Differences between R4ISDHC and R4I-SDHC

moon_rabbit

moon_rabbit

Well-Known Member
OP
Member
Level 5
Joined
May 6, 2022
Messages
225
Trophies
0
Age
35
Location
kor
XP
537
Country
Korea, South
Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.
 
Last edited by moon_rabbit,
  • Like
Reactions: SylverReZ, soulpower11 and 4d1xlaan
SylverReZ

SylverReZ

GBATemp's Flashcart Owner
Member
Level 34
Joined
Sep 13, 2022
Messages
9,773
Trophies
7
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
31,020
Country
United Kingdom
moon_rabbit said:
Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.
Click to expand...
R4ISDHC is different to R4i-SDHC.com. 2014+ cards will have DSTTi-DEMON hardware the same as R4i-SDHC. Earlier ones are based on R4iTT Acekard hardware.
 
Last edited by SylverReZ,
moon_rabbit

moon_rabbit

Well-Known Member
OP
Member
Level 5
Joined
May 6, 2022
Messages
225
Trophies
0
Age
35
Location
kor
XP
537
Country
Korea, South
Yes.
Missing domain name may cause confusion with cards like .hk.
This is a comparison of r4isdhc.com and r4i-sdhc.com.
 
Jayro

Jayro

MediCat USB Dev
Developer
Level 27
Joined
Jul 23, 2012
Messages
14,111
Trophies
7
Location
WA State
Website
ko-fi.com
XP
19,457
Country
United States
moon_rabbit said:
Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.
Click to expand...
If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?
 
moon_rabbit

moon_rabbit

Well-Known Member
OP
Member
Level 5
Joined
May 6, 2022
Messages
225
Trophies
0
Age
35
Location
kor
XP
537
Country
Korea, South
Jayro said:
If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?
Click to expand...
There are a lot of breakpoints in the kernel and there are almost 10 breakpoints that need to be fixed.
Probably timebomb and key check are at similar points, so it's not too hard.

For the 4.0 kernel, modified kernel runs fine.
Problem lies only in the security bypass.
Modified kernel will not be able to run Pokemon Black and White.

The biggest problem is that encryption applied in the kernel is quite tricky, as you can see from the reference URL.
Considering lack of completeness of the kernel, it's questionable if encryption was even necessary.
I understand key check, but I don't understand why they made timebomb.
Maybe it was a trap to sell another R4 to people who are not used to kernel swapping.
 
Jayro

Jayro

MediCat USB Dev
Developer
Level 27
Joined
Jul 23, 2012
Messages
14,111
Trophies
7
Location
WA State
Website
ko-fi.com
XP
19,457
Country
United States
4d1xlaan said:
In terms of game compatibility, or it is just the ui?
Click to expand...
For me it's the UI. I don't like YSMenu in the slightest. I prefer WoodR4's UI. It's everything you need, and no B.S. Easily skinnable too.
 
  • Like
Reactions: 4d1xlaan and SylverReZ
SylverReZ

SylverReZ

GBATemp's Flashcart Owner
Member
Level 34
Joined
Sep 13, 2022
Messages
9,773
Trophies
7
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
31,020
Country
United Kingdom
Jayro said:
For me it's the UI. I don't like YSMenu in the slightest. I prefer WoodR4's UI. It's everything you need, and no B.S. Easily skinnable too.
Click to expand...
Me too. Wood R4's UI is somewhat noob friendly and has more customizable options compared to the latter. Basic UI's arent my cup of tea.
 
4d1xlaan

4d1xlaan

Well-Known Member
Member
Level 9
Joined
Apr 21, 2024
Messages
1,344
Trophies
1
XP
1,574
Country
United States
Would it be possible to use twilightmenu on it with the wood r4/akaio theme, using ysmenu as the backend for running games? Then you get compatibility, with the wood ui
 
BETA215

BETA215

Member not found
Member
Level 10
Joined
Dec 30, 2014
Messages
453
Trophies
1
Location
they/them | 0xDEAD brain
XP
2,284
Country
Argentina
Yup, it's already possible to use YSMenu with TWLM++, no matter which TWLM++ skin you choose. Just following the installation guide will do the job.

I wouldn't say YSMenu is hot garbage, in the slightest lol
 
D

Deleted member 704126

Well-Known Member
Newcomer
Level 2
Joined
May 4, 2024
Messages
67
Trophies
0
XP
181
BETA215 said:
Yup, it's already possible to use YSMenu with TWLM++, no matter which TWLM++ skin you choose. Just following the installation guide will do the job.

I wouldn't say YSMenu is hot garbage, in the slightest lol
Click to expand...
Eh. It randomly freezes and locks up trying to create saves on two officially supported cards I have. Then it'll lock up when you scroll over that game until you plug the SD into your PC and delete the corrupt save.
It's pretty meh at best. I'm referring to the RGF releases
 
soulpower11

soulpower11

Member
Newcomer
Level 4
Joined
Sep 12, 2009
Messages
24
Trophies
1
XP
505
Country
Singapore
ebussy_foot said:
Eh. It randomly freezes and locks up trying to create saves on two officially supported cards I have. Then it'll lock up when you scroll over that game until you plug the SD into your PC and delete the corrupt save.
It's pretty meh at best. I'm referring to the RGF releases
Click to expand...
Might want to check if your SD card is not failing
 
SylverReZ

SylverReZ

GBATemp's Flashcart Owner
Member
Level 34
Joined
Sep 13, 2022
Messages
9,773
Trophies
7
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
31,020
Country
United Kingdom
The Catboy said:
There's props not much different since these companies tend to be the same and use the same hardware
https://gbatemp.net/threads/proof-t...hc-carts-are-literally-the-same-carts.514539/
Click to expand...
Although they are practically the same hardware, hardware revisions made before 2013(?) use a different firmware layout, and that they are not interchangeable with one another.

I have an original R4i 3DS WiFi card and at the beginning of the firmware there's no '20130628ver-6201' string. Flashing the R4i 3DS B9S firmware results in a brick.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Emulation ROM Hack  Any good Pokemon NDS Pokemon rom hacks?

Hardware  What are the weirdest R4 cards you have or found?

Tutorial  Converting Video Files for the DSTWO

Homebrew  BL2CKOS A Wood Clone for Acecard clones

Chrono Trigger high contrast text hack

Do you recommend any nds visual novels?

I get a guru meditation error whenever I try to play Tsukihime through vnds

Homebrew Misc  cannont find calico.h devkitpro error in vscode

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Skelletonike @ Skelletonike:
    Or just rumoured?
  • K3Nv3 @ K3Nv3:
    Nothings been confirmed directly from Nintendo yet
  • Skelletonike @ Skelletonike:
    I haven't been up to date tbh
  • BigOnYa @ BigOnYa:
    I think the carts will be bigger flash size, and have a new lotus 4 protections so that can't be dumped say with a MIG dumper
     +1
  • SylverReZ @ SylverReZ:
    @BigOnYa, That's what I was thinking before when I last mentioned the Switch 2 gamecards.
     +1
  • SylverReZ @ SylverReZ:
    Different Lotus ASIC with additional protection which could break MIG support, larger NAND size for bigger games, etc.
     +1
  • K3Nv3 @ K3Nv3:
    Watch it be defeated by opening the cart
  • Skelletonike @ Skelletonike:
    I wonder if there could be some denuvo on the carts
  • K3Nv3 @ K3Nv3:
    Probably but kind of pointless it'll be a while before anyone gets any dumps out
  • K3Nv3 @ K3Nv3:
    Iirc it was the clip thing that triggered the og exploit but now since switch 2 uses clip in pins that's out the window
  • Skelletonike @ Skelletonike:
    Wasn't that fixed in the mariko and oled?
  • K3Nv3 @ K3Nv3:
    Yeah but that's how they get dumps you need some type of cfw
     +2
  • K3Nv3 @ K3Nv3:
    Pin layout for carts is probably redesigned in different orders to where it wouldn't even be compatible with mig anyway
     +1
  • Skelletonike @ Skelletonike:
    Honestly, I just want to see all the people asking how to pirate stuff that can't be pirated.
  • Skelletonike @ Skelletonike:
    Those are the fun days. z.z
  • Skelletonike @ Skelletonike:
    Or when people brick stuff. It's morbidly fun. z.z
     +1
  • BigOnYa @ BigOnYa:
    Pins will be the same, will just use a different lotus protocol prob. https://gbatemp.net/threads/change-the-lotus3-gamecard-asic-ic-to-a-emmc-is-possible.637373/
     +1
  • K3Nv3 @ K3Nv3:
    Not believing any leaked details tell it's official Nintendo could easily swap ground to data and that'd be enough for an entire new layout
     +1
  • K3Nv3 @ K3Nv3:
    512gb ssds are just $35 now may order one for the ps3
  • Skelletonike @ Skelletonike:
    Eurovision has some pretty good songs this year. I hate how the worst possible song won for Portugal
  • Skelletonike @ Skelletonike:
    https://www.youtube.com/watch?v=FEwGycfC59c
  • Skelletonike @ Skelletonike:
    this song got the most votes by the public, but none of the judges voted in favour, so she didn't win.
  • Skelletonike @ Skelletonike:
    Tsk tsk
  • Psionic Roshambo @ Psionic Roshambo:
    Dr Strange, the best gynecologist in the multiverse!
  • K3Nv3 @ K3Nv3:
    How many times have you seen him this week
    K3Nv3 @ K3Nv3: How many times have you seen him this week