Greetings. I'm one of the contributors on 3DBrew, going as JL12 there as well as a variety of other reverse-engineering, haxing and development communities.
I've been participating in the reverse engineering of the 3DS since launch, although there have been leaps and bounds due to the combined efforts of many contributors, I strongly feel much of what we're doing would be expedited by extracting the boot code and other proprietary information (/secretz) from the custom Nintendo (System-On-a-Chip) of a retail 3DS.
I got a price quote from a professional lab on the deal (removal, decap, delayer, SEM imaging) and it came out to $400 per layer, which they estimate will come to "about $2000 total". Plus the cost of the 3DS I'd be donating for the hardware sample.
Kicking it around with other 3DBrew contributors I think we all agreed it would be interesting or valuable to us but $2000+ is simply a lot to ask of anyone to drop suddenly on a hobby project.
I suggested a 'donate' thread here on GBATemp to gradually 'fund raise' donations for this purpose.
I feel there are likely other users here on GBATemp that understand what this is about and what the potential value is and may be willing to contribute.
Also $2000+ while a lot for an individual is a very achievable goal for a fund raising.
To reiterate, what we're trying to do is: send in 1 3DS to a professional lab to get delayered and imaged (covering the costs of doing so). The resulting SEM images will be reconstructed and used towards reverse-engineering the 3DS.
We're considering giving contributors a copy of the images produced as thanks.
If you'd like to donate and help contribute to this cause you can do so by donating here.
I've been participating in the reverse engineering of the 3DS since launch, although there have been leaps and bounds due to the combined efforts of many contributors, I strongly feel much of what we're doing would be expedited by extracting the boot code and other proprietary information (/secretz) from the custom Nintendo (System-On-a-Chip) of a retail 3DS.
For those that are unfamiliar: the CPU, GPU & DSP all exist on one proprietary SOC design used on the 3DS. Secure information is stored there partly, most likely burned onto the SoC during manufacturing and not readable by any other normal means or from outside of the SoC, in such a way that the secure information there, always stays there. In good design it will never reach the main memory of the 3DS and so sensitive data (like encryption keys or algorithms) stay secure.
Extracting data from a proprietary chip to reverse-engineer it is typically done by decapping it, which is risky business and involves removing the epoxy, delayering the chip and taking high-resolution pictures of every layer to reconstruct logic from the images. Special equipment is used ( SEM / scanning electron microscope ) and it is rarely done outside of a professional context because it is very costly to an average enthusiast/hax0r and access to equipment and the expertise is hard to realize.
This method has been used by the "emulation" community to reverse-engineer and recover data from special proprietary chips, such as those in SNES cartridges. It has also been used to to reverse-engineer other hardware to create emulators for other platforms besides the SNES.
Extracting data from a proprietary chip to reverse-engineer it is typically done by decapping it, which is risky business and involves removing the epoxy, delayering the chip and taking high-resolution pictures of every layer to reconstruct logic from the images. Special equipment is used ( SEM / scanning electron microscope ) and it is rarely done outside of a professional context because it is very costly to an average enthusiast/hax0r and access to equipment and the expertise is hard to realize.
This method has been used by the "emulation" community to reverse-engineer and recover data from special proprietary chips, such as those in SNES cartridges. It has also been used to to reverse-engineer other hardware to create emulators for other platforms besides the SNES.
I got a price quote from a professional lab on the deal (removal, decap, delayer, SEM imaging) and it came out to $400 per layer, which they estimate will come to "about $2000 total". Plus the cost of the 3DS I'd be donating for the hardware sample.
Kicking it around with other 3DBrew contributors I think we all agreed it would be interesting or valuable to us but $2000+ is simply a lot to ask of anyone to drop suddenly on a hobby project.
I suggested a 'donate' thread here on GBATemp to gradually 'fund raise' donations for this purpose.
I feel there are likely other users here on GBATemp that understand what this is about and what the potential value is and may be willing to contribute.
Also $2000+ while a lot for an individual is a very achievable goal for a fund raising.
To reiterate, what we're trying to do is: send in 1 3DS to a professional lab to get delayered and imaged (covering the costs of doing so). The resulting SEM images will be reconstructed and used towards reverse-engineering the 3DS.
We're considering giving contributors a copy of the images produced as thanks.
If you'd like to donate and help contribute to this cause you can do so by donating here.
