Creating a flashcart-questions

Discussion in '3DS - Flashcards & Custom Firmwares' started by midnight1001, Sep 21, 2011.

  1. midnight1001

    midnight1001 Advanced Member

    Jul 17, 2011
    Hi ill make this short:
    I just wanted to know quickly what kind of stuff is involed in making a flashcart and why is it so hard on the 3ds. For instance is the crown 3ds flashcart is real then why would it be restricted to 'one game' at the moment and why can it only have one rom pn it at a time surely all you have to do is add more space and a menu (which i know is one of the hardest bits in making a flashcart) or is it not that simple (obiously). I would also like to know what a GUI is exactly as i havent really gotten a 'official' definition.
  2. McHaggis

    McHaggis Fackin' Troller

    Oct 24, 2008
    A GUI is a "Graphical User Interface". In flashcart terms it refers to the main screen where you can select ROMs and change the settings, etc.

    Remember that pretty much everything in the Crown3DS thread that hasn't been announced by the Crown3DS team is merely speculation. We don't know that it's restricted to one game at a time - for all we know it could have a dual flash with a switch on the top to change between two games! [​IMG]

    In order to draw a menu to the 3DS screen, the Crown 3DS would need to be able to exploit the 3DS and inject its own code. Of course, without a menu it's very difficult to choose a ROM. What was shown in the video is a very early prototype. Nobody knows they don't have an exploit, but if they do they'll also have the difficult task of "coding in the dark", because nobody seems to know enough yet. Again, they could be light years ahead of what's available on 3DBrew for all we know, so this is just more speculation.

    Even if they can't create a GUI, there's no saying they couldn't take advantage of booting into DS mode to change the ROM (which would probably also require a switch on the card).
  3. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Jul 17, 2003
    Why would it be restricted to one game: Most likely because when the 3DS starts up it takes the rom header information so it can display the icon and the 3d graphics on the top screen. and they can't run unsigned code on it so they can't make a GUI therefore only one at a time. I wrote something a couple of days ago which should get around this, i'll have to find my post.

    It could be that they only have one ROM, but if that's the case they can just grab another unless there's a difference between the one they're using and the 3 that are currently available. (not encrypted?)

    You can't run unsigned code on the 3ds at the moment, so you can't make a GUI for it. you can't make a DS GUI for it as it will turn the 3ds off and put it into DS mode and all 3DS features are LOCKED OUT.

    Found my other posts:
    Other Thread

    By the time the cartridge gets accessed a register will be set that determines whether it's a DS or 3DS card, changing it in software will be improbable, best solution would be to have 2 bootloaders, one for DS and one for 3DS and a switch on the top of the cartridge to switch between the two, the micro SD card used can be the same assuming the software on the card is good enough to be able to do so, chances are you would need 2 card slots one for a fat16/32 for DS and the other as RAW for 3DS, one game at a time until homebrew is working on 3DS

    It's as simple as that, quite literally. Just 1GB or 2GB (for possible future proofing) of NAND flash on the card and a microSD card slot, ds mode can transfer the game to the NAND and the button/switch changes to 3DS mode to play the game. the act of copying a game to the NAND must first have a gamesave backup feature to backup your previous progress.

    Problem with NAND is the number of times data can be written to it and read from it, around 100,000 times is average i think, so still that's plenty. but if we had the capability to take apart the cartridge via a screw or something and then replace the NAND ourself that would be nice. all we would need is a NAND socket to place the NAND chip in so we don't have to solder anything. These could be sold separately via flash cart retailers for this use. But still you would be looking at getting about 20 years of average use from one flash chip unless you swap out the games lots of times a day 365 days a year. Not likely, but would be a great opportunity for expansion to more than 1 -2 GB of games come out that are enormous...

    That would be the first implementation of cards until homebrew is sorted for the 3DS
  4. Heran Bago

    Heran Bago Where do puyo come from?

    Nov 6, 2005
    United States
    Foggy California
    The history of how flash carts were developed on the GBA and NDS are well documented. It's a good read that will enlighten you on some of the challenge hackers face when trying to penetrate basic security systems.
  5. BlueStar

    BlueStar GBAtemp Psycho!

    Jan 10, 2006
    Short answer - real games are signed with a key. No-one has the key except Nintendo, and if you modify a game, the key is no longer vaild. You can make a menu, but there is no way of getting the 3DS to run it. If you can make an exact copy of a game you have a chance to run it without needing to defeat the security, but as soon as you start messing around trying to put two games or a menu on it, pop, key no longer valid, no workie.

    That's the best you can hope for until/unless you find a way of fucking with the system so it no longer checks for a key or you somehow manage to discover the keys (very unlikely)
  6. bowser

    bowser Mwa ha ha ha!

    Sep 1, 2008
    GBAtemp ↑↑↓↓← → ← →BA
    Then how do DS flashcarts work? Was the DS private key found?
  7. spinal_cord

    spinal_cord Knows his stuff

    Jul 21, 2007
    On January 24, 2006, it was revealed that the encryption on Nintendo DS Game Cards had been cracked by Martin Korth, author of the no$gba emulator.

    But as Old flash carts don't work on DSi or 3DS, I would assume that the encryption has changed in some way.
  8. T.Kuranari

    T.Kuranari GBAtemp Regular

    Aug 30, 2011
    I don't think the encryption has changed. DSi and 3DS just have superior security measures.
  9. mysticwaterfall

    mysticwaterfall Streamforce Supreme Commander

    Aug 11, 2008
    United States
    Right behind you
    The DSi/3DS do verification of game information and have an updateable "blacklist" of bad headers. The reason flashcarts show up as different games (alex rider, etc) is because they have enough of the header/game data to spoof this check. Nintendo blocks them by adding these headers to the blacklist and does checking beyond the amount of data that the flashcart has to see if it's the real game or not. This is why the game flashcarts spoof changes after firmware updates.

    Hackmii has a great explanation of the whole thing here:
  10. pachura

    pachura GBAtemp Advanced Fan

    Dec 9, 2006
    Of course. That's why I laugh when I read that flashcard companies are "working hard on hacking 3DS" [​IMG]
  11. heartgold

    heartgold GBAtemp Psycho!

    Sep 11, 2009
    Crown3DS seems like a flashcart company, does it not? [​IMG]
  12. koji2009

    koji2009 GBAtemp Maniac

    Mar 13, 2009
    United States
    As for DS cards running on 3DS/DSi, it's not simply a blacklist, if it was it would be very easy for the card creators to simply modify their headers WITHOUT having to use an official game.

    Instead, DSi/3DS use a combination of black and white listing coupled with a different form of encryption... The problem (for Nintendo anyways) is that they have to maintain backwards compatibility with old DSs. They can't simply use a completely different encryption scheme because then the old style DS's which can't be upgraded would be screwed...

    Basically the check goes something like this...

    -3ds/DSi checks the games header

    -If the game has the new code/encryption it is assumed the game is newer and it does a blacklist check of the executables (the arm7/9 bins) to make sure the games aren't known pirate cartridges, only after this check does it appear. A whitelist check isn't done since games are released far more often than system updates happen so the list would either be out of date.

    -If the game lacks this new code/encryption the game is assumed to be either pirate, or a game released prior to the DSi release. At which point the 3ds/DSi does a combination whitelist/blacklist check. First it checks that this older game is a known Nintendo approved and released game (thus instantly throwing out older flashcarts which had custom headers). During this check it also checks if the game is a known pirate duplicate (a blacklist comprising of the titles known to be used to conceal these carts) if the title IS a commonly used pirate game (like danny phantom) then a secondary check on the the executables is run to make sure they aren't known pirated ones.

    Nintendo doesn't maintain a complete whitelist for all games simply because it would take up quite a bit of additional storage on the DSi's limited system memory (though there should be more than enough to do this on the 3DS if they decide to go that route later on) plus it would require constant updates. As far as anyone knows, the 3DS doesn't currently run a white/black list on 3DS games, simply because there are no current hacks.. but it's impossible to be sure (they may have a "running list" of white listed games that they save up for each system update, but we won't know for sure till they can be decrypted).

    The simple fact that the current flashcarts can't have their custom headers/images anymore confirms that the new DS/i rom encryption hasn't been broken and probably won't simply because there is no reason to put that much effort into it when they have a perfectly working work around.
  13. midnight1001

    midnight1001 Advanced Member

    Jul 17, 2011
    Ok i have a much better understanding of how the flashcart works. So basically the 3ds is harder to crack because it has a lot more security. And to create a flasgcart similar to the ones for ds now we have to find the "key" for the 3ds games just like the ds code was found but the 3ds may take longer to find.
    One thing if this key was found would flashcarts be made immidiatly or will they take a while to develop and how was this "key" found- was iot an accident...?
  14. kevan

    kevan Imagination rules the world

    Dec 4, 2009
    Well of course they wouldn't just pop up, but they would probally come quick-ish.
  15. koji2009

    koji2009 GBAtemp Maniac

    Mar 13, 2009
    United States
    While there would have to be time for them to develop something... how fast the exploit could be deployed depends on whether it would require completely new hardware or not.

    Besides that it's also something Nintendo could patch relatively quickly.
  16. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Jul 17, 2003
    If we had the key then within a couple of days people should be able to turn the latest flashcards into 3DS flashcards with an update to the firmware of the cartridge to upgrade the bootrom parameters, Supercard should be one of the first due to their extra bootrom space, however to change between bootroms hasn't been supported yet. Also it depends if people want to share the Key if and when it's been extracted. it's nice having a powerful MIPS chip inside a cartridge isn't it. [​IMG]

    If Crown3DS releases their card i would give it a month before we get the first clones of the card as the cloning companies would have to buy a few and reverse engineer it bit by bit, it's a labourious task but it's worth a lot of money to them.

    Information when spread freely breeds creativity.
  17. iNFiNiTY

    iNFiNiTY GBAtemp Advanced Fan

    Apr 18, 2004
    Well the cloning problem is actually an issue of denying creativity as well... sometimes hacks are inevitably found by people interested purely in profit motives. Nothing wrong with that but in the current times your work gets copied immediately, so it might put people off from ever attempting it. Or putting their own security on their carts to delay cloning.

    See the PSJailbreak, that's a clever hack that probably deserved more than it got. Whoever found that hack might not even bother in future because i really doubt that specific original hardware made much money.

    Bit offtopic but yeah i don't believe this situation is particularly beneficial.. most of the important hacks are generally not people in it for the profit though. It feels like there was more interest however when you didn't know your hardware would be copied immediately. Another example is Datel; they have skilled people for sure and have done quite a lot of exploits over the years (including their own method to run DS carts on DSi i think?), but their niche of cheat carts is seemingly coming to an end with modern hardware unfortunately.