Toggle sidebar

Differences between R4ISDHC and R4I-SDHC

  • Thread starter Thread starter moon_rabbit
  • Start date Start date
  • Views Views 7,345
  • Replies Replies 19
  • Likes Likes 3
moon_rabbit

moon_rabbit

Well-Known Member
Member
Level 5
Joined
May 6, 2022
Messages
238
Reaction score
133
Trophies
0
Age
36
Location
kor
XP
667
Country
Korea, South
Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.
 
Last edited by moon_rabbit,
  • Like
Reactions: SylverReZ, soulpower11 and Deleted member 702243
moon_rabbit said:
Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.
Click to expand...
R4ISDHC is different to R4i-SDHC.com. 2014+ cards will have DSTTi-DEMON hardware the same as R4i-SDHC. Earlier ones are based on R4iTT Acekard hardware.
 
Last edited by SylverReZ,
Yes.
Missing domain name may cause confusion with cards like .hk.
This is a comparison of r4isdhc.com and r4i-sdhc.com.
 
moon_rabbit said:
Reference URL
https://kynex.ovh/patching-the-timebomb-in-an-r4-flashcart.html

This only applies to cartridges from 2014 and later.

Firmware
The two are basically the same.
They just have a check key at 0x3000 ~ 0x3083 to prevent other kernels from running.

Due to this check key, R4ISDHC card cannot run 1.85 kernel of R4I-SDHC.
Conversely, r4i-sdhc cards cannot run 4.0 kernel of r4isdhc.

Of course, you can swap firmware or use a timebomb removed kernel.

Kernel
The key difference between the 1.85 and 4.0 kernels is in the map.bin file.
The 4.0 kernel can run Pokemon White 1-2 and Black 1-2, while 1.85 cannot.

Security bypass is related to the map.bin file and is linked to the r4.dat file.

I tried using the reference URL.
4.0 kernel was also able to bypass timebomb and verification, but it fails to drive Pokemon because the map.bin file is not properly linked.

There is no encryption in the kernel itself, but I gave up trying to analyze it due to encryption on the text and its complex structure.
Click to expand...
If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?
 
Jayro said:
If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?
Click to expand...
There are a lot of breakpoints in the kernel and there are almost 10 breakpoints that need to be fixed.
Probably timebomb and key check are at similar points, so it's not too hard.

For the 4.0 kernel, modified kernel runs fine.
Problem lies only in the security bypass.
Modified kernel will not be able to run Pokemon Black and White.

The biggest problem is that encryption applied in the kernel is quite tricky, as you can see from the reference URL.
Considering lack of completeness of the kernel, it's questionable if encryption was even necessary.
I understand key check, but I don't understand why they made timebomb.
Maybe it was a trap to sell another R4 to people who are not used to kernel swapping.
 
Jayro said:
If we have all this info, is there anything stopping us from modifying a kernel and firmware to run any that we want? Like disabling the key check?
Click to expand...
We can already use YSMenu and B4DS (TWiLight Menu++) on it, so it's been possible for quite a long while.
 
Jayro said:
For me it's the UI. I don't like YSMenu in the slightest. I prefer WoodR4's UI. It's everything you need, and no B.S. Easily skinnable too.
Click to expand...
Me too. Wood R4's UI is somewhat noob friendly and has more customizable options compared to the latter. Basic UI's arent my cup of tea.
 
Would it be possible to use twilightmenu on it with the wood r4/akaio theme, using ysmenu as the backend for running games? Then you get compatibility, with the wood ui
 
Yup, it's already possible to use YSMenu with TWLM++, no matter which TWLM++ skin you choose. Just following the installation guide will do the job.

I wouldn't say YSMenu is hot garbage, in the slightest lol
 
BETA215 said:
Yup, it's already possible to use YSMenu with TWLM++, no matter which TWLM++ skin you choose. Just following the installation guide will do the job.

I wouldn't say YSMenu is hot garbage, in the slightest lol
Click to expand...
Eh. It randomly freezes and locks up trying to create saves on two officially supported cards I have. Then it'll lock up when you scroll over that game until you plug the SD into your PC and delete the corrupt save.
It's pretty meh at best. I'm referring to the RGF releases
 
ebussy_foot said:
Eh. It randomly freezes and locks up trying to create saves on two officially supported cards I have. Then it'll lock up when you scroll over that game until you plug the SD into your PC and delete the corrupt save.
It's pretty meh at best. I'm referring to the RGF releases
Click to expand...
Might want to check if your SD card is not failing
 
The Catboy said:
There's props not much different since these companies tend to be the same and use the same hardware
https://gbatemp.net/threads/proof-t...hc-carts-are-literally-the-same-carts.514539/
Click to expand...
Although they are practically the same hardware, hardware revisions made before 2013(?) use a different firmware layout, and that they are not interchangeable with one another.

I have an original R4i 3DS WiFi card and at the beginning of the firmware there's no '20130628ver-6201' string. Flashing the R4i 3DS B9S firmware results in a brick.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Tutorial  Build DSi NAND from scratch

Homebrew app  A-Pix DS 0.4 – Pixel art editor for Nintendo DS/DSi!

Hardware Misc  JIS or Phillips: What to use on a DSi?

If someone is interested in something, let me know :)

Pokemon White

Hardware  After teardown nintendo dsi doesn't fit in its housing

Hacking  Save File corruptes:(

using the ds's mic as a practical one?