauncher_loader

3DS NCCH application for booting the *hax payloads.
C
242
star
2

3ds_homemenuhax

Obsolete Nintendo 3DS Home Menu haxx, aka menuhax.
C
227
star
3

ctr-httpwn

3DS HTTP-sysmodule exploit for bypassing required sysupdates.
C
104
star
4

3ds_browserhax_common

ROP-chain-generator for Nintendo 3DS titles with some form of web-browser.
PHP
75
star
5

3ds_smashbroshax

3DS wifi beaconhax for Super Smash Bros.
Assembly
69
star
6

dsi

Team Twiizers DSi exploits
C
52
star
7

browserhax_fright

libstagefright exploits for the Nintendo New3DS Internet Browser.
PHP
49
star
8

switch_sysmodule

Custom sysmodule for Nintendo Switch for native RPC.
Python
48
star
9

ninupdates

Nintendo system update report scripts
PHP
47
star
10

3ds_homemenu_extdatatool

Nintendo 3DS homebrew application for accessing SD extdata used by Home Menu.
C
46
star
11

3ds_dsiwarehax_installer

3DS app for installing DSiWare savedata exploits.
C
46
star
12

3dshax

Nintendo 3DS modded-FIRM("CFW").
C
43
star
13

wiiu_browserhax_fright

Wii U libstagefright exploits.
PHP
43
star
14

3ds_webkithax

3DS WebKit haxx
PHP
32
star
15

ctr-streaming-server

3DS homebrew network server for playing media sent to it from other network devices, and HID reporting over the network.
C
30
star
16

wiiuhaxx_common

ROP-chain-generator for Wii U PowerPC-userland exploits.
PHP
29
star
17

boot9_tools

Tools for use with the Nintendo 3DS ARM9 bootROM.
Shell
29
star
18

3dscrypto-tools

Tools for Nintendo 3DS crypto.
C
29
star
19

stickerhax

Nintendo 3DS savedata exploit for "Paper Mario: Sticker Star".
Assembly
27
star
20

3ds_ropkit

Common codebase for userland application ROP with Nintendo 3DS.
Assembly
26
star
21

3dsbootldr_fatfs

Nintendo 3DS ARM9 bootloader for loading ARM9 and ARM11 binaries from the SD FAT filesystem.
C
22
star
22

unprotboot9_sdmmc

3DS library for using the sdmmc code in the unprotected ARM9-bootrom.
Makefile
20
star
23

ropgadget_patternfinder

Tool for locating patterns in (code) binaries, mainly for ROP addresses.
C
18
star
24

bootldr9_rawdevice

3DS ARM9-only bootloader, for loading a payload from raw sectors of multiple devices.
C
17
star
25

3ds-totalcontrolhaxx

Nintendo 3DS totalcontrolhaxx for <=v9.2.
Assembly
16
star
26

darctool

Tool for extracting and building 3DS darc archive files.
C
14
star
27

mm3d_re

"The Legend of Zelda: Majora's Mask 3D" savedata RE
C
10
star
28

ctpkpwn

Nintendo 3DS exploit for CTRSDK CTPK.
Makefile
10
star
29

browserhax_site

Source for the 3DS browserhax site.
PHP
9
star
30

hotspotconf-tool

Parser for the Nintendo 3DS NZone hotspot list
C
9
star
31

3dsbootldr_firm

Nintendo 3DS arm9bin + FIRM bootloader.
C
9
star
32

wiiu_wfsmount

FUSE tool for mounting plaintext Wii U USB/eMMC images.
C
8
star
33

wmb-asm

Automatically exported from code.google.com/p/wmb-asm
C
8
star
34

ctr-wlanbeacontool

Tool for parsing and generating 3DS local-WLAN beacons.
C
8
star
35

ctr-nandmount

FUSE tool for mounting a plaintext NAND image using an encrypted NAND image and xorpad(s) for the image/partitions.
C
6
star
36

firm_payload_bootstrap

Boot an ARM9 binary from a 3DS FIRM.
Makefile
6
star
37

ctr-logobuilder

This is for building 3DS NCCH ExeFS logo files.
C
5
star
38

ctr-gputextool

3DS GPU texture conversion tool.
C
5
star
39

ncch_extractor

Extract Nintendo 3DS NCCHs from a file.
Makefile
5
star
40

playhistory_parser

Parse 3DS PTM playhistory.
C
5
star
41

cuplist_tool

Parser for the Nintendo 3DS cup_list file.
Makefile
4
star
42

nx-tools

Various Nintendo Switch tools.
Python
4
star
43

ctr-dsiwaretool

3DS tool for processing the DSiWare-exports footer.
C
4
star
44

romfs_dumper

Dump the filesystem from 3DS RomFS.
Makefile
4
star
45

xorpad_tool

Tool for XORing files, etc.
C
3
star
46

smash3ds-tools

Extdata tool(s) for Super Smash Bros 3DS.
C
3
star
47

sha256tool

Tool for hashing data with SHA256.
C
2
star
48

twljpgmac_gen

Tool for calculating Nintendo DSi JPEG MACs.
C
2
star
49

3ds_genconappid

3DS tool for generating the data from Cfg:GenHashConsoleUnique.
C
1
star
50

emslinkplus

libusb(Linux/Mac/...) tool for NDS Adapter Plus.
C
1
star
51

yls8bot_irssi

Irssi script(s) for the IRC yls8bot. Note that this only includes the message-sending system atm.
Perl
1
star
52

twlbannertool

Tool for updating Nintendo DSi banner.sav CRCs.
Makefile
1
star
53

ctrgxtool

3DS tool for for parsing/etc GPU/GSP related data.
C
1
star