Hacking 3DS rom dump info

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,512
Trophies
2
Age
43
Location
Engine room, learning
XP
14,755
Country
France
A Rom is an exact copy of the cartridge's chipset content (=the game).
The console is region lock and can't play games (not even local play wifi) from another region, so you can assume the ROM is region lock too.
The games, ROMs and the consoles are certainly signed to a specific region.
 

Zonzorg

Member
Newcomer
Joined
Jul 18, 2004
Messages
11
Trophies
0
XP
178
Country
France
Zromedit Modified (http://scene.release...s/ZRomsedit.rar)
en francais "pour trouver le jeu dans l'oll il faut tester chaque fichiers dans le fichier dat.cache et trouver le bon crc. dans ton fichier tu n'as pas déclaré de savetype
quand je test le savetype l'oll me génére --- (trois tirets) alors qu'il ne devrais rien contenir."

cyan:
wrong number in your dat:

17 Cubic Ninja
18 Steel Diver
19 Tetris

scene.releases.free.fr

17 Steel Diver
18 Tetris
19 Cubic Ninja
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,512
Trophies
2
Age
43
Location
Engine room, learning
XP
14,755
Country
France
Yes I know it's not the same numbers.
I used the release order by checking the date&time from the released FTP and not from dump time before they are uploaded.
It's the order the users could find them.

I based the order on this list:
http://3ds.sherer.co.il/


I didn't put any savetype because we don't know them yet.
You used it to place the Genre, where I added a tag. (not completed yet).

I did the dat to keep the most informations in it, not only for checking the CRC and rename the rom/archive, in hope it could be used into a new Dat reader (like an updated NDSCRC or an universal one like and updated OLL).
or else I would have limited to the minimum information for OLL.



Edit:
Thank you for ZromEdit v1.1.0
It can now open my dat :)

There's just a problem with the ROM size (limited to 2048MB), but it's a problem from OLL.
To fix it, in my dat I used both correct size and custom size. I've define the custom size to redirect to a custom search box value.
In edit dat submenu, all bottom part is still using your info (dat URL, etc.)
 

Zonzorg

Member
Newcomer
Joined
Jul 18, 2004
Messages
11
Trophies
0
XP
178
Country
France
did you have a new from replouff66
the last message of him : 09/04/2010 (http://www.developpez.net/forums/u3833/replouf66/)
i try to contact him but no reponse for oll sources . cyan write to me if you want somes sources of oll plugin (in dephi) ('usine à gaz...') (email is in info of plugin)
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,512
Trophies
2
Age
43
Location
Engine room, learning
XP
14,755
Country
France
I think nobody has a response from him anymore.

I asked the sources, but in fact I never coded in delphi so I don't think it will be useful for me. Maybe I should learn that first.
But thank you anyway for agreeing to share it with me.
 

Ris312

Well-Known Member
Newcomer
Joined
Mar 5, 2011
Messages
59
Trophies
0
XP
92
Country
Remember the 3DS Rom Dumping Pic that Legacy released with their first 3DS Rom...
http://i.imgur.com/NBJLZ.jpg

In the bottom left of that picture is a small white box,
It is a 'Zeroplus logic cube' (LAP-C 16032?) Logic Analyzer. (costs about $140usd)
http://i.imgur.com/T4Mtq.jpg
Legacy's has 32 pins, but only 16 of them are used + 1 ground)
http://i.imgur.com/rE0fQ.jpg

At the top of the picture, there are Pink, Blue and Green ports that looks like sound ports on a motherboard...
That is a 'Terasic FPGA Altera DE1 Mainboard - Cyclone II' (costs about $150usd)
http://i.imgur.com/S0zeH.jpg

In the bottom left is a MicroSD to SD Adapter with a MicroSD inserted,
The FPGA board has a SD Slot on the side so I guess the Roms are dumped to an SD Card.
One of the 40 pin expansion ports (that looks similar to an IDE port), is connected
to a PCB board with a Cartridge slot and cartridge using a 40 wire IDE Cable.


from 3DS 0001 NFO:
| :: | P.S. Most people are probably asking themselves "HOW?". | :: |
| :: | The answer is "Yes, it is THAT simple". This | :: |
| :: | release is 100% complete and was tested on our own | :: |
| :: | hardware. Just wait for the chinese to figure it | :: |
| :: | all out aswell, then you can play this release too.| :: |
| :: | Like our first DS and DSi dumps, we have included | :: |
| :: | a picture of the dumper with this release. Make of | :: |
| :: | it what you want, we have no intention of giving | :: |
| :: | out further information. | :: |

Maybe this is all the hardware that is needed to dump 3D Roms?
They did say "Yes, it is THAT simple" in the NFO file... maybe it really is that simple?

edit:
It looks like the pins of the cartridge are connected through that PCB (underneath the board) to both GPIO ports on the DE1.
Maybe GPIO_1 is connected to one of the DS Lites and that is being used to unlock the cart? (or supply power to the cart?)
also, on the NDS Lite Bottom Screen, you can just make out the text "There is no DS cart Inserted"

edit2: 3DS Carts have 17 pins, 16 pins are connected from the cart PCB to the Zeroplus logic cube,
and the 17th pin is ground which is that single black wire on the end the Zeroplus logic cube.
 

Pong20302000

making notes on everything
OP
Member
Joined
Sep 8, 2009
Messages
8,076
Trophies
0
Location
One's inner self
Website
3dsdb.com
XP
2,305
Country
Remember the 3DS Rom Dumping Pic that Legacy released with their first 3DS Rom

looks very simular to

6839415366_629a2aee20_z.jpg
 

lazymarek

Active Member
Newcomer
Joined
Dec 18, 2010
Messages
30
Trophies
0
XP
99
Country
Gambia, The
looks very simular to
...

No, it actualy doesn't look very similar to it.

Maybe GPIO_1 is connected to one of the DS Lites and that is being used to unlock the cart? (or supply power to the cart?)
Maybe they used the DS for sending very basic commands to the card which are still used in the 3DS cards (reset, get cardID). After receiveing
the cardID the 3DS would start to enter a new command mode which the DS doesn't know (because it's a new protocol and for 3DS cards only) then
they have to read the data from the 3DS card with encrypted commands. Maybe there's a trick how to read the data without enrypted commands ( I don't
think that creating these encrypted commands is possible).
 

CollosalPokemon

ばん。。。かい
Member
Joined
Oct 18, 2009
Messages
682
Trophies
0
XP
1,723
Country
United States
Something VERY interesting

VENOM dumps

145 and 146
SHARE the same CTR ID code

very suspect, could it be a big mistake on nintendo behalf :P

Product Code is individually given to developers by Nintendo.
Maybe elisherer made mistake? I know when writing lists sometimes I duplicate parts by mistake.
I doubt Nintendo gaved out 2 of the same Product Codes. If so it would mean both retail cartridge would have same Product Code so I don't think it's probable.

I can't believe we're at almost 150 already in the 1st year xD
 

Ris312

Well-Known Member
Newcomer
Joined
Mar 5, 2011
Messages
59
Trophies
0
XP
92
Country
The Product IDs for both games are different for me...

CTR-P-AP8E = Paws_and_Claws_Pampered_Pets_Resort_3D_USA_3DS-VENOM
CRC: 3DE6F922 / MD5: 79328B179AEEC85DE4DC94C974915D9D)

CTR-P-ALDE = Lets_Ride_Best_in_Breed_3D_USA_3DS-VENOM
CRC: 586738A5 / MD5: 027BF04D858F3CC6A5094DDF72B82B5D

Note: CTR-P-ALDP is Doctor Lautrec and the Forgotten Knights (Europe)
Looks like you need to use the entire four letter ID to identify the game.

(edit: I'm using a hex-editor and looking at offset 0x4150 to get the ID)
 

Pong20302000

making notes on everything
OP
Member
Joined
Sep 8, 2009
Messages
8,076
Trophies
0
Location
One's inner self
Website
3dsdb.com
XP
2,305
Country
Something VERY interesting

VENOM dumps

145 and 146
SHARE the same CTR ID code

very suspect, could it be a big mistake on nintendo behalf :P

Product Code is individually given to developers by Nintendo.
Maybe elisherer made mistake? I know when writing lists sometimes I duplicate parts by mistake.
I doubt Nintendo gaved out 2 of the same Product Codes. If so it would mean both retail cartridge would have same Product Code so I don't think it's probable.

I can't believe we're at almost 150 already in the 1st year xD

i do the list not elisherer
its just hosted on his site :P

The Product IDs for both games are different for me...

CTR-P-AP8E = Paws_and_Claws_Pampered_Pets_Resort_3D_USA_3DS-VENOM
CRC: 3DE6F922 / MD5: 79328B179AEEC85DE4DC94C974915D9D)

CTR-P-ALDE = Lets_Ride_Best_in_Breed_3D_USA_3DS-VENOM
CRC: 586738A5 / MD5: 027BF04D858F3CC6A5094DDF72B82B5D

Note: CTR-P-ALDP is Doctor Lautrec and the Forgotten Knights (Europe)
Looks like you need to use the entire four letter ID to identify the game.

(edit: I'm using a hex-editor and looking at offset 0x4150 to get the ID)

hmmm must just be printed on the boxes wrong then

it was reported those 2 games have the same ID printed on the case and chip

i dont download and check the USA roms so thanks for letting me know

nice spot on Doctor Lautrec tho Doctor Lautrec and the Forgotten Knights Konami CTR-P-ADLE 12/13/11 US E10+
the USA code is stated the same as Lets Ride tho :wtf:
 

Ris312

Well-Known Member
Newcomer
Joined
Mar 5, 2011
Messages
59
Trophies
0
XP
92
Country
nice spot on Doctor Lautrec tho Doctor Lautrec and the Forgotten Knights Konami CTR-P-ADLE 12/13/11 US E10+
the USA code is stated the same as Lets Ride tho :wtf:

CTR-P-ADLE is the internal serial code for USA version of Doctor Lautrec and the Forgotten Knights
CTR-P-ALDE is the internal serial code for USA version of Let's Ride! Best in Breed 3D

The letters are switched around.
 

Pong20302000

making notes on everything
OP
Member
Joined
Sep 8, 2009
Messages
8,076
Trophies
0
Location
One's inner self
Website
3dsdb.com
XP
2,305
Country
nice spot on Doctor Lautrec tho Doctor Lautrec and the Forgotten Knights Konami CTR-P-ADLE 12/13/11 US E10+
the USA code is stated the same as Lets Ride tho :wtf:

CTR-P-ADLE is the internal serial code for USA version of Doctor Lautrec and the Forgotten Knights
CTR-P-ALDE is the internal serial code for USA version of Let's Ride! Best in Breed 3D

The letters are switched around.

lol okies

the list has them right then

i read to quick :D

hmm is the EUR CTR-ALDP or CTR-ADLP?
i cant check as not near my drive
dam things being so simular
 
General chit-chat
Help Users
    KennieDaMeanie @ KennieDaMeanie: https://youtube.com/shorts/G13Z04OGLVU?feature=share +1