Hacking patching the 2.0b2 loader???

[lafleche]

Hi,

I am probably (surely?) making it sound far to simple but bear with me...

In the early days it was claimed that the gateway loader was decrypted.
What is keeping some clever guys (which I am not!) from patching the bricking code out of the b2 loader?

On the windows platform all kind of patched executables and/or dll's are released on a daily basis to circumvent the copy protection of games/programs.

I know that if it was that simple it would already have been done but if Gateway does a Get-away it would be our only hope playing the newer titles without the fear of bricking.

 

[satan89]

I think it's mostly because the people who know how to patch it are against piracy.

 

[gamesquest1]

The checks would no doubt be coded into the firmware and removing/disabling them would have adverse effects elsewhere, also if I remember correctly the whole launcher wasn't decrypted, I think 1.2 was but 2.0b1 had extra encryption

 

[Pedeadstrian]

It's either what the dude above me said, or that they never actually found the bricking code in the first place. If the former is true, it'd be possible for others that don't care about piracy to fix it. I can't imagine every single capable hacker is anti-piracy. That makes me think that they never actually found it.

 

[gamesquest1]

Well from what I read, they didn't find the actual code, but they "saw" it in action by running the encrypted code through a simple 3ds emulator ( not a emulator like some people would want) but something that would "run" the encrypted code so they could see the results

Kinda like looking at an engine running if it was made out of glass, the can see what is happening on the hardware, but they can't actually decrypt the code to change what happens....only look at it once it is running

 

[Pedeadstrian]

Well from what I read, they didn't find the actual code, but they "saw" it in action by running the encrypted code through a simple 3ds emulator ( not a emulator like some people would want) but something that would "run" the encrypted code so they could see the results

I seem to recall actual code, but maybe it was falsified.

 

[gamesquest1]

Well it could of been a replication of what the code needed to perform the actions would have to look like, more reverse engineering, I'm sure some of the top elite hackers would have more luck at actually modifying the code, but I think after the whole region free "safe" conclusions, they wouldn't want to risk releasing anything if they might of missed something else, they would need to be 100% sure there isn't another well hidden bit of code that could do something

Don't forget the clone manufactures would no doubt be looking to pay someone to do it, and the fact they haven't had any success yet is probably an indication that it's not as simple as deleting a bit of code

 

[Neimod]

I think it's mostly because the people who know how to patch it are against piracy.

Exactly.

 

[Arras]

Also risks. Even if you patch out some of the bricking code there might be more that hasn't been found and the result would only be more bricks. IIRC profi200 said somewhere he wouldn't touch b2 with a 50 feet pole and I agree 100%.

 

[masterzero]

the risks are moot when some people in this forum have recovered their 3ds from brick and installed a micro usb port in the process , making fixing it again really really easy. they could easily test the patched launchers for some time to see if they brick or not

 

[gamesquest1]

Really really easy for some, fact is the additional costs of the raspberry pi and soldering required would be something most people could do without

 

[masterzero]

but do you read me ? the people who have the usb mod can easily try those patched firmwares for some time , if they brick something is still wrong but they can easily fix thru the usb. If not , people could start using them

 

[gamesquest1]

but do you read me ? the people who have the usb mod can easily try those patched firmwares for some time , if they brick something is still wrong but they can easily fix thru the usb. If not , people could start using them

Yeah but as has been discussed in the tread I made about the diagnostics bricking......it's impossible to prove that avoiding diagnostics is 100% safe! just if say 6 people test for a few weeks we might all get lucky and not get bricked, and then once everyone jumps onboard their is a piece of code that no testers ran in to, not to mention all it would take is 1 troll to come in and say they got bricked and the whole thing would be deemed confirmed to brick, kinda like 1 person saying b1 bricked them caused people to panic and avoid b1 even though it was 1 very vague and third hand report.... I'm surprised we haven't had a troll come along and say 1.2 bricked them too

 

[krisztian1997]

The code can be decrypted from what I remember, but the problem is that the bricking code and everything related to it is very obfuscated

 

[profi200]

The code doing the eMMC lock is in the VCPU and all that stuff is heavily obfuscated. The emulator is indeed accurate enough to get usable results. We looked into the code, after locating it with the emulator, otherwise we could not be sure about it.

But as already said, we are not interested to patch anything out, because it is to much risk and we don't help pirates.

 

[mathieulh]

The code doing the eMMC lock is in the VCPU and all that stuff is heavily obfuscated. The emulator is indeed accurate enough to get usable results. We looked into the code, after locating it with the emulator, otherwise we could not be sure about it.

But as already said, we are not interested to patch anything out, because it is to much risk and we don't help pirates.

In fact you only need to patch this code rather than every single checks that trigger it.
Of course there might be another brick function hidden elsewhere but I doubt so.

In the end patching Gateway launcher brings nothing to the homebrew scene as there are already tools available to execute your own payload in ARM9 context on the device, therefore it's understandable that most developers aren't interested in this endeavor.

 

[DRWS]

Before anyone says "OMG WTF 3DS EMULATOR?!" they are talking about a program that emulates the ARM CPUs used in the 3DS, like QEMU. It is just good enough to test the Gateway code, but does not emulate a 3DS.

 

[SilverfalconLP]

this is qemu ? https://github.com/shizzy1/citra

 

[Foxi4]

Before anyone says "OMG WTF 3DS EMULATOR?!" they are talking about a program that emulates the ARM CPUs used in the 3DS, like QEMU. It is just good enough to test the Gateway code, but does not emulate a 3DS.

That's actually how all emulators start off. It emulates the 3DS's CPU's and is capable of running some code... which is a start. Maybe once the scene properly kicks off, we'll see full-blown 3DS emulators, not necessarily for the sake of loading ROM's, rather for the sake of testing homebrew.

 

[redkeyboard]

IIRC Normatt did patch out the code from 2.0b2, but there was still some deep brick code in there somewhere that got triggered.