Hacking 3DS unbricking progress

krisztian1997

krisztian1997

Well-Known Member
OP
Member
Level 3
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
bkifft said:
ryuga93 krisztian1997

isn't the voltage selector switch used to select the incoming signal level? (just asking as i dont know for sure and wasn't able to get any google hits on it and that would make more sense to me as SD's run allways at 3.3V).
Click to expand...

Me and ryuga has a different shield, our one needs both 5v and 3v3 to be connected for some reasons...
 
spinal_cord

spinal_cord

Knows his stuff
Member
Level 13
Joined
Jul 21, 2007
Messages
3,229
Trophies
1
Age
43
Location
somewhere
Website
spinalcode.co.uk
XP
3,439
Country
Little observation about the password for unlocking...
GW wanted users to send their 3DS AND GW card, surely there's a clue here. The password to unlock could likely be system specific and stored on the GW card somewhere...
 
bkifft

bkifft

avowed Cuthwaldian
Member
Level 5
Joined
Jun 10, 2010
Messages
613
Trophies
0
XP
625
Country
Gambia, The
spinal_cord said:
Little observation about the password for unlocking...
GW wanted users to send their 3DS AND GW card, surely there's a clue here. The password to unlock could likely be system specific and stored on the GW card somewhere...
Click to expand...

don't think so, as the region free patch shouldn't be able to trigger the lock then (as the red card doesn't work while using it).

also if i remember correctly they ask to also send in the NAND backup which suggests they prefer to do the force erase instead the individual unlock (which as it stands now seems to need the generation of the console specific password on a working 3DS using the CID of the locked eMMC and is therefore way more complicated).
 
Mr_Pichu

Mr_Pichu

かわいいね!
Member
Level 2
Joined
Dec 10, 2013
Messages
170
Trophies
0
XP
133
Country
United States
bkifft said:
don't think so, as the region free patch shouldn't be able to trigger the lock then (as the red card doesn't work while using it).

also if i remember correctly they ask to also send in the NAND backup which suggests they prefer to do the force erase instead the individual unlock (which as it stands now seems to need the generation of the console specific password on a working 3DS using the CID of the locked eMMC and is therefore way more complicated).
Click to expand...

Too bad, I had hoped there would be an easy way to determine the password. I don't think there is a limit to the number of attempts you can try, so someone yet might crack the password scheme.
 
krisztian1997

krisztian1997

Well-Known Member
OP
Member
Level 3
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
Mr_Pichu said:
Too bad, I had hoped there would be an easy way to determine the password. I don't think there is a limit to the number of attempts you can try, so someone yet might crack the password scheme.
Click to expand...
Cracking the password is gonna take forever... its 16 bytes = 128 bits = 2^128 combinations (I think thats how its calculated)
 
spinner09

spinner09

Well-Known Member
Member
Level 2
Joined
Nov 11, 2013
Messages
140
Trophies
0
Age
46
XP
172
Country
United States
Since you guys seem to know a lot about the technical specs of the 3DS, can any of you answer this question; Can the 3DS really update he FPGA of the Pro ASIC chip inside flashcarts, or not?
Ratman9977 says that it can't.

Ratman9977 said:
Gateway can't update the FPGA at all -- it's impossible without a JTAG debugger, which the nintendo 3ds is not. The best they could do -- is if they used a softcore with an external rom containing the code -- is to update that via SPI. In that case, the clones would be able to perform the same action.
Click to expand...
Ratman9977 said:
Gateway can only use those JTAG inputs with an external tool to program the FPGA. The 3DS itself is not a JTAG programmer, therefore the FPGA design cannot be updated on either the Gateway or clones from the 3DS itself.
Click to expand...
 
bkifft

bkifft

avowed Cuthwaldian
Member
Level 5
Joined
Jun 10, 2010
Messages
613
Trophies
0
XP
625
Country
Gambia, The
depends on if they really used the maximal possible key length or just the 4 byte CID. i haven't tried how long an unlock request takes but pulling a number out of thin air let's say 100 per second are possible (eMMC communication is quite slow).

2^32 combinations / 100 per second would still take about a year and a half.

edit: to try all combiantions that is, if i remember my cryptography courses right realisticly one only needs to try 2^31 (birthday paradoxon)

scratch that, the CID is 16 byte -.-
 
krisztian1997

krisztian1997

Well-Known Member
OP
Member
Level 3
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
spinner09 said:
Since you guys seem to know a lot about the technical specs of the 3DS, can any of you answer this question; Can the 3DS really update he FPGA of the Pro ASIC chip inside flashcarts, or not?
Ratman9977 says that it can't.
Click to expand...

The communication between the card and the 3DS is almost the same like the SD communication, I am not an expert myself but I dont think that the 3DS can reprogram the FPGA, but maybe they will update it in a different way.
 
ryuga93

ryuga93

Well-Known Member
Newcomer
Level 2
Joined
Mar 8, 2011
Messages
96
Trophies
0
XP
159
Country
Malaysia
I'm not an expert too,the only fpga touched so far is the altera cyclone IV chip,and to reprogram the altera chip a "USB blaster" is needed to upload the code,which includes JTAG.so probably they will do the update through the sd card or rom
 
H

helpwith3ds

Member
Newcomer
Level 1
Joined
Jan 25, 2014
Messages
14
Trophies
0
Age
43
XP
53
Country
bkifft said:
don't think so, as the region free patch shouldn't be able to trigger the lock then (as the red card doesn't work while using it).

also if i remember correctly they ask to also send in the NAND backup which suggests they prefer to do the force erase instead the individual unlock (which as it stands now seems to need the generation of the console specific password on a working 3DS using the CID of the locked eMMC and is therefore way more complicated).
Click to expand...

A couple of hours before my 3DS bricked, I had some files written to my SD card (SD card in 3ds unit). Any chance these could lead to information or clues to unlocking.

In root folder of SD card the following directory created
Nintendo 3DS\820160a5d3398b6daa15eeee9e5814ac\c19d00ca311097003030303000284245\extdata\00000000\00000098\00000000\

with 5 files (no type extension)
00000001
00000002
00000003
00000004
00000005

Files size range from 17KB to 5024KB.

I'm guessing these are probably game saves but wanted to make sure they weren't anymore useful.
 
krisztian1997

krisztian1997

Well-Known Member
OP
Member
Level 3
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
helpwith3ds said:
A couple of hours before my 3DS bricked, I had some files written to my SD card (SD card in 3ds unit). Any chance these could lead to information or clues to unlocking.

In root folder of SD card the following directory created
Nintendo 3DS\820160a5d3398b6daa15eeee9e5814ac\c19d00ca311097003030303000284245\extdata\00000000\00000098\00000000\

with 5 files (no type extension)
00000001
00000002
00000003
00000004
00000005

Files size range from 17KB to 5024KB.

I'm guessing these are probably game saves but wanted to make sure they weren't anymore useful.
Click to expand...

Do you have any file on the 3ds card which has a weird date ?
 
greyneon

greyneon

Well-Known Member
Newcomer
Level 1
Joined
Sep 5, 2013
Messages
74
Trophies
0
Age
34
Location
Hidden Nuclear Base
XP
135
Country
bkifft said:
ryuga93 krisztian1997

isn't the voltage selector switch used to select the incoming signal level? (just asking as i dont know for sure and wasn't able to get any google hits on it and that would make more sense to me as SD's run allways at 3.3V).
Click to expand...

What switch? XD the arduino Works with 5v signal levels wich would kill the Sd and the resistor voltage dropper does the Job unsafely. Thats why the logic level shifter is mandatory. You put 3.3v to the ref pin (vcc) then all signals on the A pins are converted down to a stable 3.3v and a stable current onthe B pins
 
krisztian1997

krisztian1997

Well-Known Member
OP
Member
Level 3
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
greyneon said:
What switch? XD the arduino Works with 5v signal levels wich would kill the Sd and the resistor voltage dropper does the Job unsafely. Thats why the logic level shifter is mandatory. You put 3.3v to the ref pin (vcc) then all signals on the A pins are converted down to a stable 3.3v and a stable current
Click to expand...

Some SD shields have a switch, what you use to select the voltage on + pin on that shield.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

I will Make you a 3DS custom theme if you don't know how!

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Citra AES Keys

Pokemon Ultra Sun/Moon from piracy site doesn't work

Hacking Homebrew  3DS System Transfer Questions

Black icon Mii Plaza + Streetpass isn't working properly

Better n64 emulator?

Does anybody have the old Health and Safety Information CIA?

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: With enough Vodka everything is good