How do they crack 1.4 firmware

Discussion in 'NDS - Flashcarts and Accessories' started by funem, Aug 4, 2009.

Page 1 of 2
Share This Page

Share This Page

  1. funem
    OP

    funem Retro Powered..

    Member
    1,160
    51
    Nov 4, 2006
    out of nowhere....
    I have been sitting around patiently awaiting the flashcard manufacturers that I have cards for to crack the firmware upgrade, and it has just stuck me, how will they crack it ? Think about it..

    To crack the upgrade they would need to dump the firmware to a media of some type and do whatever they need to with it, disassemble, hack or whatever... to dump it they would need to be able to run some code to dump it... where would they run the code from ?

    They cant run it from the SD slot and they cant run it from a flashcard as none work..

    If they can run the code from a media of some type ( SD or Flashcard ) then there would be no need to crack it as they would have already done so to run the code in the first place...

    Is the whole process trial and error or have they got a clever way to dump the firmware that we don't even know about..... ?

    makes you wonder.....


    [​IMG]
     
    #1 Aug 4, 2009


  2. Da-Bomb1

    Da-Bomb1 GBAtemp Advanced Fan

    Member
    795
    0
    Apr 19, 2009
    Canada
    BC, Canada
    They don't have to crack the firmware...they just have to figure out how nintendo blocked the flashcarts. Dumping the firmware isn't necessary.
     
    #2 Aug 4, 2009
  3. funem
    OP

    funem Retro Powered..

    Member
    1,160
    51
    Nov 4, 2006
    out of nowhere....
    And how do you do that without looking at the code... I am a programmer and a part time hacker *cough *cough so would like to know how you hack code you cant read
     
    #3 Aug 4, 2009
  4. Jakob95

    Jakob95 I am the Avatar

    Suspended
    4,344
    66
    Jan 15, 2009
    United States
    New York City
    Nintendo probelly juts blocked the Game ID of those Flashcarts. And now those flashcarts have to flash them self to make new Game ID.
     
    #4 Aug 4, 2009
  5. funem
    OP

    funem Retro Powered..

    Member
    1,160
    51
    Nov 4, 2006
    out of nowhere....
    Thought about that.. if that was true it would have been done by now...
     
    #5 Aug 4, 2009
  6. DeltaBurnt

    DeltaBurnt I'm bored

    Member
    3,353
    2
    Feb 21, 2009
    United States
    Where intellect matters
    Ehhhh I doubt they blocked a random Game ID that might be a really popular game.
     
    #6 Aug 4, 2009
  7. FAST6191

    FAST6191 Techromancer

    pip Reporter
    22,904
    8,561
    Nov 21, 2005
    Flash cards are not the same as real games, the teams will probably make a list of differences and brute force it. We may not know the DSi but we do know DS games.
    Looking at the various videos and prerelease shots over the years we know the teams have decent development hardware, personally I would clone an original game (or use an original with a sniffing/injection tool on the bus you have just intercepted and work from there).

    I also prattled on about a few things here:
    http://ezflash.sosuke.com/viewtopic.php?f=...940&start=6
     
    #7 Aug 4, 2009
  8. ccleanerfan

    ccleanerfan Member

    Newcomer
    14
    0
    May 23, 2009
    United States
    you dont seem so patient actually, it's only been like 3-4 days...
     
    #8 Aug 4, 2009
  9. xDlmaoxD

    xDlmaoxD GBAtemp Fan

    Member
    362
    0
    Jan 12, 2009
    United States
    Stop thinking too hard, thats all I have to say besides that they are a group of people that have more developing skills that they make money off of.
    They are not your little backyard dev trying to make a crappy homebrew game.
    They probably know a lot more about how the DS works and probably open up the DS and connect cables etc just like the DSi hack.
    Not really hard.
     
    #9 Aug 4, 2009
  10. Da-Bomb1

    Da-Bomb1 GBAtemp Advanced Fan

    Member
    795
    0
    Apr 19, 2009
    Canada
    BC, Canada
    ...in case if you didn't know, it's these "backyard devs" who drive the entire homebrew community. The people who are out for money never innovate; there's no money in it for them.
     
    #10 Aug 4, 2009
  11. xDlmaoxD

    xDlmaoxD GBAtemp Fan

    Member
    362
    0
    Jan 12, 2009
    United States
    We are talking about the DS not the Wii here.
    I was just answering the question as how they do it, and i stated clearly that they are in it for the money and not just for the hell of it.
    Read the whole thread please.
    The DS community is driven by these money hungry devs, but with the DSi there's a possibility that it can be exploited
    and we would not heavily rely on the flash carts.
     
    #11 Aug 5, 2009
  12. funem
    OP

    funem Retro Powered..

    Member
    1,160
    51
    Nov 4, 2006
    out of nowhere....
    Please explain how asking how you think they are going to do it is any way me being impatient, I am not saying why isnt it done by now or it should have been done by now, just wonder how they go about it....

    at FAST6191 :-

    If it was just a case of game ID's being blocked ( which I seriously doubt ) then, all you would need to do is use the game ID of the most popular game for the flashcard, that way it couldn't be blocked or you would block the original.

    I am guessing Nintendo are looking at the card itself to see what can be read on it. Most of the cards have a standard structure to the software they use for the menus, looking for anything of that type on the card, you could effectively profile what files a flash card has and block it. The only other way ( simplistically described ) would be to read the flash card itself and if it contained a crap load of .nds files ( or even just one ) you could block it.

    Cracking what they have done to the firmware therefore would be a huge job to rectify unless you can have a starting point like reading the firmware itself. To me its kinda chicken and egg, you cant read the firmware without being able to dump it and you cant dump it without already having bypass its protection and have a program to run and media to dump it onto.

    If the flash cards were using a different exploit in the OS to enable them to run, and now this has been patched, then we may find flash card companies cant patch round it and may have to start again.

    I was actually wondering if the firmware can be retrieved from the web by other means than the DSi. If you could read through the current firmware you could in theory use the code to identify the location on the web of the next firmware update retrieve it and dump it to a binary file on a PC, which would bypass the need to use a DSi. You could then decompile it and see what has been blocked.

    I can think of a number of other ways Nintendo could block flash cards, but I wouldn't list then here as there is no point giving them ideas if this firmware was cracked, for future updates.

    I am just intrigued how they would go about cracking it, other than brute force. Its all clever stuff....
     
    #12 Aug 5, 2009
  13. ashley.ince

    ashley.ince Advanced Member

    Newcomer
    51
    0
    Aug 5, 2009
    im not really intrested in how they do it as long as they do... anyhow they just get a dsi with 1.4 on it, take it apart and find out what makes it tick... they'll probe every chip and find out what info it needs to see coming off the game card then match that with there own firmware.
     
    #13 Aug 5, 2009
  14. Da-Bomb1

    Da-Bomb1 GBAtemp Advanced Fan

    Member
    795
    0
    Apr 19, 2009
    Canada
    BC, Canada
    ...fyi, all that the commercial developers who are out for money do is just stuff related to piracy. It's all of the people who program for a hobby who actually drive the real stuff.
     
    #14 Aug 5, 2009
  15. funem
    OP

    funem Retro Powered..

    Member
    1,160
    51
    Nov 4, 2006
    out of nowhere....
    For once can this stay on topic ? I don't care who is cracking it or it there is monetary motivation, the question is how they will achieve it...

    Sorry to be so blunt, but I hate it when threads go wildly off topic then get locked.

    Thx
     
    #15 Aug 5, 2009
  16. Da-Bomb1

    Da-Bomb1 GBAtemp Advanced Fan

    Member
    795
    0
    Apr 19, 2009
    Canada
    BC, Canada
    Sorry, but I don't think we can get anything productive out of this thread anyway...this is gbatemp we're talking about, not gbadev.
     
    #16 Aug 5, 2009
  17. ether2802

    ether2802 we have the techno...!!

    Former Staff
    4,350
    5
    Oct 14, 2007
    Mexico
    Pto. Vallarta
    IF you have a NAND reader/writter then you can put the files in your desktop and start dissemble the firmware, it takes time to do this, but if you have a team of people that get paid for doing this and know how to........then it takes few days to know what the FW has inside to block the cards, an how to reverse this block...!! [​IMG]

    .....not all is games, cards and the SD slot you know, the thing do has screws that you can easily take away.
     
    #17 Aug 5, 2009
  18. Da-Bomb1

    Da-Bomb1 GBAtemp Advanced Fan

    Member
    795
    0
    Apr 19, 2009
    Canada
    BC, Canada
    The firmware's encrypted. And you don't just need a "NAND reader/writer," you basically need to make everything by hand...it's not that simple. Still, they're making progress towards accessing the NAND and SD with just software. Dunno if it'll ever be released though...the guy who's working on it doesn't want his code to be used for piracy.
     
    #18 Aug 5, 2009
  19. bach3609

    bach3609 GBAtemp Fan

    Member
    367
    0
    May 31, 2009
    Loading................
    But what is the point of making it if its not gonna be released? xD Plus i sorta agree with the guy above there, you just get a NAND reader, and access the NAND memory with it, then you get to the source code and find the workaround to get through it. NAND readers are rare though, so it'll take some time. But anyhow, its possible.

    EDIT: Isn't the firmware located in the NAND memory anyhow? So you could just access the source code of the system files on the dsi in there and crack it. Then they get the workaround and wala!! the flashcard works again. Hmm it would also be really nice if they came out with a flashcard that can access the whole dsi memory system and alter whatever necessary changes there would be [​IMG] probably not likely currently, but it could in the future.
     
    #19 Aug 5, 2009
  20. Da-Bomb1

    Da-Bomb1 GBAtemp Advanced Fan

    Member
    795
    0
    Apr 19, 2009
    Canada
    BC, Canada
    .......won't work. There's no such thing as a simple "NAND reader." NAND isn't a specific thing, as much as it's just a storage medium...you'd have to make your own reader for that particular chip, and write your own code. And no, there's no source code on the NAND...I'm pretty sure that everything on it's encrypted. You'd have to find the common key before you can get any access to the files.
     
    #20 Aug 5, 2009
Page 1 of 2