ROM Hack Patching out Digest Sector Tables in DSiWare

[Deleted User]

I'm currently attempting to translate a DSiWare game (Too Much Tingle Pack, to be exact). As far as I know, this is the first attempt at such a project. I've managed to obtain an .nds of the game, and it runs in no$gba. However, any modification to the Nitro File System of the rom results in the game refusing to boot. Apache Thunder was kind enough to explain why this is to me here.

I've tried to figure out how to patch out these "Digest Sector Tables", but the only other place I've been able to find that even mentions this is this github page by Steveice10.

Is there anyone that would be able to help me with this? I'd really like to have this DSiWare translated by the time my other project is done (in my sig), since they were both released together originally (in Japan obviously ). Thanks in advance!

 

[Naked_Snake]

This probably should have been posted in ROM hacks and translations part of the forum

 

[metroid maniac]

Digests
The NDS format has been extended with a hash tree to verify the entire contents of an NDS ROM. The NDS ROM is divided into sectors, and each sector will be hashed and have its hash stored in the digest sector hashtable. The size of a sector is defined in the header aswell. Furthermore, the sector hashtable is partitioned and hashed again to form block hashes. This block hashtable is hashed again into a single hash called the digest master hash. These hashtables can be used to verify that the sectors of a NDS ROM have not been tampered with, since the integrity of a sector hash can be verified by a block hash, which in turn can be verified by the master hash. And this hash is part of the header, which is signed with RSA.
The sector hashtable reaches over the NTR and TWL regions, respectively.

I also believe no$gba has the ability to ignore bad RSA signatures if you turn it off in settings.

EDIT: In general you should just consult GBATEK, which I believe is also integrated in the no$gba debugger

 

[Deleted User]

This probably should have been posted in ROM hacks and translations part of the forum

Maybe, I guess that might make sense. The reason I posted here is because it seems like most dsi hackers are mainly in this section.

I also believe no$gba has the ability to ignore bad RSA signatures if you turn it off in settings.

EDIT: In general you should just consult GBATEK, which I believe is also integrated in the no$gba debugger

Thanks!
I'll take a look at that page, maybe I'll be able to figure it out.

 

[Naked_Snake]

Maybe, I guess that might make sense. The reason I posted here is because it seems like most dsi hackers are mainly in this section.

Thanks!
I'll take a look at that page, maybe I'll be able to figure it out.

All good
I've been flames before for wrong section posting lol

 

[smf]

From the link you posted it appears that the game does all the validation, therefore where the tables are and where the hashing and rsa signature checking is will probably be game specific. As it's code from an SDK then it may be easy to come up with a pattern to search for.

Personally I'd start with a program that could verify the original games hashes and signatures, because if you can do that for all games then fixing the hashes and signature should be pretty easy.

 

[Deleted User]

From the link you posted it appears that the game does all the validation, therefore where the tables are and where the hashing and rsa signature checking is will probably be game specific. As it's code from an SDK then it may be easy to come up with a pattern to search for.

Personally I'd start with a program that could verify the original games hashes and signatures, because if you can do that for all games then fixing the hashes and signature should be pretty easy.

Yep, @Apache Thunder mentioned that it's game specific, so what @metroid maniac said probably won't work.
Are you suggesting that there is a program out there that does what you said? Or are you saying I should try to write a program for it?
I'm not exactly knowledgeable about rsa and hashes and that stuff, I just know how to hack roms and program. But I'll try to read up on it so I can figure this out.

 

[metroid maniac]

Yep, @Apache Thunder mentioned that it's game specific, so what @metroid maniac said probably won't work.
Are you suggesting that there is a program out there that does what you said? Or are you saying I should try to write a program for it?
I'm not exactly knowledgeable about rsa and hashes and that stuff, I just know how to hack roms and program. But I'll try to read up on it so I can figure this out.

You might know a hash better as a checksum.
It basically converts a chunk of data into a small, fixed sized "fingerprint" via a function that is very hard to reverse and produces an output that looks random.
A SHA or MD5 supplied with a download is a hash that allows the user to determine that it hasn't been corrupted or modified in a disallowed fashion.

RSA is an encryption algorithm. There is always a pair of keys; one to encrypt and one to decrypt. In this case of signatures, Nintendo has the encrypting key and the console only has the decrypting key.
The signature will be a hash of the data it's signing, but encrypted. The console is able to decrypt the hash and compare it to a hash of the data it's about to load. If they're the same, then it knows that the game isn't tampered and that Nintendo approved it.
But since you can't encrypt a hash to produce a signature, you can't give the console that same assurance.

 

[Deleted User]

You might know a hash better as a checksum.
But since you can't encrypt a hash to produce a signature, you can't give the console that same assurance.

But you could patch it out, right? Would that just be a matter of filling the offsets that contain the digest checks with FF or 00? Or is it more involved?

 

[the assaf]

But you could patch it out, right? Would that just be a matter of filling the offsets that contain the digest checks with FF or 00? Or is it more involved?

I think you need to find the hash algorithm and the hashed bits and then you can recalculate the checksum.

 

[the assaf]

Sorry double post

 

[metroid maniac]

But you could patch it out, right? Would that just be a matter of filling the offsets that contain the digest checks with FF or 00? Or is it more involved?

You could probably find whatever routine checks the integrity of the game data using the hash table and patch it to always return a valid result, since it's implemented by the game.

 

[Deleted User]

You could probably find whatever routine checks the integrity of the game data using the hash table and patch it to always return a valid result, since it's implemented by the game.

Well, that's probably way out of my reach as far as my hacking experience goes.

Thanks for your help though, I really appreciate it.
If someone manages to solve this issue you'll definitely get a credit in the readme for my translation. I'm sure a lot of other people would also start to translate other Japan only dsiware as well.
Hopefully ahezard, Apache, or someone with the right skill set can figure this out (of course they're busy already with the ds rom loading thing so I won't bother them)

 

[Deleted User]

Bumping because the thread was moved to a different forum.

Sorry if I'm breaking any rules