Hacking Another handful of Gateway questions

[apoptygma]

I think I've now got a fairly good understanding of the workings of the cart(s) however due to a lot of outdated information online I'm unclear on a few things.

1) Renaming a file from .3ds to .3dz does what exactly? To the best of my understanding I causes the file to be loaded in such a way that online play becomes possible with a rom which has a modified header.

2) Is it still necessary to push home>x to 'save' on newer gateway firmware? If not which update did away with this?

3) How is the gateway firmware updated? ie. what is the process to go from say 1.2 to 2.2?

4) Which titles create savegames 'inside' the rom file itself instead of as a separate file (which I assume would be a .3ds.sav or similar extension)

5) Would I be right in saying that emunand is currently 'broken' in that, if you load it up then update (which will be version 8) it will no longer boot, so there's no point in even looking at it.

6) Do all scene releases contain no header and is this by design (ie. the dumper intentionally stripped the unique ID)

7) All omega (non beta) firmware on this chart http://wiki.gbatemp.net/wiki/Gateway_3DS#Features_chart show as 'unknown' for 'safe to use' so would it be better to use v2.0b1 (if not on firmware 4.1 of course) at the cost of not being able to use multirom? I guess this is a personal opinion thing, perhaps a better way of asking would be, how long has 2.2 been out and had no reports of bricks.

7b) How does a flash cart actually brick a 3DS??

8) Which tool should be used for trimming roms, I'm wary of downloading random binaries from the internet...

 

[y03usw6e]

1) That's correct. The 3dz extension essentially enables online for the ROM, but online won't work unless you have a working header.

2) it isn't "necessary" anymore, but some people have had issues when not doing it, so i would recommend still doing it. The 2.0 non-beta fixed that.

3) to go from 1.2 to 2.2, you would just replace the launcher.DAT file that's on the internal sdcard. When you load it, it will prompt you to update the FPGA. After that's done, you're good.


4) the games that save in the ROM are CARD2 games. There aren't many of those currently. The most common ones are pokemon x/y and animal crossing new leaf. There are others though.

5) correct

6) as far as I know, this is correct as well.

7) 2.2 is safe, no bricks. 2.0 beta releases are not safe.

7b) gateway implemented brick code to stop clone carts from stealing their work, but it backfired and occasionally triggered for gateway users.

8) use rom_tool. I have a thread with a batch script that will trim all CARD1 ROMs, if you would like to use that. Makes things easier. Not gonna find the thread right now, on mobile. Just look at threads I've created.

 

[Vengenceonu]

1. Yes.
2. No it's not still necessary. Omega Firmware 2.0 and beyond has Real time saving (NOT TO BE CONFUSED WITH SAVE STATES) that allows games to be saved just like normal cartridges. Just turn the 3DS off.
3. The Gateway is updated by simply replacing the old launcher with the newest released one, that's it. If a Launcher requires you to do an FPGA update, it will tell you when entering GW mode. All you do is press Start and wait for it to be finished.
4. Card 2 games save inside.
5. Yes you are correct. If you update to the latest firmware on emunand, you will no longer be able to boot up GW mode.
6. You'll have to ask people in the following thread: http://gbatemp.net/threads/how-to-use-scene-dumps-with-gw-2-2-online.365829/
7. No. All the Omega's are only considered Unknown because no problem has happened to date but the general consensus is that it's safe. 2.0b1 didn't have brick code/clone AP at all which is why it's "safe" while the Omega's are "unknown". Use the Omega firmwares.
8. Don't really know what exactly causes it but i would assume its like " If X launcher is being used without Y hardware, Brick 3DS".
9. 3ds rom tool (if your cmd challenged, there's a gui you can use that makes this easier) and 3DS explorer.

 

[apoptygma]

So just to elaborate on those:

1) - why does the gateway simply not run the roms in this form by default? Is there a disadvantage to doing so? I think I may have read somewhere that the savegames will then be tied to the header ID whereas the normal/default .3ds launch method won't do this. I could be wrong.

4) Is there a list of CARD2 games somewhere or a description of what they are? Do they look physically different somehow?

7) So gateway were bricking the console intentionally, how did they do this? do we have the technical details?

Also, I came up with another question we'll call 9) - If you run the built in dumper tool on the gateway, where does the dump go? I would assume it has to be the internal (to the console, not the gateway) SD card.

 

[ScarletCrystals]

1. Yups, you got the gist of it
2. Technically yes. The other method is pushing the power button. Not really sure which firmware added the 2nd option though. Either 2.1 or 2.2
3. Replace the Launcher.dat on your sd card (big one in the 3ds) and done
4. Card 2 games saves on the rom itself. They include Pokemon X/Y, Animal Crossing, Tomodachi life, and all eshop game dumps (not 100% on the last one)
All other games write .sav to the sd card.
5. Exacta
6. The header is not part of the rom file per se. It's actually on a separate chip. So you could say that a proper scene dump shouldn't include a header.
7. Why would you even consider using a firmware version with reported bricks over one with perfect track record?
7b. http://gbatemp.net/threads/warning-gateway-team-bricks-card-on-purpose.360568/
8. http://filetrip.net/3ds-downloads/utilities/download-3ds-rom-tool-3-1-f32469.html

And 9. To your sd card

 

[Vengenceonu]

So just to elaborate on those:

1) - why does the gateway simply not run the roms in this form by default? Is there a disadvantage to doing so? I think I may have read somewhere that the savegames will then be tied to the header ID whereas the normal/default .3ds launch method won't do this. I could be wrong.

4) Is there a list of CARD2 games somewhere or a description of what they are? Do they look physically different somehow?

7) So gateway were bricking the console intentionally, how did they do this? do we have the technical details?

Also, I came up with another question we'll call 9) - If you run the built in dupmer tool on teh gateway, where does the dump go? I would assume it has to be the internal (to the console, not the gateway) SD card.

4) Card 2: The game use a "Card 2" cartridge with a single NAND chipset to store both Game and Savedata, instead of using a "Card 1" cartridge with an external EEPROM to store save data.

7) I wouldn't call it "intentionally bricking consoles", it was more of a boobie trap. It was to discourage clones from continuing to copy their work.

9)It ends up on the Big SD card inside the console.

 

[apoptygma]

1. Yups, you got the gist of it

7b. http://gbatemp.net/threads/warning-gateway-team-bricks-card-on-purpose.360568/

So this code was removed in the non-beta releases is that right? I really don't like the idea of letting anything that malicious near any device I own, I mean even the concept is flawed, why should end users be punished when they may be unaware that they have a cloned card?? terrifying really.

 

[gamesquest1]

1) online access requires a valid headerID, the ability to dump these was only added in 2.1, they don't just load by default as pretty much all roms people get from the Internet lack the HeaderID info, meaning they wouldn't be able to use online anyway, one more reason to separate them is that switching between playing without a header and with, will cause the save to be deleted.......so as people had been.playing with..3ds roms it would of meant everyone would of lost their saves

 

[ScarletCrystals]

So this code was removed in the non-beta releases is that right? I really don't like the idea of letting anything that malicious near any device I own, I mean even the concept is flawed, why should end users be punished when they may be unaware that they have a cloned card?? terrifying really.

Well, people have gone looking for the brick code in the latest firmwares with mixed results. Some claim it's still there but cleverly hidden.
What is confirmed is that it's literally impossible for ordinary users to trigger the code on a legit gateway

 

[apoptygma]

Well, people have gone looking for the brick code in the latest firmwares with mixed results. Some claim it's still there but cleverly hidden.
What is confirmed is that it's literally impossible for ordinary users to trigger the code on a legit gateway

I would think that if it's simply checking the hash on launcher.dat and you've got a flaky SD card it would be quite possible to trigger it if it were still there. I mean I don't suppose anyone would willfully destroy a 3DS to test it (unless they had the ability to jtag/restore it?) but I would think that anyone just changing a bit somewhere in the file then running it would result in a fairly definitive test.

 

[gamesquest1]

I would think that if it's simply checking the hash on launcher.dat and you've got a flaky SD card it would be quite possible to trigger it if it were still there. I mean I don't suppose anyone would willfully destroy a 3DS to test it (unless they had the ability to jtag/restore it?) but I would think that anyone just changing a bit somewhere in the file then running it would result in a fairly definitive test.

Yeah I tried with editing a few bytes, no brick

 

[ScarletCrystals]

Actually, people have tried to intentionally brick a 3ds without success.
Also, there is a way to restore a bricked 3ds so that's as big a problem as before.

 

[Vengenceonu]

So this code was removed in the non-beta releases is that right? I really don't like the idea of letting anything that malicious near any device I own, I mean even the concept is flawed, why should end users be punished when they may be unaware that they have a cloned card?? terrifying really.

It wasn't removed per se, more like altered/perfected so that it wont accidentally trigger for legit Gateway users. That's pretty much why it took clones 6 months or so to copy it (but they still have a few bugs they can't fix). Also, it's the only way for GW to defend themselves from having their features stolen, copied and sold at a lower price. They even included a function that wont let you enter GW mode if you dont have a GW cart. The percentage of people who were bricked on 2.0b2 was extremely low anyway (like 1-2% of all users) so don't fear the omega firmwares which have 0% reports of bricks. They have been released since March and not 1 person has reported any sign of a brick.

 

[y03usw6e]

gamesquest1 tried his hardest to trigger a brick when 2.0 came out. Did lots of testing. He was not successful.

 

[gamesquest1]

I read it works like something like this, if a certain area of the file is edited it will stop loading once it hits that point, so you would need to then patch this area to bypass the security on that section, then there is a second check which again would just freeze the 3ds if edited....you would need to disable that security too before you get near the brick code, it would be pretty much impossible to get near the brick code unless you where specifically disabling the security in the launcher

 

[AlbertoSONIC]

Some weeks ago i read about an users who bricked his 3ds by removing SDCard while entering GateWay Mode. Would it happend on Omega Firmware, too? Every time i boot gateway mode i die for few seconds, until it boots successfully! I'm really scared to brick my 3DS...

 

[gamesquest1]

Some weeks ago i read about an users who bricked his 3ds by removing SDCard while entering GateWay Mode. Would it happend on Omega Firmware, too? Every time i boot gateway mode i die for few seconds, until it boots successfully! I'm really scared to brick my 3DS...

i doubt it, if you remove the SD the 3ds just crashes, is there any link to this persons story to have a read? i messed up my emunand once by dropping the 3DS whilst it was in emunand......so in some ways, i think being in emunand when that happened probably prevented whatever happened happening to the sysnand instead, there was story's similar to what happened to me from before gateway and emunand existed so i believe its some sort of oversight in the firmware where a power cut renders the system unusable, it still booted but went to a black screen, if i pressed the power button, the "shut down" screen appeared, then if i pressed home, it would just load up the "home screen" text but froze there never reaching the actual home screen itself

 

[AlbertoSONIC]

Another question: what happends if i remove Gateway Gamecard while my 3ds is entering gateway mode? And what happends if i power off my 3ds while it's entering gateway mode?
If there still be a brick "bug", there must be a way to trigger it. Which is that way? I need to know that in order to avoid it...

 

[gamesquest1]

If you remove the card wile entering gateway mode you would either
A, the card was already verified and you enter gateway mode
Or
B. You remove the card before its verified and it just says "insert a Gateway card"

It's not like there's a guaranteed bug that we have to hunt down, could there be a bug? Sure nothing is ever perfect, but from what devs said the code is pretty much as close to perfect as you can get now with several stages of protection to prevent any brick capable bugs

 

[AlbertoSONIC]

If you remove the card wile entering gateway mode you would either
A, the card was already verified and you enter gateway mode
Or
B. You remove the card before its verified and it just says "insert a Gateway card"

It's not like there's a guaranteed bug that we have to hunt down, could there be a bug? Sure nothing is ever perfect, but from what devs said the code is pretty much as close to perfect as you can get now with several stages of protection to prevent any brick capable bugs

And if i shutdown or drop 3DS while booting Gateway mode (system or emunand)? So there are no ways to brick my 3ds? I want to be 100% sure...