- Joined
- Jul 7, 2010
- Messages
- 3,882
- Trophies
- 2
- Location
- /dev/random
- Website
- www.gudenau.net
- XP
- 5,422
- Country
Speaking of which, anyone know how the GW carts work on a protocol level?
It is, but I would like to know if anyone figured it out at all. There is some interesting possibilities available with an FPGA and SD card in that slot.I think the source is private.
Because I'm extremely lazy!(Why aren't you documenting it, then! )
It's not like we can reprogram the FPGA...It is, but I would like to know if anyone figured it out at all. There is some interesting possibilities available with an FPGA and SD card in that slot.
If we knew how it worked we could, GW does it after all.It's not like we can reprogram the FPGA...
They have the encryption keys for their fpga.... we don't...... good luck bruteforcing thoseIf we knew how it worked we could, GW does it after all.
Do you know that it's encrypted beond the normal for GW?They have the encryption keys for their fpga.... we don't...... good luck bruteforcing those
iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.Do you know that it's encrypted beond the normal for GW?
You need to be very adept at reverse engineering to make much progress on their payloadsiirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.
Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
Where did you get this info? Could be an interesting project. Anyone have a GW to spare for tinkering?iirc their FPGA can crypt data with a key that can't (hasn't) been acquired by anyone, including clone companies. Part of how they lock ppl out of their enhanced modes or whatever. Clones would just grab the decrypted data and encrypt it with their own keys in their hacked-up binaries.
Check out Gateway's NATIVE_FIRM as well as their (final stage) arm9 payload to be able to reverse-engineer the business end of their cart and get it working elsewhere. Make sure yr already familiar with CTRCARD protocol tho! I've heard they implement an FS driver of some sort for their cart? I haven't looked into it myself b/c I don't own one and don't have GW payloads/idbs anymore.
If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.Where did you get this info? Could be an interesting project. Anyone have a GW to spare for tinkering?
Nah its easier than that... but I don't want them to fix itIf you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.
Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
Why not follow the arm11 stuff for the arm9 stuff? You can so that now.If you sift thru their some of their very old payloads you'll encounter it eventually, not super interesting tho.
Ironically, taking this thread for a complete 360 - probably the easiest way to get Gateway's most recent arm9-mode code for the uninitiated would be to do ntrcardhax on an exploitable GW version (which is any, i believe, since they don't actually update their FIRM with payload updates any more). Their firm relaunch implementation breaks firmlaunchhax iirc.
That's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!Why not follow the arm11 stuff for the arm9 stuff? You can so that now.
That is half the fun I'm sure!That's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!
Yeah working through their obfuscation payloads is fun... I wrote an emulator just to make that easier for myselfThat's the way they assumed people would try to reverse-engineer their work and it's (extremely) obfuscated due to exactly that. Trying to do so can teach you a lot about RE and obfuscation, though!
Sounds like something I would do.Yeah working through their obfuscation payloads is fun... I wrote an emulator just to make that easier for myself
AFAIK there's no pre-9.6 N3DS firmwares for KOR/CHN/TWN as well, so it'll come in handy for them.People may be asking why do we need this when there's already a9 sploits on 9.2.