Toggle sidebar

Hacking 3DS Hack: "We hacked it"

  • Thread starter Thread starter michael18
  • Start date Start date
  • Views Views 737,752
  • Replies Replies 2,186
  • Likes Likes 5
Status
Not open for further replies.
Foxi4 said:
DrPikachu, you cannot recode a retail game to do anything - there is a reason why we call the chips they are stored on ROM - Read Only Memory. The game has to already have an exploitable feature in it - you can't just put it in. Not to mention that games are encrypted - modifying any section with no way of re-encrypting would make the game unbootable. The only thing that can be modified is a save file, which unlike the ROM image can be overwritten. You then add specific data into the save file that is meant to crash the system in such a way that the data will go straight to the section of memory which is concerned with the binary - this data is the code you wish to execute. If you are lucky enough, you skip past the key comparison stage and boot the code and the CPU doesn't know any better unless there is a hypervisor in place. This has nothing to do with ROM hacking at all - ROM hacking can only be performed on dumped ROM images or via live patching of data within memory while the system runs - you cannot overwrite a ROM on a cartridge.
Click to expand...


Damn man, you were faster than me, but I guess your post is clear enough that makes my post almost unnecessary :D .
Or not, it looks like Dr Pikachu still does not get it :rofl2:

Dr Pikachu said:
The rom itself is on the cartridge as is the save. It boots from itself. The Twilight hack boots from an external/internal memory from the host, not the game itself.
Click to expand...

Dr Pikachu said:
Problem with the idea however is that the games do not include such an ability otherwise romhackers would be able to directly modify things such as sprites and maps. Which they can't. Cartridges boot themselves, not from an sd.
Click to expand...
Let me clear this thing for you.

You do not boot a save, you boot a game, which in 3DS is one very specific memory, let's call this memory A
The save memory is not the same memory as memory A.
The memory A is called ROM, which means Read-Only Memory, basically saying it's not overwriteable,
turning romhacking useless to the case.

The game, which is located in memory A boots normally, as it's unchanged.
At certain point, the game will try to load the save, wich is located in memory B.
Since memory B is obviously overwriteable, there is the best place to put your exploit.
The exploit is inside the save file, and starts running when the game that is in memory A access it, which is in memory B.

Exploit will do it's purpose and them it's done, simple as that.

Dr Pikachu said:
Hence using an AR. Completely different.
Click to expand...

It's not using an Action Replay :dry:
Don't take this personally, but you should search a little before saying bullshit ;)
 
Dr Pikachu said:
The rom itself is on the cartridge as is the save.
Click to expand...


yes, but not on the same damn chip, this is what you don't seem to realize. the game data is stored in ROM, which can't be modified, unless you dump the data elsewhere, while the save game is stored in the flash memory or eeprom of the cartridge. flash memory/eeprom can be rewritten as often as you'd like (how do you think the game is able to keep your progress?). this means you can easily insert a modified save file (by using this thing, for example: http://www.pokedit.com/tag/nds+adaptor+plus/) DIRECTLY on the cartridge. this does NOT change the game files stored in ROM, it DOES however change the save file stored in the flash memory/eeprom.

your previous comment:
Dr Pikachu said:
The thing neither of you seem to understand is the fact that the modified game save would be on the sd
Click to expand...
is simply wrong, as explained above.
 
Question, i fail to see what this argument has to do with the twitter page finding? make another thread to argue in so i dont get my email spammed while following this please. thanks ;)
 
pro2oman said:
dam .. double posted...
common scence.. at least for me... prove my your cartridge reads cartridge.. linked......i dont think my wii disk reads my wii save.. but ...maybe you could link otherwise?
Click to expand...
http://www.ehow.com/how-does_4969439_nintendo-ds-game-card-work.html
http://en.wikipedia.org/wiki/ROM_cartridge

and for the wii
http://en.wikipedia.org/wiki/DVD
http://en.wikipedia.org/wiki/Saved_game

and for extra reading:
http://www.quora.com/Game-Development/How-does-game-save-work
 
Foxi4 said:
No it doesn't - memory handling is on the 3DS side of things, the cartridge is merely storage. It does not execute any code outside of what the memory controller inside the chip does.

The cartridge is inserted and sends a handshake message to the 3DS, which in turn reads the header information and the memory address to the game proper. After that handshake, if the user chooses to boot the game, the 3DS uses this address to copy a portion of the game into main memory and boots the code. The save file could be anywhere, the 3DS receives an address to it as well. What matters is that you can modify a save, and with this exploit, apparently the system does not check whether it is legitimate or not. The 3DS is entirely capable of reading save files from the SD card, which is how downloadable games store them. The problem with that is that saves on the SD have additional protection that nobody wants to bother with without a hack to analyze it already.
Click to expand...
Still waiting for a source.
 
Yatashi Strife said:
dam we talkin about wii now? O.O
Click to expand...
.. nope.. .was just tring to compare it back to something he knows...

ooo and there some conrodicting stuff in the link you posted dr.... something bout carts have a save memory...

but il leave it at that... got exams tomorrow... (there about computers and how memory works...:P)
 
Dr Pikachu said:
http://www.ehow.com/how-does_4969439_nintendo-ds-game-card-work.html
http://en.wikipedia.org/wiki/ROM_cartridge

and for the wii
http://en.wikipedia.org/wiki/DVD
http://en.wikipedia.org/wiki/Saved_game

and for extra reading:
http://www.quora.com/Game-Development/How-does-game-save-work
Click to expand...

Dr Pikachu, the save is in a different place, but so what?
What does it interfere on using an exploit.

Just think a little bit about that.

There is no difference where the save is,
the method is the same.

Why do you keep fighting the obvious?
 
VMM said:
Dr Pikachu, the save is in a different place, but so what?
What does it interfere on using an exploit.

Just think a little bit about that.

There is no difference where the save is,
the method is the same.

Why do you keep fighting the obvious?
Click to expand...

Cartridge games have always booted from themselves. I still have yet to be given a source that says they can read from other areas as well.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?