Hacking GW multirom demo

E

escherbach

Well-Known Member
Member
Level 3
Joined
Dec 26, 2013
Messages
271
Trophies
0
XP
263
Country
mathieulh said:
Not to kill your optimism, but it's actually there, they hid it cleverly by running it as MIPS instructions running on top of a CPU emulator, itself running from an ARM9 payload.

It is triggered when any of many specific checksums fail. The code itself uses various undocumented eMMC commands in conjunction to the AES hw engine. There is no practical use for these commands in the gateway firmware, other than to trigger the brick.

I could just paste the assembly here but:

1. You wouldn't understand any of it
2. I don't care nearly enough
3. There is going to be a "new" 3dslink/r4i 3ds gold/orange3DS... firmware within the next 24 hours of me doing it and I am certainly not going to do their work for them.
4. Anything that puts a halt to piracy can't be such a bad thing as far as I am concerned.
5. I would probably post it anyway just to shut people up if it wasn't for points 3 and 4
Click to expand...

Constant childish defensive replies like "we could post it but you wouldn't understand it" from yourself, profi200 and others entirely undermine your credibility.

There doesn't seem to be enough bricked consoles reported for a deterministic bricking algorithm to be present (ok a rand number test on 4 bits would still mean 1 in 16 consoles bricked - still far too large compared to reports)

Much more likely (I won't post the details you wouldn't understand) that specific emunand code to do with preventing real system updates is causing bricks in rare corner cases.

The (slightly) larger number of clone bricks is probably due to the larger number clone cards around (compared to gateway originals)
 
E

escherbach

Well-Known Member
Member
Level 3
Joined
Dec 26, 2013
Messages
271
Trophies
0
XP
263
Country
profi200 said:
Lol, and where do they say anything about the code? You missed the context.


You not even was able to do anything, i told you. I said you should check the CPU ID, instead you claim to know better. If everyone say it's ARM9, then it is. Even well known scene members would tell you it's ARM9. Do they all lie because of a such unimportant thing?

That's not just plaintext ARM disassembly, it's obfuscated MIPS similar code running in a CPU emulator. I know already, what comes now. How have we done it then? Maybe we have something to emulate the code and output, what the code doe's on the hardware/registers? (and to the other reader's: No, it's not a real 3DS emulator. It's made to emulate ARM9 code, but it will never be a real 3DS emulator).

You claim to understand things, but you don't. I put you on my ignore list and everything is fine.

€:
We run the entire code in the emulator, not just the MIPS code. That would be dumb.
Click to expand...

see above

and I've already told you a ARM11 is backward compatible with an ARM9 - nintendo may have it switch compatibility modes but there is physically ONE dual-core ARM11 in the 3DS
 
Habbert

Habbert

Well-Known Member
Member
Level 2
Joined
Nov 29, 2013
Messages
147
Trophies
0
Age
32
XP
185
Country
Canada
the_randomizer said:
You should have seen earlier this week, people are in a sense, deep-throating the GW, praising how great they are despite their stupidity
Click to expand...


I agree with you but I think the clone makers share the blame too for releasing copied code without fully inspecting it... R4i deserves just as much flak as gateway...
Just counting down the days until we wont need a flash cart at all and can run roms from the SD card with some homebrew... We should call it "BetterWay"
 
  • Like
Reactions: f0rCe and Huntereb
W

weatMod

Well-Known Member
Member
Level 13
Joined
Aug 24, 2013
Messages
3,311
Trophies
2
Age
47
XP
3,395
Country
United States
longxa762 said:
Why every sentence you make is to talk bad about Gateway? What flashcard are you using?
Click to expand...

i remember waiting ages for the dstwo team to release the video player plugin for their card, they broke their promises and deadlines many many times, the only thing is that when that steaming pile of shit was released nobody gave a fuck , but when GW team releases their multirom it is going to be epic in comparison to the dstwo video player plugin
they also delayed their snes smulator plugin a fukton of times ,and everyone loves scdstwo team today
 
N

Normmatt

Former AKAIO Programmer
Member
Level 10
Joined
Dec 14, 2004
Messages
2,161
Trophies
1
Age
33
Website
normmatt.com
XP
2,241
Country
New Zealand
escherbach said:
see above

and I've already told you a ARM11 is backward compatible with an ARM9 - nintendo may have it switch compatibility modes but there is physically ONE dual-core ARM11 in the 3DS
Click to expand...


No. There is a separate ARM9 possibly even an ARM7 as well. Obviously you know nothing so stop spreading crap.
 
  • Like
Reactions: profi200, Nightwish, mathieulh and 3 others
Habbert

Habbert

Well-Known Member
Member
Level 2
Joined
Nov 29, 2013
Messages
147
Trophies
0
Age
32
XP
185
Country
Canada
the_randomizer said:
Dude, don't dig up that past please, that's so uncool, I don't appreciate it all. But I still stand by the fact Gateway deserves all the flak it's been getting.
Click to expand...

Wow.... man that sucks... hate to say it, but why are you even here?
what version are you on? give me your cell ill text you when/if an exploit is ever discovered. lol
 
  • Like
Reactions: cearp, Yessy, oddMLan and 1 other person
Mr_Pichu

Mr_Pichu

かわいいね!
Member
Level 2
Joined
Dec 10, 2013
Messages
170
Trophies
0
XP
133
Country
United States
I was once a lonely level 40 wizard, but now I can get all the Men & Women I want. And yes, I do experience full release orgasms. Thank you Gateway 2.0 w/multirom support, you have changed my life.


Gateway asks: So, are you experienced? Have you ever been experienced?

Well, I have

 
M

mathieulh

Well-Known Member
Member
Level 6
Joined
Feb 28, 2008
Messages
378
Trophies
0
Website
keybase.io
XP
897
Country
France
escherbach said:
Constant childish defensive replies like "we could post it but you wouldn't understand it" from yourself, profi200 and others entirely undermine your credibility.

There doesn't seem to be enough bricked consoles reported for a deterministic bricking algorithm to be present (ok a rand number test on 4 bits would still mean 1 in 16 consoles bricked - still far too large compared to reports)

Much more likely (I won't post the details you wouldn't understand) that specific emunand code to do with preventing real system updates is causing bricks in rare corner cases.

The (slightly) larger number of clone bricks is probably due to the larger number clone cards around (compared to gateway originals)
Click to expand...
Don't take pseudo code for it's full value. No one fully understood the whole triggering factor yet. Especially the RNG part. I am pretty sure that one in the pseudo code is wrong even though it's involved I do think it's not initialized with time/date and that the actual RTC is used at some point.

If it was code to simply prevent system updates, there wouldn't be a need to hide it the way they did, there wouldn't be a need to trigger it whenever (and only ever) the ARM9 payload is modified

Just seeing that bricks happen because the eMMC gets locked and that no actual corruption of data occurs should be enough to tell you the bricks are engineered even if you don't have the code.
The eMMC get read/write protected after the bricks rather than just suffering from data corruption and gateway folks conveniently don't need a nand dump to restore your console...

When you see that the code makes use of data it captured from the eMMC commands along with the AES hardware, things start to make a lot more sense then.
 
  • Like
Reactions: McHaggis and profi200

Site & Scene News

Go to forum More news

Popular threads in this forum

I will Make you a 3DS custom theme if you don't know how!

Does anybody have the old Health and Safety Information CIA?

Better n64 emulator?

3DS cheats request?

Homebrew  Modified eshop to use <lets advertise some more!>'s servers?

Homebrew  3d on 3DS for unsupported games

Nazi themes on themeplaza

Translation Project  Monster Hunter Diary: Poka Poka Airou Village DX 3DS [English Translation]

General chit-chat
Help Users
  • No one is chatting at the moment.
    T @ Texasauras: SOLILOQUY