Hacking Has anyone with a brick been able to recover?

[gamesquest1]

little statement from gateway, could be BS, but then again could be perfectly leit, but if its to be belived you can indeed restore bricks using "pretty simple hardware".....description kinda fits the raspberry and arduino imo...but who know hope it all works out, i only have a gateway, but i would prefer an open restore method than shipping my 3ds god knows where when i could just get hold of the hardware and do it myself ....kinda wanted to get a arduino for a while anyway just to have a mess about with

We cant show them how we know, because it
would help those cloners who are wasting our time, but if they knew, they
wouldn't bother as it is pretty obvious when you know and have pretty simple
hardware...

 

[bkifft]

I think this all is very interesting and I also want to learn all about Arduino and low level communication with components like eMMC. Can someone please post some good learning sites?

If you happen to be able to read german https://www.mikrocontroller.net/articles/AVR-Tutorial is a really nice introduction to microcontrollers in general, even if you don't want to tinker with the electronics part and instead want to use a predesigned platform like the arduino.

But I'd advise you to first get some programming experience (screen/keyboard input output, program flow conditionals (IF THEN, WHILE, FOR), datatypes function calls,... . in one word the basics) before you venture into "pointer hell". dosn't matter al that much which language, although most microcontrollers will be programmed in c or c++.

little statement from gateway, could be BS, but then again could be perfectly leit, but if its to be belived you can indeed restore bricks using "pretty simple hardware".....description kinda fits the raspberry and arduino imo...but who know hope it all works out, i only have a gateway, but i would prefer an open restore method than shipping my 3ds god knows where when i could just get hold of the hardware and do it myself ....kinda wanted to get a arduino for a while anyway just to have a mess about with

We cant show them how we know, because it
would help those cloners who are wasting our time, but if they knew, they
wouldn't bother as it is pretty obvious when you know and have pretty simple
hardware...

good to hear, thanks for sharing

 

[krisztian1997]

little statement from gateway, could be BS, but then again could be perfectly leit, but if its to be belived you can indeed restore bricks using "pretty simple hardware".....description kinda fits the raspberry and arduino imo...but who know hope it all works out, i only have a gateway, but i would prefer an open restore method than shipping my 3ds god knows where when i could just get hold of the hardware and do it myself ....kinda wanted to get a arduino for a while anyway just to have a mess about with

We cant show them how we know, because it
would help those cloners who are wasting our time, but if they knew, they
wouldn't bother as it is pretty obvious when you know and have pretty simple
hardware...

Only problem is if we cant communicate with the eMMC anymore on SPI because according to the standard it was removed... if that is true, then I have no idea how we can communicate with the controller. Accesing an sd card works already, I am working on a crc16 generator (never had to write one before, so its a pain in the ass for me to make one which works correctly), but neither me or ryuga has a bricked 3ds, so we cant test it with a console.

 

[gamesquest1]

i know this would be a bit dodgy but could you maybe try it in reverse....see if you can brick a console, if you can brick you should be able to reverse what you did to unbrick :S idk just an idea, if not you would have to try get someone to agree to send you their bricked 3ds to run your tests on, just depends if you can find a willing test subject XD

another idea could be looking for a really cheap 3ds even with a faulty mainboard....you should still be able to test your methods using that if nobody wants to send you a bricked console and you don't want to risk your own

 

[krisztian1997]

i know this would be a bit dodgy but could you maybe try it in reverse....see if you can brick a console, if you can brick you should be able to reverse what you did to unbrick :S idk just an idea, if not you would have to try get someone to agree to send you their bricked 3ds to run your tests on, just depends if you can find a willing test subject XD

another idea could be looking for a really cheap 3ds even with a faulty mainboard....you should still be able to test your methods using that if nobody wants to send you a bricked console and you don't want to risk your own

I would risk my own, but its a 3ds and soldering the wires on it is super hard, and I dont want to break anything. 3DS are very expensive and rare in my country, so I think that I cant find a broken one which is not overpriced, maybe someone on the forum who has soldering skills, a bricked 3ds is willing to buy an arduino and try some stuffs on it.

 

[obcd]

We know you can brick. Once it's bricked how would you reverse? It's not working anymore.
It could be usefull to monitor the communication between the 3ds and the eMMC at the moment of a brick, but I doubt someone is having a logic analyzer capable of monitoring such traffic in real time.
Even with that information, if they use a console specific passkey, it can't be used to unbrick other consoles.

 

[inian]

Or you can try only to communicate with controller of normal working 3ds, without doing anything destructive, reading status for example, just to confirm that SPI works

 

[Daku93]

I would risk my own, but its a 3ds and soldering the wires on it is super hard, and I dont want to break anything. 3DS are very expensive and rare in my country, so I think that I cant find a broken one which is not overpriced, maybe someone on the forum who has soldering skills, a bricked 3ds is willing to buy an arduino and try some stuffs on it.

Yes. Someone like me. I will try what I can do this weekend. My Arduinos are at my parents house so I have to wait until I am there. (I'll mod one of my arduinos to run at 3,3V before)

 

[krisztian1997]

We know you can brick. Once it's bricked how would you reverse? It's not working anymore.
It could be usefull to monitor the communication between the 3ds and the eMMC at the moment of a brick, but I doubt someone is having a logic analyzer capable of monitoring such traffic in real time.
Even with that information, if they use a console specific passkey, it can't be used to unbrick other consoles.

If I would have an 3ds xl, I could backup the nand, brick it with arduino, see if the bootloader error is the same, then send my passkey to it again to unbrick it... on a gateway bricked 3ds its posible to force erase the nand then restore the NAND backup made by emunand.

Yes. Someone like me. I will try what I can do this weekend. My Arduinos are at my parents house so I have to wait until I am there. (I'll mod one of my arduinos to run at 3,3V before)

You should get one of those SD card shield, they have a protection resistors on it, voltage dividers, and it wont fry your 3ds.

 

[inian]

i can try on bricked 3ds, but you have arduino and unfortunately at the moment i have possibility to do it with raspberry pi, you can't help me with software part...

 

[krisztian1997]

i can try on bricked 3ds, but you have arduino and unfortunately at the moment i have possibility to do it with raspberry pi, you can't help me with software part...

I never worked with a raspi before, but its based on linux so maybe there is a library somewhere to comunicate with the eMMC over the SPI ports, the only problem is that you will need an additional wire on dat 3.

 

[_Tim_]

Very unlikely to work but still worth mentioning... Try to unlock eMMC of Gateway bricked 3DS with wrong password. Dump eMMC RAM using not-so-secret-anymore vendor command (Samsung only?). Disassemble RAM contents. Hope that correct password is in there somewhere. Unlock eMMC with correct password.

 

[_Tim_]

Only problem is if we cant communicate with the eMMC anymore on SPI because according to the standard it was removed... if that is true, then I have no idea how we can communicate with the controller.

If SPI mode is not supported then use 1-bit MMC mode. Instead of two unidirectional lines (MISO/MOSI) for both command and data transfers you have two bi-directional lines (CMD/DAT0) for seperate command and data transfers.

 

[inian]

I never worked with a raspi before, but its based on linux so maybe there is a library somewhere to comunicate with the eMMC over the SPI ports, the only problem is that you will need an additional wire on dat 3.

extra wire is no problem at all... using library on linux, writing code? this is problem

 

[jochem77]

If you happen to be able to read german https://www.mikrocontroller.net/articles/AVR-Tutorial is a really nice introduction to microcontrollers in general, even if you don't want to tinker with the electronics part and instead want to use a predesigned platform like the arduino.

But I'd advise you to first get some programming experience (screen/keyboard input output, program flow conditionals (IF THEN, WHILE, FOR), datatypes function calls,... . in one word the basics) before you venture into "pointer hell". dosn't matter al that much which language, although most microcontrollers will be programmed in c or c++.



good to hear, thanks for sharing

I have programming experience, so that's not a problem. I also know something about bits and bytes, but I do not know anything about microcontrollers, commands, SPI, etc. I can read German a bit, but I prefer English (or Dutch ) So if anyone has a good English (or Dutch) tutorial that would be great. Maybe I still can participate in finding the solution of the bricked 3DS. Although it's more likely you all find the solution sooner than I.

 

[krisztian1997]

If SPI mode is not support then use 1-bit MMC mode. Instead of two unidirectional lines (MISO/MOSI) for both command and data transfers you have two bi-directional lines (CMD/DAT0) for seperate command and data transfers.

Thats gonna be a problem, I dont think that arduino can support bi-directional lines... and that means that I also have to write a new library from scratch, because almost every library is made for SPI communication.

 

[bkifft]

i can try on bricked 3ds, but you have arduino and unfortunately at the moment i have possibility to do it with raspberry pi, you can't help me with software part...

if you happen to have the 3DS hardware NAND dump mod already (four wires from the 3DS connected to SD formfactor pins) i might contact you soon-ish for a non destructive read test...

Very unlikely to work but still worth mentioning... Try to unlock eMMC of Gateway bricked 3DS with wrong password. Dump eMMC RAM using not-so-secret-anymore vendor command (Samsung only?). Disassemble RAM contents. Hope that correct password is in there somewhere. Unlock eMMC with correct password.

sadly shouldn't work, as the SD simply refuses to unlock when a wrong password is supplied and the standard requires the password to be unreadable from the outside. if it should work samsung wouldn't be allowed to sell those chips labeld as eMMC anymore (although granted, that would be quite funny).

 

[Cyberdrive]

Pong20302000 posted the following in a pinned GW brick thread:

Possible that the trigger for the Bricking code has been in the Gateway launcher as to why Official bricks are occurring

and relates to any file on the SD card being dated 4th Feb 2014 or later
so if someone either has a file with that date on there SD card or Puts Forward there Internal clock (for play coin cheating) thus when the 3DS next saves to the SD it creates a file with the date 4th Feb or Later then a Brick could occur

possible Kill Code found

0x10410,0x10) MMC_SET_BLOCKLEN
 
0x50c1b,0) //PROGRAM_CSD
 
0x50c2a,0x0) setpass
 
0x10410,0x200) MMC_SET_BLOCKLEN

Isn't 1st hex number a function call and 2nd a parameter?

 

[krisztian1997]

Pong20302000 posted the following in a pinned GW brick thread:

That code doesnt makes any sense... or maybe I am wrong Some parts of it do make sense.

 

[obcd]

Arduino io ports are biderectional as well. You can even connect an output port and an input port together. The output can drive the signal and the input can be used to read it back. You might need to add some BAT85 diodes, as the output shouldn't tie the signal to vcc. It should only pull it to gnd I assume. A diode can be used to get such behavour.
The bat85 has a very low forward treshold voltage. That's why it's better than a 1n4148 or 1n4007

It's not like you have to read the whole eMMC with it, so bitbanging might be a solution if there is no minimum clock speed.
The code for that could work on arduino and raspberry with minimal adjustment.