Hacking WARNING - Gateway team bricks card ON PURPOSE!

[Huntereb]

I'm leaving this thread now, I just realized this entire thread is a circle-jerk fest.

I still await a disassembler dump of the little bit of code which reprograms the eMMC controller - that would prove me wrong.

This was going to be my last rebuttal, they've actually figured out a way to do something like this?

 

[krisztian1997]

how about, instead of jumping to an insane, unfounded conclusion, think of the more logical thing... R4i clone team who has no skill themselves and only steals others' work just fucked up with their latest couple of firmware releases? They rushed their release and then rushed the fix too, it seems.

but even if the cloners made a mistake while copying the code, what is the explanation that even the controller gets rewritten? Only a special code could rewrite the controller.

 

[osm70]

No. You could still have a corruption (or modification) in the ARM9 payload that runs afterwards and which is the one checked to decide between {} and {brick();}.

I think (but I am not sure) that ARM9 is checked before executing.
BTW: Ahoj.

 

[mrtofu]

Should I even turn on my 3DS?

 

[Jaifroid]

Im scared ;(

 

[mathieulh]

Would you care to explain what this means in an easiest way, please?

Are you saying that, if the original/unmodified Gateway's launcher happens to get corrupted while being on the SD card, the brick can't occur due to this "sanity check"?

At some point in the ROP chain (before any of the checksums for the eMMC corruption call happen) a sha256 sum of the ARM9 payload is done in memory, if the hashes do not match the chain doesn't go further, so in theory that prevents both the brick function from triggering in memory and from a corrupted launcher.dat on the SD card if the ARM9 payload is modified in any way, assuming of course you are using gateway's unmodified/untampered launcher.dat file.
There doesn't seem to be a checksum performed on the actual code causing the brick however, so that one can get corrupted but it doesn't matter since at that point, assuming it does and the rest of the payloads run, it shouldn't get called.

 

[kingsora831]

Would you care to explain what this means in an easiest way, please?

Are you saying that, if the original/unmodified Gateway's launcher happens to get corrupted while being on the SD card, the brick can't occur due to this "sanity check"?

It seems that is what Mathieulh is saying.
Basically, if your GW launcher happens to become corrupted, then the launcher has a check which prevents it from running, thus preventing the Brick code from running as well.

So all those saying they got a brick from using an unmodified GW launcher are lying.
As even a tiny bit of corruption would prevent the launcher from even running thanks to the Sanity check.

Im assuming that the R4i team most likely removed this check to allow their launcher to work, but they failed to remove the brick code.

 

[minexew]

GW checks the ARM9 payload before running it, so no this is not possible

So the clone vendors had to modify this check, while leaving the bricking code intact? Also how does Normmatt's CFW deal with this?

 

[gamefan5]

Ok, if all of this is confirmed, is the code present in 2.0b1 launcher?

 

[Ryukouki]

Ok, if all of this is confirmed, is the code present in 2.0b1 launcher?

From what I have read (light skimming through 16 pages) the issue is only present on the b2 firmware. :/

 

[justinkb]

but even if the cloners made a mistake while copying the code, what is the explanation that even the controller gets rewritten? Only a special code could rewrite the controller.

all kinds of fuckery can ensue if you start hexediting binaries and lack the necessary skill. I await any evidence for the claim.

should be trivial to produce, there are "plenty of people" "apparently" who have "verified it", but not a single shred of evidence posted half a day later.

 

[mathieulh]

Ok, if all of this is confirmed, is the code present in 2.0b1 launcher?

No, it's been added in the 2.0b2 revision of their payload.

 

[3bbb7]

People need to start emailing Gateway demanding they stop bricking 3DS consoles for using modified launchers. I would understand if they wanted to brick the red gateway flashcart so it can't be used on modified launchers, but bricking a 3DS console is going too far. Nintendo has never intentionally bricked a console for having a modified firmware or flashcart, so customers should not have to expect that from Gateway. Plus Gateway never directly notified customers that they coded this in to happen. People should STOP buying the Gateway until they stop doing this. Vote with your wallet!

yeah they definitely shouldn't expect that from a random company that appeared really out of nowhere and is only popular because their product was the first to work.
I mean its not like you're doing anything illegal with the card right?

"yeah uh we put code into our gateway card, if you use unofficial launchers then were gonna brick your 3ds, simple as that" probably isn't going to get them a lot of sales, of course they left it out.

 

[gamefan5]

No, it's been added in the 2.0b2 revision of their payload.

Ok and I got another question,

It seems that is what Mathieulh is saying.
Basically, if your GW launcher happens to become corrupted, then the launcher has a check which prevents it from running, thus preventing the Brick code from running as well.

So all those saying they got a brick from using an unmodified GW launcher are lying.
As even a tiny bit of corruption would prevent the launcher from even running thanks to the Sanity check.

Im assuming that the R4i team most likely removed this check to allow their launcher to work, but they failed to remove the brick code.

^Is this true? If we take the launcher from Gateway (unmodified), are their any chances of getting a brick?

 

[osm70]

Hum... actually they have a sanity check I forgot about as they perform a checksum before the payload runs and the bricking happens, so it cannot run a corrupted payload from a Launcher.dat, thus the code causing the brick cannot run as-is from the original Launcher.dat file if that one was to be corrupt.
If that's true then it's a little safer.

Let's add another conspiracy.
What if that region free patch was made deliberately to expose gateways anti clone measure and use it against Gateway?

That makes sense.

 

[kingsora831]

Ok and I got another question,





^Is this true? If we take the launcher from Gateway (unmodified), are their any chances of getting a brick?

I basically tried to sum it up in an noob friendly way. (from my understanding of it)
But im curious as well if this is the correct way to sum it up?

 

[mathieulh]

Ok and I got another question,





^Is this true? If we take the launcher from Gateway (unmodified), are their any chances of getting a brick?

There is always a chance of getting a brick from some whatever unexpected behavior but if you do, it'll be likely from an unrelated issue.

 

[condiczek]

Guys... NOONE is safe, unless older fw are proven to not contain this.
A simple read error can cause the checksum to fail, and your 3ds will be dead.

A correct checksum is NOT a guarantee!!!

Have I written that I feel 100% safe ?

http://gbatemp.net/threads/warning-gateway-team-bricks-card-on-purpose.360568/page-15#post-4884229
http://gbatemp.net/threads/warning-gateway-team-bricks-card-on-purpose.360568/page-15#post-4884243

 

[shepe]

I guess as soon as someone does post the location of the function bricking it then the likes of r4 etc will go an noop the function. Bricking a console is particularly crap roll on softmods :-)

 

[Deleted User]

You can test it yourself. Take the official 2.0b2 launcher.dat file, and modify 1 byte. The 3DS will hang, and when you reboot all is fine. The ARM9 payload is blocked off from executing so no chance for brick.

I have tried and modify random different bytes and rebooted 30 times.
Result: My 3DS is not bricked

Normmatt's patches are specially crafted, because it neutralize the sanity check, and so it will get to run ARM9 payload which (supposedly) bricks (not confirmed myself).