Hacking FALSE: Gateway 3DS Bricking Mechanism Discovered

[shibi]

There is number of problems with this report.

#1: It is all based on info being mouthed out by Normatt which I and many others in scene world know for a fact he is main engineer behind the two clones so of course he will do anything to discredit the GW team and their efforts.

#2: It is loop, GBA confirms based on NGB, which is posting what GBA confined, so really there is no solid confimation, just i am saying what he is saying and what i said is what he said, so therefore it must be true, if so true and they claim the have whole decrypted code, why not publish it, and highlighted bits, or tools to allow other people to unpack and decrypt the code themselves so they can verify the facts that are being pushed out by the clone engineers.

#3: If they Normatt and his clone buddies did infact have the whole decrypt code and are so all smart and knowing, then howcome if the bricking code is indeed there and they knew about it, would on purpose leave it in there running, and bypass all the safeguards and sanity checks and checksums testing that original code does, so the socalled bad code would indeed get install and run at some point on both the clones and legit users using his modded launched, a very dirty trick if you ask me, more devilish then anything GW ever did, and with no apologize or I am sorry or anything.

I am sure there is multiple ways of unbricking with right info and tools, but the reason GW is offering to do it for you, is for number of reasons:

#1: Most people don't have the soldering skills or proper equipment to do the job.

#2: If they released all the info, it would, one enable clones to get the upperhand, and two also other others to release even more nasty shit, that could be alot worse then just simple lock on eMMC, etc.

#3: Even if you think you seen alot of LEGIT brick reports, the actual numbers and true ones are very very low, trust me when I say this, as alot of people have both flashcarts so even if they are claiming it bricked when using their LEGIT Gateway, alot of them used a Clone on same 3DS in the past, so they can't claim the brick is LEGIT, and alot of them used the modded launcher by evil clone engineer Normatt, even if they claim they didn't, and some are just outright lieing because they either hate pirates in general or want to for some reason support the clones, or are upset the final 2.0 is not out yet and they can't play Pokemon, or have 6.5 or higher 3DS even tho they bought a GW hoping it would move pass 4.5 by now, there is alot of reasons, but trust me the amount of legit bricks is very low, and could be caused by other factors instead of just this so-called claim by clone engineers that GW is causing it.

Source: http://www.maxconsole.com/maxcon_fo...LSE-Gateway-3DS-Bricking-Mechanism-Discovered

 

[redkeyboard]

Yeah, let's all just believe the administrator of the official GW forum guys!

 

[kyogre123]

I'm a bit disappointed by the way both Gateway and the administrator of that forum are handling this situation, it makes me think that probably Gateway became GetAway 3DS. An apologise would still be appreciated though.

Here's the actual explanation:

Gateway 3DS Bricking Mechanism Discovered

Expert members (specifically profi200) of ngb.to in collaboration with Normatt (who is in possession of the decrypted Gateway code) have discovered how Gateway bricks 3DS consoles, and how it is theoretically possible to fix it.

Gateway uses a CPU emulator that executes MIPS-like code. The bricking code is hidden inside the portion of code that is executed by the CPU emulator. Once the bricking code is activated, the temporary write protect bit within CSD is set and the eMMC lock is activated.

The people at Gateway can actually unbrick a 3DS WITHOUT a NAND dump by using a password which is unique for each 3DS and is generated using the CID of the NAND and which is then encrypted by the AES Engine of 3DS. By using this password, they can remove the lock and delete the write protect bit. That's why when Gateway initially posted the announcement about fixing bricked consoles they didn't mention requiring a NAND backup - because they really don't.

The Gateway brick can be fixed by using a forced overwrite that deletes all write protection bits and completely removes the lock. However, this requires low level hardware access [to the eMMC] with a dev board (or device like raspberry pie) that supports SPI or SDIO. Unfortunately if this method is used, the entire NAND will be overwritten, which means a prior NAND dump is required. Furthermore, this isn't exactly easy and requires advanced soldering skills, so it is not a newbie friendly solution.

So the bricking is indeed deliberate. The Gateway team placed several checksums inside 2.0b2 which trigger it under specific circumstances. It has been confirmed that the brick code and the checksums were not present before 2.0b2.
And while it is aimed at clone cards, it can and has happened to legitimate Gateway users, too (which is unlikely, but not impossible).

Source (German): https://ngb.to/threads/161-Gateway-3...ashcart/page17
https://ngb.to/threads/161-Gateway-3...ashcart/page18

Now that the jig is up, maybe Gateway 3DS can be convinced to remove their dangerous code from their next firmware release to regain the trust of their customers.

I would like to kindly ask the moderators not to lock this topic as this is important information.
Also, please refrain from flaming me- I am merely the messenger.​

 

[Huntereb]

Yeah, let's all just believe the administrator of the official GW forum guys!

He really is? LOL

 

[the_randomizer]

I'm a bit disappointed by the way both Gateway and the administrator of that forum are handling this situation, it makes me think that probably Gateway became GetAway 3DS. An apologise would still be appreciated though.

Here's the actual explanation:

Gateway 3DS Bricking Mechanism Discovered

Expert members (specifically profi200) of ngb.to in collaboration with Normatt (who is in possession of the decrypted Gateway code) have discovered how Gateway bricks 3DS consoles, and how it is theoretically possible to fix it.​

​

Gateway uses a CPU emulator that executes MIPS-like code. The bricking code is hidden inside the portion of code that is executed by the CPU emulator. Once the bricking code is activated, the temporary write protect bit within CSD is set and the eMMC lock is activated.​

​

The people at Gateway can actually unbrick a 3DS WITHOUT a NAND dump by using a password which is unique for each 3DS and is generated using the CID of the NAND and which is then encrypted by the AES Engine of 3DS. By using this password, they can remove the lock and delete the write protect bit. That's why when Gateway initially posted the announcement about fixing bricked consoles they didn't mention requiring a NAND backup - because they really don't.​

​

The Gateway brick can be fixed by using a forced overwrite that deletes all write protection bits and completely removes the lock. However, this requires low level hardware access [to the eMMC] with a dev board (or device like raspberry pie) that supports SPI or SDIO. Unfortunately if this method is used, the entire NAND will be overwritten, which means a prior NAND dump is required. Furthermore, this isn't exactly easy and requires advanced soldering skills, so it is not a newbie friendly solution.​

​

So the bricking is indeed deliberate. The Gateway team placed several checksums inside 2.0b2 which trigger it under specific circumstances. It has been confirmed that the brick code and the checksums were not present before 2.0b2.​

And while it is aimed at clone cards, it can and has happened to legitimate Gateway users, too (which is unlikely, but not impossible).​

​

Source (German): https://ngb.to/threads/161-Gateway-3...ashcart/page17​

https://ngb.to/threads/161-Gateway-3...ashcart/page18​

​

Now that the jig is up, maybe Gateway 3DS can be convinced to remove their dangerous code from their next firmware release to regain the trust of their customers.​

​

I would like to kindly ask the moderators not to lock this topic as this is important information.​

Also, please refrain from flaming me- I am merely the messenger.​

It's Maxconsole, did you honestly expect something reputable to be linked from that site? The whole situation is a shitstorm and to be honest, it's gonna get worse before it gets better. It's pretty bad with the way things are now, at least, it looks that way.

He really is? LOL

Sad indeed This is gonna get interesting lol.

 

[samljer]

There is number of problems with this report.

#1: It is all based on info being mouthed out by Normatt which I and many others in scene world know for a fact he is main engineer behind the two clones so of course he will do anything to discredit the GW team and their efforts.

#2: It is loop, GBA confirms based on NGB, which is posting what GBA confined, so really there is no solid confimation, just i am saying what he is saying and what i said is what he said, so therefore it must be true, if so true and they claim the have whole decrypted code, why not publish it, and highlighted bits, or tools to allow other people to unpack and decrypt the code themselves so they can verify the facts that are being pushed out by the clone engineers.

#3: If they Normatt and his clone buddies did infact have the whole decrypt code and are so all smart and knowing, then howcome if the bricking code is indeed there and they knew about it, would on purpose leave it in there running, and bypass all the safeguards and sanity checks and checksums testing that original code does, so the socalled bad code would indeed get install and run at some point on both the clones and legit users using his modded launched, a very dirty trick if you ask me, more devilish then anything GW ever did, and with no apologize or I am sorry or anything.

I am sure there is multiple ways of unbricking with right info and tools, but the reason GW is offering to do it for you, is for number of reasons:

#1: Most people don't have the soldering skills or proper equipment to do the job.

#2: If they released all the info, it would, one enable clones to get the upperhand, and two also other others to release even more nasty shit, that could be alot worse then just simple lock on eMMC, etc.

#3: Even if you think you seen alot of LEGIT brick reports, the actual numbers and true ones are very very low, trust me when I say this, as alot of people have both flashcarts so even if they are claiming it bricked when using their LEGIT Gateway, alot of them used a Clone on same 3DS in the past, so they can't claim the brick is LEGIT, and alot of them used the modded launcher by evil clone engineer Normatt, even if they claim they didn't, and some are just outright lieing because they either hate pirates in general or want to for some reason support the clones, or are upset the final 2.0 is not out yet and they can't play Pokemon, or have 6.5 or higher 3DS even tho they bought a GW hoping it would move pass 4.5 by now, there is alot of reasons, but trust me the amount of legit bricks is very low, and could be caused by other factors instead of just this so-called claim by clone engineers that GW is causing it.

Source: http://www.maxconsole.com/maxcon_fo...LSE-Gateway-3DS-Bricking-Mechanism-Discovered

If you didnt register to the forums on Jan 4 / 2014
I might believe some of that.

 

[Skelletonike]

I'm a bit disappointed by the way both Gateway and the administrator of that forum are handling this situation, it makes me think that probably Gateway became GetAway 3DS. An apologise would still be appreciated though.

You just made a joke worthy of Gahars , my opinion of you has drastically improved. x'D


On topic though.... This Shibi guy is being way over-protective of gateway... One thing is defending them, another thing is trying to convince people that there is no risk whatsoever with the latest firmware. That and his shocking pink avatar hurt my eyes. >.>

 

[the_randomizer]

You just made a joke worthy of Gahars , my opinion of you has drastically improved. x'D


On topic though.... This Shibi guy is being way over-protective of gateway... One thing is defending them, another thing is trying to convince people that there is no risk whatsoever with the latest firmware. That and his shocking pink avatar hurt my eyes. >.>

Yes, I believe that is called sycophancy, or saving face, not sure at this point.

 

[Huntereb]

shibi, I'll be fine with Gateway when they admit what they did, or apologize for what they've done, and they remove the brick code. Until then, they're still on my bad side, and these little threads aren't going to sway me from what has occurred over the past week.

 

[Mr_Pichu]

The great bricking of 2014 continues as planned. Is there any hope in sight???

 

[sudeki300]

kyogre123, the gateway team do ask for a nand backup to be sent on your sd card when sending in your 3ds, it is right there is there RMA post. they say without it it would make the job considerably harder.....................................sudeki300

 

[MrChildren]

Name callings from an admin - naive.

Gateway user here. Based on that admin, gateway official firmware actually bricks a 3DS huh? Regardless it is 1 out of million, this will cause inconvenient to the end users and especially parents which doesn't have the know how

My 2 cents, GW doesn't need to admit or deny anything. However, they could always handle this bricking issue much professionally.

 

[aXXo]

...trust me...

Trust YOU? You've been a member of this forum for 11 days, and found it upon yourself to start a whole new thread discrediting the bricking code, people who claim to have bricks, clones, and and even Normatt. Why? There were already plenty of threads with that purpose, why did you have to start another one to basically make a 6 paragraph rant? Also, I would much rather truct people that can be considered gods of the hacking scene like Yellow8 and Methullah (or however the heck you spell his name) who actually have credit to their name.

 

[Huntereb]

My 2 cents, GW doesn't need to admit or deny anything. However, they could always handle this bricking issue much professionally.

True, they don't have to admit crap, but an update or fix of this issue would be fantastic. So far they just keep dodging questions and leaving people in the dark.

 

[Ryukouki]

Trust a 21 post count member who has been here for fifteen days? Sounds really legitimate right now.

 

[the_randomizer]

Trust a 21 post count member who has been here for fifteen days? Sounds really legitimate right now.

But, but, but....he actually seems to know the admin of Maxconsole who happens to be on the Gateway team, how could it NOT be trusted?

 

[hiron]

The great bricking of 2014 continues as planned. Is there any hope in sight???

Epic narrator sighted

 

[Normmatt]

There is number of problems with this report.

#1: It is all based on info being mouthed out by Normatt which I and many others in scene world know for a fact he is main engineer behind the two clones so of course he will do anything to discredit the GW team and their efforts.

#2: It is loop, GBA confirms based on NGB, which is posting what GBA confined, so really there is no solid confimation, just i am saying what he is saying and what i said is what he said, so therefore it must be true, if so true and they claim the have whole decrypted code, why not publish it, and highlighted bits, or tools to allow other people to unpack and decrypt the code themselves so they can verify the facts that are being pushed out by the clone engineers.

#3: If they Normatt and his clone buddies did infact have the whole decrypt code and are so all smart and knowing, then howcome if the bricking code is indeed there and they knew about it, would on purpose leave it in there running, and bypass all the safeguards and sanity checks and checksums testing that original code does, so the socalled bad code would indeed get install and run at some point on both the clones and legit users using his modded launched, a very dirty trick if you ask me, more devilish then anything GW ever did, and with no apologize or I am sorry or anything.

I am sure there is multiple ways of unbricking with right info and tools, but the reason GW is offering to do it for you, is for number of reasons:

#1: Most people don't have the soldering skills or proper equipment to do the job.

#2: If they released all the info, it would, one enable clones to get the upperhand, and two also other others to release even more nasty shit, that could be alot worse then just simple lock on eMMC, etc.

#3: Even if you think you seen alot of LEGIT brick reports, the actual numbers and true ones are very very low, trust me when I say this, as alot of people have both flashcarts so even if they are claiming it bricked when using their LEGIT Gateway, alot of them used a Clone on same 3DS in the past, so they can't claim the brick is LEGIT, and alot of them used the modded launcher by evil clone engineer Normatt, even if they claim they didn't, and some are just outright lieing because they either hate pirates in general or want to for some reason support the clones, or are upset the final 2.0 is not out yet and they can't play Pokemon, or have 6.5 or higher 3DS even tho they bought a GW hoping it would move pass 4.5 by now, there is alot of reasons, but trust me the amount of legit bricks is very low, and could be caused by other factors instead of just this so-called claim by clone engineers that GW is causing it.

Source: http://www.maxconsole.com/maxcon_fo...LSE-Gateway-3DS-Bricking-Mechanism-Discovered

#1: It has been proven there is bricking code in GW 2.0B2 by several well known people in the scene besides me.
#3: I knew there was a checksum, but didn't know there was any bricking code when I posted the code on irc.... I have never posted my patch anywhere but irc and never intended for it to be widely distributed.

 

[the_randomizer]

This is interesting: http://www.maxconsole.com/maxcon_fo...es-Statement-about-RMA-ing-your-Bricks/page12

Intriguing, and how is this to be interpreted?

From GaryOPA himself

How did you 'confirm' them, by visiting their home, and checking out their story for yourself.

Or you think putting up a picture of GW card next to their console with proof of purchase is 'confirmed'.

That does not mean they didn't also own a clone card, it also does not mean they at some point didn't use the modded launcher by clone engineer Normatt which was designed to do nothing else but brick your system on purpose, and does not mean their system didn't brick by other means like so other reason, or using a clone, or their launchers.

Alot of people own both clone and GW, alot of people own more then one 3DS, alot of people are just out right lying, and also making multiple accounts to post the same story, i have removed over 50 fake accounts in the last week, with ip's matching other already existing users, or emails that match known clone resellers sales staff.

And even if there is 5 confirmed units, it is simple for them to contact their local vendor and arrange for their unit to be fixed, it is not that hard or costly as people make it out to be, and also compare to the total amount of flashcards sold, 5 or less is not many.

And you got to remember, you using a BETA that means there is possible faults, you also using a 'exploit/hack' on a system so there is risk in doing that also, plus you messing around making the system do stuff it should not do, like run 7.1 on 4.5, etc.

There is over a dozen different ways the emmc on xl can corrupt, it is cheapass design, not just because of launcher exploit or the so-call brick code, and legit stock Nintendo system can brick also, there been many cases of BSOD error long before even flashcarts existed, there was threads about it years ago even on GBATEMP, some of those threads have recently been active again, as people started looking for ways around the emmc lockdown.

But as engineer myself, I known of many ways the emmc can go into lockdown mode, it happens on many other products that use it also, even cheapass laptops, even namebrands like Asus, have many cases of reports of dead systems due to emmc/nand going awol on them.

On the Nintendo it only takes 3 complete blocks to go dead, blank or corrupt for the emmc to go crazy and lockdown on next power-up, how do we know that there is some actual game causing a problem itself on nintendo, it is not until the battery completely drains does the system reboot totally, making it load up clean, and there been cases where the emmc will corrupt on read if battery dies right then also, there is so many other ways to trigger that same BSOD that people are reporting, but anyhow again the amount of legit people claiming is very low, and all this talk about Gateway not caring or going to disappear or that is over, is all lies also.

So lets just all relax a bit, and stop and think and don't keep insulting and attacking other users, or repeating something that someone just said, to make it sound more legit or true, a lie spun around 1,000 times is still the same lie, and one claim repeated over and over again and again is still just one claim, not a 1,000 of them.

 

[Mr_Pichu]

Now that the jig is up, maybe Gateway 3DS can be convinced to remove their dangerous code from their next firmware release to regain the trust of their customers.​

As the FPGA will likely need an update in the next version, I suspect the resulting launcher machine code will largely be unusable by the clones. So there shouldn't be a need for additional software protection measures, at least I hope GW sees it this way.