Hacking hacking idea: flash the bios chip

[superspudz2000]

.

this is way past my level of understanding, but ill post my idea here anyway so you can laugh at my foolishness. on DS Lite and DSi, the bios chip is stored on a removable "block", i assume 3DS is the same.

is it possible to re-flash the bios with custom firmware, by connecting the module to a hardware flasher?, i realize that reverse engineering the 3DS bios software is probably too hard, but maybe its possible to build custom software from the ground up to communicate with the 3DS hardware.

then maybe some group could mass produce custom bios modules, it wouldn't require any soldering, and easy for the user to revert back.

 

[Chaldron]

BIOS wouldn't be able to hold much data. It's only used for the initial boot-sequence on a 3DS most likely.

In fact, I think we'll never get a CFW. We'll be stuck with flashcarts, because although the 3DS is a great sales console, it's never seen the widespread usage of other consoles, such as the PS3, where hackers devote their attention.

 

[Rydian]

That's not where the "firmware" is stored, it's stored in the NAND and is encrypted and the key isn't publicly known so you can't just flash custom stuff because it'll brick (until reflashed with the original).

 

[superspudz2000]

That's not where the "firmware" is stored, it's stored in the NAND and is encrypted and the key isn't publicly known so you can't just flash custom stuff because it'll brick (until reflashed with the original).

its called the Wi-Fi Module, but people who bricked their ds with a failed Flashme install, have swapped this "module" to fix the problem.

i assumed this module held all the software files, and the Flashme installation.

 

[FAST6191]

For the record on the DS BIOS =/= firmware. BIOS houses a bunch of functions used by the DS and games running on it (we call them BIOS compatible compressions for a reason) and the firmware a massive jumble of code and settings that gets launched by the DS and then used as reference afterwards. As the DS has basically no security in depth and is largely covered by the firmware then it becomes useful to hack it, other systems have had the BIOS act in a somewhat similar manner and it becomes useful to dump, alter and replace it there though such things are not without their own problems.

 

[profi200]

Lol, the real bios is burned into the SoC. Nothing useful in the WiFi SPI Flash except some DS settings.

http://3dbrew.org/wiki/Bootloader

 

[superspudz2000]

wow im completely lost. i dont really understand.

so going back to the DS Lite for a minute, lets say i start Flashme, then at 50% turn it off and corrupted, what actually happens to the DS Lite?

are you saying that the wifi module on a ds lite contains system settings? then how does swapping modules repair the corrupted flashme installation if the curropted installation is stored in NAND which is on a different part of the motherboard?

 

[Coto]

wow im completely lost. i dont really understand.

so going back to the DS Lite for a minute, lets say i start Flashme, then at 50% turn it off and corrupted, what actually happens to the DS Lite?

are you saying that the wifi module on a ds lite contains system settings? then how does swapping modules repair the corrupted flashme installation if the curropted installation is stored in NAND which is on a different part of the motherboard?

the DS firmware is 512KB, it holds the whole firmware in there (download play, boot from slot1 (with crypto stuff), boot from slot 2, the famous "ds firmware settings" that are stored on a NVRAM bank), which is on the wifi chip as well (beats me if it's on the same firmware chip, or a physical separate location)

when you corrupt the firmware, depending on how you "recreate the block", you can fail fetching data on a certain block (like most chip stores plaintexted data, or not encrypted), or a whole page of block encrypted (that need the whole block to be recreated), and this means the whole block encrypted must have its data healthy. If you corrupt an encrypted page of block, then all the decrypted data will be garbage.

on 3DS there is no NAND, there is e-MMC (think of SD's bigger brother), NAND is used on Wii, and DS uses SPI flash memory.