How do they crack 1.4 firmware

Discussion in 'NDS - Flashcarts and Accessories' started by funem, Aug 4, 2009.

Aug 4, 2009

How do they crack 1.4 firmware by funem at 8:13 PM (3,372 Views / 0 Likes) 27 replies

  1. funem
    OP

    Member funem Retro Powered..

    Joined:
    Nov 4, 2006
    Messages:
    1,160
    Location:
    out of nowhere....
    Country:
    United Kingdom
    I have been sitting around patiently awaiting the flashcard manufacturers that I have cards for to crack the firmware upgrade, and it has just stuck me, how will they crack it ? Think about it..

    To crack the upgrade they would need to dump the firmware to a media of some type and do whatever they need to with it, disassemble, hack or whatever... to dump it they would need to be able to run some code to dump it... where would they run the code from ?

    They cant run it from the SD slot and they cant run it from a flashcard as none work..

    If they can run the code from a media of some type ( SD or Flashcard ) then there would be no need to crack it as they would have already done so to run the code in the first place...

    Is the whole process trial and error or have they got a clever way to dump the firmware that we don't even know about..... ?

    makes you wonder.....


    [​IMG]
     


  2. Da-Bomb1

    Member Da-Bomb1 GBAtemp Advanced Fan

    Joined:
    Apr 19, 2009
    Messages:
    795
    Location:
    BC, Canada
    Country:
    Canada
    They don't have to crack the firmware...they just have to figure out how nintendo blocked the flashcarts. Dumping the firmware isn't necessary.
     
  3. funem
    OP

    Member funem Retro Powered..

    Joined:
    Nov 4, 2006
    Messages:
    1,160
    Location:
    out of nowhere....
    Country:
    United Kingdom
    And how do you do that without looking at the code... I am a programmer and a part time hacker *cough *cough so would like to know how you hack code you cant read
     
  4. Jakob95

    Suspended Jakob95 I am the Avatar

    Joined:
    Jan 15, 2009
    Messages:
    4,344
    Location:
    New York City
    Country:
    United States
    Nintendo probelly juts blocked the Game ID of those Flashcarts. And now those flashcarts have to flash them self to make new Game ID.
     
  5. funem
    OP

    Member funem Retro Powered..

    Joined:
    Nov 4, 2006
    Messages:
    1,160
    Location:
    out of nowhere....
    Country:
    United Kingdom
    Thought about that.. if that was true it would have been done by now...
     
  6. DeltaBurnt

    Member DeltaBurnt I'm bored

    Joined:
    Feb 21, 2009
    Messages:
    3,353
    Location:
    Where intellect matters
    Country:
    United States
    Ehhhh I doubt they blocked a random Game ID that might be a really popular game.
     
  7. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,712
    Country:
    United Kingdom
    Flash cards are not the same as real games, the teams will probably make a list of differences and brute force it. We may not know the DSi but we do know DS games.
    Looking at the various videos and prerelease shots over the years we know the teams have decent development hardware, personally I would clone an original game (or use an original with a sniffing/injection tool on the bus you have just intercepted and work from there).

    I also prattled on about a few things here:
    http://ezflash.sosuke.com/viewtopic.php?f=...940&start=6
     
  8. ccleanerfan

    Newcomer ccleanerfan Member

    Joined:
    May 23, 2009
    Messages:
    14
    Country:
    United States
    you dont seem so patient actually, it's only been like 3-4 days...
     
  9. xDlmaoxD

    Member xDlmaoxD GBAtemp Fan

    Joined:
    Jan 12, 2009
    Messages:
    362
    Country:
    United States
    Stop thinking too hard, thats all I have to say besides that they are a group of people that have more developing skills that they make money off of.
    They are not your little backyard dev trying to make a crappy homebrew game.
    They probably know a lot more about how the DS works and probably open up the DS and connect cables etc just like the DSi hack.
    Not really hard.
     
  10. Da-Bomb1

    Member Da-Bomb1 GBAtemp Advanced Fan

    Joined:
    Apr 19, 2009
    Messages:
    795
    Location:
    BC, Canada
    Country:
    Canada
    ...in case if you didn't know, it's these "backyard devs" who drive the entire homebrew community. The people who are out for money never innovate; there's no money in it for them.
     
  11. xDlmaoxD

    Member xDlmaoxD GBAtemp Fan

    Joined:
    Jan 12, 2009
    Messages:
    362
    Country:
    United States
    We are talking about the DS not the Wii here.
    I was just answering the question as how they do it, and i stated clearly that they are in it for the money and not just for the hell of it.
    Read the whole thread please.
    The DS community is driven by these money hungry devs, but with the DSi there's a possibility that it can be exploited
    and we would not heavily rely on the flash carts.
     
  12. funem
    OP

    Member funem Retro Powered..

    Joined:
    Nov 4, 2006
    Messages:
    1,160
    Location:
    out of nowhere....
    Country:
    United Kingdom
    Please explain how asking how you think they are going to do it is any way me being impatient, I am not saying why isnt it done by now or it should have been done by now, just wonder how they go about it....

    at FAST6191 :-

    If it was just a case of game ID's being blocked ( which I seriously doubt ) then, all you would need to do is use the game ID of the most popular game for the flashcard, that way it couldn't be blocked or you would block the original.

    I am guessing Nintendo are looking at the card itself to see what can be read on it. Most of the cards have a standard structure to the software they use for the menus, looking for anything of that type on the card, you could effectively profile what files a flash card has and block it. The only other way ( simplistically described ) would be to read the flash card itself and if it contained a crap load of .nds files ( or even just one ) you could block it.

    Cracking what they have done to the firmware therefore would be a huge job to rectify unless you can have a starting point like reading the firmware itself. To me its kinda chicken and egg, you cant read the firmware without being able to dump it and you cant dump it without already having bypass its protection and have a program to run and media to dump it onto.

    If the flash cards were using a different exploit in the OS to enable them to run, and now this has been patched, then we may find flash card companies cant patch round it and may have to start again.

    I was actually wondering if the firmware can be retrieved from the web by other means than the DSi. If you could read through the current firmware you could in theory use the code to identify the location on the web of the next firmware update retrieve it and dump it to a binary file on a PC, which would bypass the need to use a DSi. You could then decompile it and see what has been blocked.

    I can think of a number of other ways Nintendo could block flash cards, but I wouldn't list then here as there is no point giving them ideas if this firmware was cracked, for future updates.

    I am just intrigued how they would go about cracking it, other than brute force. Its all clever stuff....
     
  13. ashley.ince

    Newcomer ashley.ince Advanced Member

    Joined:
    Aug 5, 2009
    Messages:
    51
    Country:
    United Kingdom
    im not really intrested in how they do it as long as they do... anyhow they just get a dsi with 1.4 on it, take it apart and find out what makes it tick... they'll probe every chip and find out what info it needs to see coming off the game card then match that with there own firmware.
     
  14. Da-Bomb1

    Member Da-Bomb1 GBAtemp Advanced Fan

    Joined:
    Apr 19, 2009
    Messages:
    795
    Location:
    BC, Canada
    Country:
    Canada
    ...fyi, all that the commercial developers who are out for money do is just stuff related to piracy. It's all of the people who program for a hobby who actually drive the real stuff.
     
  15. funem
    OP

    Member funem Retro Powered..

    Joined:
    Nov 4, 2006
    Messages:
    1,160
    Location:
    out of nowhere....
    Country:
    United Kingdom
    For once can this stay on topic ? I don't care who is cracking it or it there is monetary motivation, the question is how they will achieve it...

    Sorry to be so blunt, but I hate it when threads go wildly off topic then get locked.

    Thx
     
  16. Da-Bomb1

    Member Da-Bomb1 GBAtemp Advanced Fan

    Joined:
    Apr 19, 2009
    Messages:
    795
    Location:
    BC, Canada
    Country:
    Canada
    Sorry, but I don't think we can get anything productive out of this thread anyway...this is gbatemp we're talking about, not gbadev.
     
  17. ether2802

    Former Staff ether2802 we have the techno...!!

    Joined:
    Oct 14, 2007
    Messages:
    4,350
    Location:
    Pto. Vallarta
    Country:
    Mexico
    IF you have a NAND reader/writter then you can put the files in your desktop and start dissemble the firmware, it takes time to do this, but if you have a team of people that get paid for doing this and know how to........then it takes few days to know what the FW has inside to block the cards, an how to reverse this block...!! [​IMG]

    .....not all is games, cards and the SD slot you know, the thing do has screws that you can easily take away.
     
  18. Da-Bomb1

    Member Da-Bomb1 GBAtemp Advanced Fan

    Joined:
    Apr 19, 2009
    Messages:
    795
    Location:
    BC, Canada
    Country:
    Canada
    The firmware's encrypted. And you don't just need a "NAND reader/writer," you basically need to make everything by hand...it's not that simple. Still, they're making progress towards accessing the NAND and SD with just software. Dunno if it'll ever be released though...the guy who's working on it doesn't want his code to be used for piracy.
     
  19. bach3609

    Member bach3609 GBAtemp Fan

    Joined:
    May 31, 2009
    Messages:
    367
    Location:
    Loading................
    Country:
    Vietnam
    But what is the point of making it if its not gonna be released? xD Plus i sorta agree with the guy above there, you just get a NAND reader, and access the NAND memory with it, then you get to the source code and find the workaround to get through it. NAND readers are rare though, so it'll take some time. But anyhow, its possible.

    EDIT: Isn't the firmware located in the NAND memory anyhow? So you could just access the source code of the system files on the dsi in there and crack it. Then they get the workaround and wala!! the flashcard works again. Hmm it would also be really nice if they came out with a flashcard that can access the whole dsi memory system and alter whatever necessary changes there would be [​IMG] probably not likely currently, but it could in the future.
     
  20. Da-Bomb1

    Member Da-Bomb1 GBAtemp Advanced Fan

    Joined:
    Apr 19, 2009
    Messages:
    795
    Location:
    BC, Canada
    Country:
    Canada
    .......won't work. There's no such thing as a simple "NAND reader." NAND isn't a specific thing, as much as it's just a storage medium...you'd have to make your own reader for that particular chip, and write your own code. And no, there's no source code on the NAND...I'm pretty sure that everything on it's encrypted. You'd have to find the common key before you can get any access to the files.
     

Share This Page