Hacking How do they crack 1.4 firmware

[funem]

I have been sitting around patiently awaiting the flashcard manufacturers that I have cards for to crack the firmware upgrade, and it has just stuck me, how will they crack it ? Think about it..

To crack the upgrade they would need to dump the firmware to a media of some type and do whatever they need to with it, disassemble, hack or whatever... to dump it they would need to be able to run some code to dump it... where would they run the code from ?

They cant run it from the SD slot and they cant run it from a flashcard as none work..

If they can run the code from a media of some type ( SD or Flashcard ) then there would be no need to crack it as they would have already done so to run the code in the first place...

Is the whole process trial and error or have they got a clever way to dump the firmware that we don't even know about..... ?

makes you wonder.....

 

[Da-Bomb1]

They don't have to crack the firmware...they just have to figure out how nintendo blocked the flashcarts. Dumping the firmware isn't necessary.

 

[funem]

They don't have to crack the firmware...they just have to figure out how nintendo blocked the flashcarts. Dumping the firmware isn't necessary.

And how do you do that without looking at the code... I am a programmer and a part time hacker *cough *cough so would like to know how you hack code you cant read

 

[Jakob95]

Nintendo probelly juts blocked the Game ID of those Flashcarts. And now those flashcarts have to flash them self to make new Game ID.

 

[funem]

Thought about that.. if that was true it would have been done by now...

 

[DeltaBurnt]

Ehhhh I doubt they blocked a random Game ID that might be a really popular game.

 

[FAST6191]

Flash cards are not the same as real games, the teams will probably make a list of differences and brute force it. We may not know the DSi but we do know DS games.
Looking at the various videos and prerelease shots over the years we know the teams have decent development hardware, personally I would clone an original game (or use an original with a sniffing/injection tool on the bus you have just intercepted and work from there).

I also prattled on about a few things here:
http://ezflash.sosuke.com/viewtopic.php?f=...940&start=6

 

[ccleanerfan]

you dont seem so patient actually, it's only been like 3-4 days...

 

[xDlmaoxD]

Stop thinking too hard, thats all I have to say besides that they are a group of people that have more developing skills that they make money off of.
They are not your little backyard dev trying to make a crappy homebrew game.
They probably know a lot more about how the DS works and probably open up the DS and connect cables etc just like the DSi hack.
Not really hard.

 

[Da-Bomb1]

Stop thinking too hard, thats all I have to say besides that they are a group of people that have more developing skills that they make money off of.
They are not your little backyard dev trying to make a crappy homebrew game.
They probably know a lot more about how the DS works and probably open up the DS and connect cables etc just like the DSi hack.
Not really hard.

...in case if you didn't know, it's these "backyard devs" who drive the entire homebrew community. The people who are out for money never innovate; there's no money in it for them.

 

[xDlmaoxD]

Stop thinking too hard, thats all I have to say besides that they are a group of people that have more developing skills that they make money off of.
They are not your little backyard dev trying to make a crappy homebrew game.
They probably know a lot more about how the DS works and probably open up the DS and connect cables etc just like the DSi hack.
Not really hard.

...in case if you didn't know, it's these "backyard devs" who drive the entire homebrew community. The people who are out for money never innovate; there's no money in it for them.

We are talking about the DS not the Wii here.
I was just answering the question as how they do it, and i stated clearly that they are in it for the money and not just for the hell of it.
Read the whole thread please.
The DS community is driven by these money hungry devs, but with the DSi there's a possibility that it can be exploited
and we would not heavily rely on the flash carts.

 

[funem]

you dont seem so patient actually, it's only been like 3-4 days...

Please explain how asking how you think they are going to do it is any way me being impatient, I am not saying why isnt it done by now or it should have been done by now, just wonder how they go about it....

at FAST6191 :-

If it was just a case of game ID's being blocked ( which I seriously doubt ) then, all you would need to do is use the game ID of the most popular game for the flashcard, that way it couldn't be blocked or you would block the original.

I am guessing Nintendo are looking at the card itself to see what can be read on it. Most of the cards have a standard structure to the software they use for the menus, looking for anything of that type on the card, you could effectively profile what files a flash card has and block it. The only other way ( simplistically described ) would be to read the flash card itself and if it contained a crap load of .nds files ( or even just one ) you could block it.

Cracking what they have done to the firmware therefore would be a huge job to rectify unless you can have a starting point like reading the firmware itself. To me its kinda chicken and egg, you cant read the firmware without being able to dump it and you cant dump it without already having bypass its protection and have a program to run and media to dump it onto.

If the flash cards were using a different exploit in the OS to enable them to run, and now this has been patched, then we may find flash card companies cant patch round it and may have to start again.

I was actually wondering if the firmware can be retrieved from the web by other means than the DSi. If you could read through the current firmware you could in theory use the code to identify the location on the web of the next firmware update retrieve it and dump it to a binary file on a PC, which would bypass the need to use a DSi. You could then decompile it and see what has been blocked.

I can think of a number of other ways Nintendo could block flash cards, but I wouldn't list then here as there is no point giving them ideas if this firmware was cracked, for future updates.

I am just intrigued how they would go about cracking it, other than brute force. Its all clever stuff....

 

[ashley.ince]

im not really intrested in how they do it as long as they do... anyhow they just get a dsi with 1.4 on it, take it apart and find out what makes it tick... they'll probe every chip and find out what info it needs to see coming off the game card then match that with there own firmware.

 

[Da-Bomb1]

We are talking about the DS not the Wii here.
I was just answering the question as how they do it, and i stated clearly that they are in it for the money and not just for the hell of it.
Read the whole thread please.
The DS community is driven by these money hungry devs, but with the DSi there's a possibility that it can be exploited
and we would not heavily rely on the flash carts.

...fyi, all that the commercial developers who are out for money do is just stuff related to piracy. It's all of the people who program for a hobby who actually drive the real stuff.

 

[funem]

We are talking about the DS not the Wii here.
I was just answering the question as how they do it, and i stated clearly that they are in it for the money and not just for the hell of it.
Read the whole thread please.
The DS community is driven by these money hungry devs, but with the DSi there's a possibility that it can be exploited
and we would not heavily rely on the flash carts.

...fyi, all that the commercial developers who are out for money do is just stuff related to piracy. It's all of the people who program for a hobby who actually drive the real stuff.

For once can this stay on topic ? I don't care who is cracking it or it there is monetary motivation, the question is how they will achieve it...

Sorry to be so blunt, but I hate it when threads go wildly off topic then get locked.

Thx

 

[Da-Bomb1]

Sorry, but I don't think we can get anything productive out of this thread anyway...this is gbatemp we're talking about, not gbadev.

 

[ether2802]

IF you have a NAND reader/writter then you can put the files in your desktop and start dissemble the firmware, it takes time to do this, but if you have a team of people that get paid for doing this and know how to........then it takes few days to know what the FW has inside to block the cards, an how to reverse this block...!!

.....not all is games, cards and the SD slot you know, the thing do has screws that you can easily take away.

 

[Da-Bomb1]

IF you have a NAND reader/writter then you can put the files in your desktop and start dissemble the firmware, it takes time to do this, but if you have a team of people that get paid for doing this and know how to........then it takes few days to know what the FW has inside to block the cards, an how to reverse this block...!!

.....not all is games, cards and the SD slot you know, the thing do has screws that you can easily take away.

The firmware's encrypted. And you don't just need a "NAND reader/writer," you basically need to make everything by hand...it's not that simple. Still, they're making progress towards accessing the NAND and SD with just software. Dunno if it'll ever be released though...the guy who's working on it doesn't want his code to be used for piracy.

 

[bach3609]

IF you have a NAND reader/writter then you can put the files in your desktop and start dissemble the firmware, it takes time to do this, but if you have a team of people that get paid for doing this and know how to........then it takes few days to know what the FW has inside to block the cards, an how to reverse this block...!!

.....not all is games, cards and the SD slot you know, the thing do has screws that you can easily take away.

The firmware's encrypted. And you don't just need a "NAND reader/writer," you basically need to make everything by hand...it's not that simple. Still, they're making progress towards accessing the NAND and SD with just software. Dunno if it'll ever be released though...the guy who's working on it doesn't want his code to be used for piracy.

But what is the point of making it if its not gonna be released? xD Plus i sorta agree with the guy above there, you just get a NAND reader, and access the NAND memory with it, then you get to the source code and find the workaround to get through it. NAND readers are rare though, so it'll take some time. But anyhow, its possible.

EDIT: Isn't the firmware located in the NAND memory anyhow? So you could just access the source code of the system files on the dsi in there and crack it. Then they get the workaround and wala!! the flashcard works again. Hmm it would also be really nice if they came out with a flashcard that can access the whole dsi memory system and alter whatever necessary changes there would be

probably not likely currently, but it could in the future.

 

[Da-Bomb1]

.......won't work. There's no such thing as a simple "NAND reader." NAND isn't a specific thing, as much as it's just a storage medium...you'd have to make your own reader for that particular chip, and write your own code. And no, there's no source code on the NAND...I'm pretty sure that everything on it's encrypted. You'd have to find the common key before you can get any access to the files.