hacking idea: flash the bios chip

Discussion in '3DS - Flashcards & Custom Firmwares' started by superspudz2000, Sep 28, 2013.

  1. superspudz2000
    OP

    superspudz2000 GBAtemp Advanced Fan

    Member
    562
    106
    Aug 23, 2007
    Canada
    .
    [​IMG]

    this is way past my level of understanding, but ill post my idea here anyway so you can laugh at my foolishness. on DS Lite and DSi, the bios chip is stored on a removable "block", i assume 3DS is the same.

    is it possible to re-flash the bios with custom firmware, by connecting the module to a hardware flasher?, i realize that reverse engineering the 3DS bios software is probably too hard, but maybe its possible to build custom software from the ground up to communicate with the 3DS hardware.

    then maybe some group could mass produce custom bios modules, it wouldn't require any soldering, and easy for the user to revert back.
     
  2. Chaldron

    Chaldron GBATemp's Official Attorney

    Member
    434
    238
    Mar 29, 2013
    United States
    `Murica
    BIOS wouldn't be able to hold much data. It's only used for the initial boot-sequence on a 3DS most likely.

    In fact, I think we'll never get a CFW. We'll be stuck with flashcarts, because although the 3DS is a great sales console, it's never seen the widespread usage of other consoles, such as the PS3, where hackers devote their attention.
     
  3. Rydian

    Rydian Resident Furvertâ„¢

    Member
    27,883
    8,107
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    That's not where the "firmware" is stored, it's stored in the NAND and is encrypted and the key isn't publicly known so you can't just flash custom stuff because it'll brick (until reflashed with the original).
     
    nukeboy95 likes this.
  4. superspudz2000
    OP

    superspudz2000 GBAtemp Advanced Fan

    Member
    562
    106
    Aug 23, 2007
    Canada
    its called the Wi-Fi Module, but people who bricked their ds with a failed Flashme install, have swapped this "module" to fix the problem.

    i assumed this module held all the software files, and the Flashme installation.
     
  5. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,168
    8,907
    Nov 21, 2005
    For the record on the DS BIOS =/= firmware. BIOS houses a bunch of functions used by the DS and games running on it (we call them BIOS compatible compressions for a reason) and the firmware a massive jumble of code and settings that gets launched by the DS and then used as reference afterwards. As the DS has basically no security in depth and is largely covered by the firmware then it becomes useful to hack it, other systems have had the BIOS act in a somewhat similar manner and it becomes useful to dump, alter and replace it there though such things are not without their own problems.
     
  6. profi200

    profi200 Banned

    Banned
    330
    216
    Sep 3, 2011
    Gambia, The
  7. superspudz2000
    OP

    superspudz2000 GBAtemp Advanced Fan

    Member
    562
    106
    Aug 23, 2007
    Canada
    wow im completely lost. i dont really understand.

    so going back to the DS Lite for a minute, lets say i start Flashme, then at 50% turn it off and corrupted, what actually happens to the DS Lite?

    are you saying that the wifi module on a ds lite contains system settings? then how does swapping modules repair the corrupted flashme installation if the curropted installation is stored in NAND which is on a different part of the motherboard? :wacko:
     
  8. Coto

    Coto GBAtemp Addict

    Member
    2,343
    394
    Jun 4, 2010
    Chile

    the DS firmware is 512KB, it holds the whole firmware in there (download play, boot from slot1 (with crypto stuff), boot from slot 2, the famous "ds firmware settings" that are stored on a NVRAM bank), which is on the wifi chip as well (beats me if it's on the same firmware chip, or a physical separate location)

    when you corrupt the firmware, depending on how you "recreate the block", you can fail fetching data on a certain block (like most chip stores plaintexted data, or not encrypted), or a whole page of block encrypted (that need the whole block to be recreated), and this means the whole block encrypted must have its data healthy. If you corrupt an encrypted page of block, then all the decrypted data will be garbage.

    on 3DS there is no NAND, there is e-MMC (think of SD's bigger brother), NAND is used on Wii, and DS uses SPI flash memory.