GPU RE : need everyone's help

Discussion in '3DS - Homebrew Development and Emulators' started by smealum, Jan 24, 2015.

  1. smealum
    OP

    smealum growing up sucks.

    Member
    635
    2,017
    May 1, 2006
    United States
    SF
    hi everyone.

    SHARED GOOGLE DOC FOR LISTING PROGRESS : https://docs.google.com/spreadsheets/d/19O3nOuo9E29GVSYsyODy37sq_TBbKYyfZSBIHR2X2xI/edit#gid=0

    as some of you may know i've put a lot of work into REing the 3DS's GPU so that it can be used for homebrew (as have others, such as staplebutter). we've made great progress but there's still a long way to go. one way we've been able to RE the hardware is by looking at the software that interfaces with it, and the software that runs on it.
    to put things simply, the GPU is programmable and can run things called shaders. shaders are made of a bunch of instructions, and we've so far identified every single one we've encountered. however, we can't be sure that we've found every one of them. one way to gain confidence that we have/haven't is simply to look at a bunch of games' shaders. however, i only own so many games, and the same goes for everyone else working on this.

    so what i'd like is for everyone capable of decrypting 3DS roms to pitch in by looking into the romfs partition of the games they own and letting us know what they find.

    all you need to do is decrypt your games, extract the romfs partition, search it for shader files and run those files through aemstro. then, look at aemstro's output and specifically search for the string "???". if you find it, let me know what game it was and what the filename was. it's that simple !

    finding the shader files might be tough for some games. if you're not sure whether you've found them all, please reflect that on the google doc sheet.

    easy ways to find shaders :
    - just run aemstro on the decrypted romfs blob (it will take a while but should find any uncompressed shader in there !)
    - look for .shbin, .sbin, .bch, .bcsdr, .bsm files in romfs

    you can find aemstro here : https://github.com/smealum/aemstro . you'll need python3 to run it.

    this may seem like a trivial task, and, well, it kind of is. however, it has the potential to be extremely helpful. if this works out well i'd love to crowdsource the search for more things in 3DS games in the future.

    thank you for your time and help; let me know if you have any questions.
     


  2. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,492
    3,878
    Jun 9, 2007
    Have you been keeping a list of games that have already been examined? No sense in duplicating work that's already been done.
     
    Relys likes this.
  3. Relys

    Relys Master of Computer Science

    Member
    863
    788
    Jan 5, 2007
    United States
    Maybe like a shared google doc?
     
  4. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,492
    3,878
    Jun 9, 2007
    Anything that's easily editable.
     
  5. smealum
    OP

    smealum growing up sucks.

    Member
    635
    2,017
    May 1, 2006
    United States
    SF
    yeah, i was considering a wiki but wasn't sure. google doc seems like a good idea, i'll create one.

    edit : alright, updated
     
  6. xem

    xem GBAtemp Regular

    Member
    125
    85
    Nov 22, 2014
    France
    Valbonne
    wouldn't it be easier to find an official 3DS SDK documentation? (assuming a 3DS SDK documentation contains these information, and assuming that we can find it)
     
  7. Cjuub

    Cjuub GBAtemp Regular

    Member
    196
    139
    May 25, 2006
    Maybe. But the SDK leak is illegal and afaik smea and co don't want to base their work on it, but rather find the information by reversing.
     
    SLiV3R likes this.
  8. xem

    xem GBAtemp Regular

    Member
    125
    85
    Nov 22, 2014
    France
    Valbonne
    It asks more effort, but it's cool to REing "legally" indeed
     
  9. Space Monkey

    Space Monkey Member

    Newcomer
    15
    9
    Aug 30, 2014
    Gambia, The
    And how would you verify that someone who contributes to this list will only look into roms he actually owns?
     
  10. gudenau

    gudenau Never a unique idea

    Member
    3,240
    1,216
    Jul 7, 2010
    United States
    /dev/random
    I have a few games not on here, I will work on them tomorrow.
     
  11. trastorillo

    trastorillo Newbie

    Newcomer
    6
    1
    Dec 13, 2014
    S-Pain
    Mmmhhhh. So, just couple of details. U r talking about games from eshop or card games...
    Is this data at the SD? Or we have to dump something. Could help, if it can be done throug ninhax. Just a dumb friendly tutorial could b handy.
     
  12. hippy dave

    hippy dave Butts Butts Megabutts

    Member
    2,570
    1,791
    Apr 30, 2012
    Eshop and card games would both be relevant.
     
  13. trastorillo

    trastorillo Newbie

    Newcomer
    6
    1
    Dec 13, 2014
    S-Pain
    Ok, gonna borrow a computer and ill try to figure out how to get to this data.
     
  14. DarkFlare69

    DarkFlare69 GBAtemp Psycho!

    Member
    4,626
    2,460
    Dec 8, 2014
    United States
    Ohio
    Mario Kart 7 doesn't seem to be on the list, I'll look at it later today. That's the only ROM I bothered ripping.
     
  15. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,193
    8,944
    Nov 21, 2005
    That is more benefit of the doubt, it is when people start using SDK variable names, making the same mistakes the SDK, suffering the same limits as the SDK and clearly being derived from the SDK that troubles appear.

    Back on topic. This would be a good time for the "every dump needs its XORPAD to go along with it". It reminds me though that I still have to get my every DS ROM analysis project up and running.
     
  16. smealum
    OP

    smealum growing up sucks.

    Member
    635
    2,017
    May 1, 2006
    United States
    SF
    very impressed with the number of games on that list already ! thanks everyone. :) keep going !

    it would also be easier to just use the SDK rather than try to build devkitarm, ctrulib, aemstro and such. it would also be completely and legal and take away what little legitimacy the homebrew scene has. so please keep this kind of comment to yourself in the future.
     
    NEP, daxtsu, mmn and 1 other person like this.
  17. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,193
    8,944
    Nov 21, 2005
    To be fair the original xbox also used a leaked SDK for the vast vast majority of its homebrew.

    Granted it had the knock on effect of making compiled binaries annoying to find and distribute which was not fun, give or take the eventual semi private FTP setup being more robust/long lived than similar vintage cheap/free web hosts and it seeing a lot of it get released as open source.
     
  18. DiscostewSM

    DiscostewSM GBAtemp Guru

    Member
    5,009
    2,641
    Feb 10, 2009
    United States
    Sacramento, California
    I've got a number of games not listed under the google doc (as of this moment), but I have no idea how to do this. Any links to what's required and how to go about this? All I have is 9.2, and using Ninjhax. No Gateway and such.
     
  19. themperror

    themperror GBAtemp Regular

    Member
    159
    33
    Aug 12, 2009
    Netherlands
    In order to decrypt games you need 4.x, I think you ARE able to downgrade with the gateway go exploit (you don't need a gateway for it), but downgrading hasn't be qualified as safe yet (though no bricks till now)
    After that just follow a guide to get XORPADS for a game and it'll explain it from there..
     
  20. DiscostewSM

    DiscostewSM GBAtemp Guru

    Member
    5,009
    2,641
    Feb 10, 2009
    United States
    Sacramento, California

    I was afraid of that. I'm not very keen on downgrading.