Differences between R4ISDHC and R4I-SDHC

[moon_rabbit]

Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.

 

[SylverReZ]

Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.

R4ISDHC is different to R4i-SDHC.com. 2014+ cards will have DSTTi-DEMON hardware the same as R4i-SDHC. Earlier ones are based on R4iTT Acekard hardware.

 

[soulpower11]

R4ISDHC is different to R4i-SDHC.com. These cards are usually either Ace3DS+ or R4DS Pro, depending on the make and year variant.

I think he's talking about r4isdhc.com cards. Anything from them that is 2014+ are demon cards.

 

[SylverReZ]

I think he's talking about r4isdhc.com cards. Anything from them that is 2014+ are demon cards.

That's what I'm at least trying to explain.

 

[moon_rabbit]

Yes.
Missing domain name may cause confusion with cards like .hk.
This is a comparison of r4isdhc.com and r4i-sdhc.com.

 

[Jayro]

Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.

If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?

 

[moon_rabbit]

If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?

There are a lot of breakpoints in the kernel and there are almost 10 breakpoints that need to be fixed.
Probably timebomb and key check are at similar points, so it's not too hard.

For the 4.0 kernel, modified kernel runs fine.
Problem lies only in the security bypass.
Modified kernel will not be able to run Pokemon Black and White.

The biggest problem is that encryption applied in the kernel is quite tricky, as you can see from the reference URL.
Considering lack of completeness of the kernel, it's questionable if encryption was even necessary.
I understand key check, but I don't understand why they made timebomb.
Maybe it was a trap to sell another R4 to people who are not used to kernel swapping.

 

[4d1xlaan]

Maybe it was a trap to sell another R4 to people who are not used to kernel swapping.

$$$ is always the answer

planned obsolescence, make it expire and tell your users they need to buy the new one

 

[BETA215]

If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?

We can already use YSMenu and B4DS (TWiLight Menu++) on it, so it's been possible for quite a long while.

 

[Jayro]

We can already use YSMenu and B4DS (TWiLight Menu++) on it, so it's been possible for quite a long while.

Yes, but YSMenu is hot garbage, I'd wanna use WOODR4 on it.

 

[4d1xlaan]

Yes, but YSMenu is hot garbage, I'd wanna use WOODR4 on it.

In terms of game compatibility, or it is just the ui?

 

[Jayro]

In terms of game compatibility, or it is just the ui?

For me it's the UI. I don't like YSMenu in the slightest. I prefer WoodR4's UI. It's everything you need, and no B.S. Easily skinnable too.

 

[SylverReZ]

For me it's the UI. I don't like YSMenu in the slightest. I prefer WoodR4's UI. It's everything you need, and no B.S. Easily skinnable too.

Me too. Wood R4's UI is somewhat noob friendly and has more customizable options compared to the latter. Basic UI's arent my cup of tea.

 

[4d1xlaan]

Would it be possible to use twilightmenu on it with the wood r4/akaio theme, using ysmenu as the backend for running games? Then you get compatibility, with the wood ui

 

[BETA215]

Yup, it's already possible to use YSMenu with TWLM++, no matter which TWLM++ skin you choose. Just following the installation guide will do the job.

I wouldn't say YSMenu is hot garbage, in the slightest lol

 

[Deleted member 704126]

Yup, it's already possible to use YSMenu with TWLM++, no matter which TWLM++ skin you choose. Just following the installation guide will do the job.

I wouldn't say YSMenu is hot garbage, in the slightest lol

Eh. It randomly freezes and locks up trying to create saves on two officially supported cards I have. Then it'll lock up when you scroll over that game until you plug the SD into your PC and delete the corrupt save.
It's pretty meh at best. I'm referring to the RGF releases

 

[soulpower11]

Eh. It randomly freezes and locks up trying to create saves on two officially supported cards I have. Then it'll lock up when you scroll over that game until you plug the SD into your PC and delete the corrupt save.
It's pretty meh at best. I'm referring to the RGF releases

Might want to check if your SD card is not failing

 

[Deleted member 704126]

Might want to check if your SD card is not failing

It's not and it's widely reported issue in the RGF YSMenu thread.

 

[The Catboy]

There's props not much different since these companies tend to be the same and use the same hardware
https://gbatemp.net/threads/proof-t...hc-carts-are-literally-the-same-carts.514539/

 

[SylverReZ]

There's props not much different since these companies tend to be the same and use the same hardware
https://gbatemp.net/threads/proof-t...hc-carts-are-literally-the-same-carts.514539/

Although they are practically the same hardware, hardware revisions made before 2013(?) use a different firmware layout, and that they are not interchangeable with one another.

I have an original R4i 3DS WiFi card and at the beginning of the firmware there's no '20130628ver-6201' string. Flashing the R4i 3DS B9S firmware results in a brick.