Hacking GW multirom demo

[Xzi]

the code will most likely still be in there (getting the kinks worked out for actual legit users hopefully)
or else the clone card companies will just release updated cards and sell them as v2 or under a new name

Well let's hope they're proud enough of their superior hardware interface that they decide to drop it altogether.

Another thought is that they could set the code to cause issues with FPGA reprogramming if the hardware doesn't match Gateway's setup exactly. Thus bricking the actual flash cart this time around rather than the 3DS. Wouldn't be possible with the clones' current layout, but if they did try to create a "v2" like you suggest, then there you go.

 

[aXXo]

Well let's hope they're proud enough of their superior hardware interface that they decide to drop it altogether.

Another thought is that they could set the code to cause issues with FPGA reprogramming if the hardware doesn't match Gateway's setup exactly. Thus bricking the actual flash cart this time around rather than the 3DS. Wouldn't be possible with the clones' current layout, but if they did try to create a "v2" like you suggest, then there you go.

Actually, code that could trigger the flashcart's FPGA to be updated/bricked could probably be overcome/fixed by sticking the blue card in the 3DS and running some sort of .nds program before sticking the actual 3DS flashcart back in to be properly updated. We can practically do the same thing by using a nds program to read the saves of DS flashcarts, and restore back-up saves over FTP.

 

[pwsincd]

Theory .. is there somekind of read/write error should you try to reprogram the FGPA with JTAG and it fails due to "clones having no pins" . Therefor prompting the user that their card is infact not compat with the FW your trying to use ...etc etc etc..

 

[Xzi]

Theory .. is there somekind of read/write error should you try to reprogram the FGPA with JTAG and it fails due to "clones having no pins" . Therefor prompting the user that their card is infact not compat with the FW your trying to use ...etc etc etc..

There's no need for a prompt, it simply won't work on current clone hardware. The issue is, as Joe88 pointed out, that the clones will probably just release new hardware revisions under new names. IMO it would be silly at that point for anyone to buy that new hardware, as price was the only reason to go with a clone in the first place, and you will have spent at least $80 between the two clone carts. Still, it doesn't mean Gateway will freely allow anyone to copy firmware with so many attractive features, such as 2.0.

 

[mathieulh]

Actually, code that could trigger the flashcart's FPGA to be updated/bricked could probably be overcome/fixed by sticking the blue card in the 3DS and running some sort of .nds program before sticking the actual 3DS flashcart back in to be properly updated. We can practically do the same thing by using a nds program to read the saves of DS flashcarts, and restore back-up saves over FTP.

You just cannot reprogram (write to) the FPGA's ROM on the 3DSLINK/R4i 3DS Gold/Orange3DS... hardware no matter what you do. It cannot be reprogrammed internally through the logic gate array as pointed out in the Actel's A3P250 datasheet specifications, it has to be (re)programmed through it's JTAG interface, but the traces that lead to it aren't exposed, so you would need to open the card case and use a separate hardware to perform this operation. Needless to say the masses wouldn't be doing it. Besides it's just cheaper to release an updated hardware revision of their card and package it as another product.
They never cared about long term support in the first place, what did you expect ?

 

[gamesquest1]

Yeah they probably have the "v2" stickers printed already....how many revisions of the r4i card was there?

Or maybe they will just call it the mega deluxe original edition....I doubt they would actually release a public method of reprogramming....it would cut into their sales of the new "revision"

 

[mathieulh]

Yeah they probably have the "v2" stickers printed already....how many revisions of the r4i card was there?

Or maybe they will just call it the mega deluxe original edition

No, they have the MT Card sticker ready xD
It's plainly obvious the card's PCB comes from the very same factory, it doesn't take long to put 2 and 2 together.

 

[gamesquest1]

Yeah but if they have remaining stock of their old card....they would no doubt just reprogram them and sell them still.......actually yeah they will probs be able to get rid of the stock by making false promises of 4.0fw to naive people

 

[Commoner]

I personally think there are two ideal ways that Gateway can introduce copy protection given that they are updating the FPGA in 2.0 anyway. One would be to program it check for other components on the cart and make sure they match up to what should be on the board. This will make it impossible for existing clone carts including the MT-Cart to simply dump and copy one for one the updated FPGA on the Gateway carts for use in their own clone carts.

It would, however, make it possible for them to either produce exact hardware clones of the Gateway or possibly hack and disable whatever code is on the FPGA that does the hardware checks to begin with.

A more elegant solution might be to use the FPGA update process to link each specific Gateway cart to the 3ds console that was used to update it. This would make it extremely complicated for the clones to find a solution for updating existing cards and for using MT-Card's micro usb interface to update their FPGA. At the same time it would make it very hard for new clone cards to mass release new carts with already updated FPGAs.

Instead of outright preventing The carts from working, Gateway could also be sneaky about it and just allow clone carts to use their FPGA update in crippled mode. Simply making the games crash at random or corrupt save files would be more than enough to give clones a really bad reputation for being substandard.

With the abysmal level of quality assurance and disregard the clone groups seem to have for customer after sale support, it would not surprise me if the clone companies remained oblivious about the crippled mode up until they had a flood of irate customers demanding their money back.

In the end, a combination of different copy protection techniques may prove to be the most effective for deterring people from selling and purchasing clones though.

Who knows? They might already be developing such copy protection measures. They may even already have a solution simply waiting to be implemented. The ire with which they speak about the clone carts certainly seems to make protecting their work seem like a high priority from their perspective.

Copy protection development may probably even be the cause for the delays of the release of Gateway 2.0.

 

[profi200]

Their "part detection" would be useless, because the update data can be ripped off of their Launcher.dat.

€:
If you meant the firmware itself, yeah. The clones most likely need to make a 1:1 clon.

 

[mathieulh]

Their "part detection" would be useless, because the update data can be ripped off of their Launcher.dat.

€:
If you meant the firmware itself, yeah. The clones most likely need to make a 1:1 clon.

Have you red that datasheet yet ?

The ROM data that's going to be programmed through JTAG to the FPGA is not going to be plain, it is stored encrypted and decrypted in place, that's a basic feature provided by most ACTEL FPGA to date (there usually is an AES hardware module embeded in the package, though that depends on the actual part you are ordering)

Gateway devs aren't as stupid as to just write the entire plain text data into the ROM...

Oh! and the key used to perform the ROM Data's decryption is obviously vendor programmable, so clone manufacturers can't just grab the encrypted ROM blob and write it to their own FPGA ROM.
(that's in case you were wondering...)

The only way to get the key is to decapsulate the whole FPGA package + internal modules and read the key through a SEM. (Scanning Electron Microscope)
At that point you might as well start doing this on the 3DS's SOC, it'd cost roughly the same in terms of time and expenditures.

P.S. I am amazed that we've been at it since last night and you still haven't spent the 5 minutes it takes to read the entire datasheet.

 

[Huntereb]

Gateway devs aren't as stupid as to just write the entire plain text data into the ROM...

Especially if their willing to brick consoles to protect it.

 

[somewhereovertherainbow]

Especially if their willing to brick consoles to protect it.

let it go

 

[Huntereb]

let it go

Not until it stops...

 

[somewhereovertherainbow]

It has stopped .

 

[Breadwin]

It has stopped .

stephaniie are you the girl on the left or the right and have you contacted gateway to see if you can be the next hand model in there version 2.0 release youtube video ?

 

[Jiehfeng]

stephaniie are you the girl on the left or the right and have you contacted gateway to see if you can be the next hand model in there version 2.0 release youtube video ?

Lol, okay...

 

[somewhereovertherainbow]

stephaniie are you the girl on the left or the right and have you contacted gateway to see if you can be the next hand model in there version 2.0 release youtube video ?

weirdo

 

[qUaK3R]

stephaniie are you the girl on the left or the right and have you contacted gateway to see if you can be the next hand model in there version 2.0 release youtube video ?

I should be the next hand model. I have big and soft hands, and I bet that red nail polish would NOT look totally gay in my nails.

 

[profi200]

P.S. I am amazed that we've been at it since last night and you still haven't spent the 5 minutes it takes to read the entire datasheet.

Because i don't care for piracy hardware. The FPGA is used since year's. Where do you think come all the DS flashcard clones from? I bet they don't all have their own FPGA firmware and the possibility of flashing some DS flashcards to other flashcards confirms, they use the firmware from other clone companys. It's not like everything is super secure, only because they promise this in their datasheet. Even hardware is not always secure, so let's shut up and see, what happens. You will be surprised, how fast clone company's can clone.