Hacking 3DS Hack: "We hacked it"

Status
Not open for further replies.
VMM

VMM

Hamon > Stand
Member
Level 10
Joined
Jul 1, 2010
Messages
3,132
Trophies
2
Age
33
XP
2,243
Country
Brazil
Foxi4 said:
DrPikachu, you cannot recode a retail game to do anything - there is a reason why we call the chips they are stored on ROM - Read Only Memory. The game has to already have an exploitable feature in it - you can't just put it in. Not to mention that games are encrypted - modifying any section with no way of re-encrypting would make the game unbootable. The only thing that can be modified is a save file, which unlike the ROM image can be overwritten. You then add specific data into the save file that is meant to crash the system in such a way that the data will go straight to the section of memory which is concerned with the binary - this data is the code you wish to execute. If you are lucky enough, you skip past the key comparison stage and boot the code and the CPU doesn't know any better unless there is a hypervisor in place. This has nothing to do with ROM hacking at all - ROM hacking can only be performed on dumped ROM images or via live patching of data within memory while the system runs - you cannot overwrite a ROM on a cartridge.
Click to expand...


Damn man, you were faster than me, but I guess your post is clear enough that makes my post almost unnecessary :D .
Or not, it looks like Dr Pikachu still does not get it :rofl2:

Dr Pikachu said:
The rom itself is on the cartridge as is the save. It boots from itself. The Twilight hack boots from an external/internal memory from the host, not the game itself.
Click to expand...

Dr Pikachu said:
Problem with the idea however is that the games do not include such an ability otherwise romhackers would be able to directly modify things such as sprites and maps. Which they can't. Cartridges boot themselves, not from an sd.
Click to expand...
Let me clear this thing for you.

You do not boot a save, you boot a game, which in 3DS is one very specific memory, let's call this memory A
The save memory is not the same memory as memory A.
The memory A is called ROM, which means Read-Only Memory, basically saying it's not overwriteable,
turning romhacking useless to the case.

The game, which is located in memory A boots normally, as it's unchanged.
At certain point, the game will try to load the save, wich is located in memory B.
Since memory B is obviously overwriteable, there is the best place to put your exploit.
The exploit is inside the save file, and starts running when the game that is in memory A access it, which is in memory B.

Exploit will do it's purpose and them it's done, simple as that.

Dr Pikachu said:
Hence using an AR. Completely different.
Click to expand...

It's not using an Action Replay :glare:
Don't take this personally, but you should search a little before saying bullshit ;)
 
T

tudogg

Member
Newcomer
Level 1
Joined
Sep 12, 2009
Messages
7
Trophies
0
Website
Visit site
XP
78
Country
Gambia, The
Dr Pikachu said:
The rom itself is on the cartridge as is the save.
Click to expand...


yes, but not on the same damn chip, this is what you don't seem to realize. the game data is stored in ROM, which can't be modified, unless you dump the data elsewhere, while the save game is stored in the flash memory or eeprom of the cartridge. flash memory/eeprom can be rewritten as often as you'd like (how do you think the game is able to keep your progress?). this means you can easily insert a modified save file (by using this thing, for example: http://www.pokedit.com/tag/nds+adaptor+plus/) DIRECTLY on the cartridge. this does NOT change the game files stored in ROM, it DOES however change the save file stored in the flash memory/eeprom.

your previous comment:
Dr Pikachu said:
The thing neither of you seem to understand is the fact that the modified game save would be on the sd
Click to expand...
is simply wrong, as explained above.
 
Yatashi Strife

Yatashi Strife

Well-Known Member
Member
Level 7
Joined
May 31, 2008
Messages
400
Trophies
1
Age
29
Location
The Void
XP
1,222
Country
United States
Question, i fail to see what this argument has to do with the twitter page finding? make another thread to argue in so i dont get my email spammed while following this please. thanks ;)
 
Dr Pikachu

Dr Pikachu

Well-Known Member
Newcomer
Level 2
Joined
May 30, 2010
Messages
89
Trophies
0
XP
146
Country
United States
pro2oman said:
dam .. double posted...
common scence.. at least for me... prove my your cartridge reads cartridge.. linked......i dont think my wii disk reads my wii save.. but ...maybe you could link otherwise?
Click to expand...
http://www.ehow.com/how-does_4969439_nintendo-ds-game-card-work.html
http://en.wikipedia.org/wiki/ROM_cartridge

and for the wii
http://en.wikipedia.org/wiki/DVD
http://en.wikipedia.org/wiki/Saved_game

and for extra reading:
http://www.quora.com/Game-Development/How-does-game-save-work
 
Dr Pikachu

Dr Pikachu

Well-Known Member
Newcomer
Level 2
Joined
May 30, 2010
Messages
89
Trophies
0
XP
146
Country
United States
Foxi4 said:
No it doesn't - memory handling is on the 3DS side of things, the cartridge is merely storage. It does not execute any code outside of what the memory controller inside the chip does.

The cartridge is inserted and sends a handshake message to the 3DS, which in turn reads the header information and the memory address to the game proper. After that handshake, if the user chooses to boot the game, the 3DS uses this address to copy a portion of the game into main memory and boots the code. The save file could be anywhere, the 3DS receives an address to it as well. What matters is that you can modify a save, and with this exploit, apparently the system does not check whether it is legitimate or not. The 3DS is entirely capable of reading save files from the SD card, which is how downloadable games store them. The problem with that is that saves on the SD have additional protection that nobody wants to bother with without a hack to analyze it already.
Click to expand...
Still waiting for a source.
 
pro2oman

pro2oman

Well-Known Member
Member
Level 2
Joined
Mar 15, 2007
Messages
139
Trophies
0
Age
31
Website
Visit site
XP
209
Country
Canada
Yatashi Strife said:
dam we talkin about wii now? O.O
Click to expand...
.. nope.. .was just tring to compare it back to something he knows...

ooo and there some conrodicting stuff in the link you posted dr.... something bout carts have a save memory...

but il leave it at that... got exams tomorrow... (there about computers and how memory works...:P)
 
VMM

VMM

Hamon > Stand
Member
Level 10
Joined
Jul 1, 2010
Messages
3,132
Trophies
2
Age
33
XP
2,243
Country
Brazil
Dr Pikachu said:
http://www.ehow.com/how-does_4969439_nintendo-ds-game-card-work.html
http://en.wikipedia.org/wiki/ROM_cartridge

and for the wii
http://en.wikipedia.org/wiki/DVD
http://en.wikipedia.org/wiki/Saved_game

and for extra reading:
http://www.quora.com/Game-Development/How-does-game-save-work
Click to expand...

Dr Pikachu, the save is in a different place, but so what?
What does it interfere on using an exploit.

Just think a little bit about that.

There is no difference where the save is,
the method is the same.

Why do you keep fighting the obvious?
 
Dr Pikachu

Dr Pikachu

Well-Known Member
Newcomer
Level 2
Joined
May 30, 2010
Messages
89
Trophies
0
XP
146
Country
United States
VMM said:
Dr Pikachu, the save is in a different place, but so what?
What does it interfere on using an exploit.

Just think a little bit about that.

There is no difference where the save is,
the method is the same.

Why do you keep fighting the obvious?
Click to expand...

Cartridge games have always booted from themselves. I still have yet to be given a source that says they can read from other areas as well.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

Hardware  Why does my 3DS take so long to turn off?

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Least they got head in the end