Hacking OK I've figured out the encryption sakura 1.34

[deviant.zero]

haha I've been watching from the sidelines

I've been using 1.34 2nd Edition since its come out on my Chinese cart. What do you mean by "unique" booting ability? Btw thanks for that demo vid Densetsu3000.. helped me set up my M3 Sakura settings as I can't actually read chinese.. I got my cart in HK but I live in AU

 

[Mr.Seiko]

haha I've been watching from the sidelines

I've been using 1.34 2nd Edition since its come out on my Chinese cart. What do you mean by "unique" booting ability? Btw thanks for that demo vid Densetsu3000.. helped me set up my M3 Sakura settings as I can't actually read chinese.. I got my cart in HK but I live in AU

You should be able to use the language translation that D3K posted earlier. Posted Here It's the messages.932 file.

Just download it, and put it in system/m3sakura/language You would need to rename it from messages.932 to messages.936 (or .949 or .950) as I'm not sure what message file it uses as the default language
And that should give you an english Menu



EDIT: Included Link to the English Translated Messages.932 file.

 

[gangsterboi]

Does this mean we have a translation that works?

 

[Beige]

Does this mean we have a translation that works?

Not yet, still cracking the region lock, but it looks like we're getting close

 

[Styles420]

I need better tools... trial and error is going to take a long time, does anyone know anything about how iamnobody traced the functions? I'm still trying to identify the pertinent pieces of code... but there are hundreds of similar pieces of code so the process of elimination is becoming ever tedious...

 

[AXYPB]

At the risk of sounding like a complete dolt, has anyone considered just asking M3 for support on this? I mean, they were kind enough to ask for the translation files assembled by the previous team.

 

[Mr.Seiko]

I'm assuming that the files contain ARM Code,

Perhaps Disassembly would give some information on what it's doing....



I haven't been able to find any disassemblers for ARM Code for Mac to investigate this further....
But something like IDA Pro would work well on PC, there seems to be a 30 Day Trial..

 

[Styles420]

At the risk of sounding like a complete dolt, has anyone considered just asking M3 for support on this? I mean, they were kind enough to ask for the translation files assembled by the previous team.

Well... since they went to so much trouble with the region lock this time, I guess I just assumed they don't want us doing this. In 1.12, the g6dsload.* files were essentially identical (if you do the XOR operation on all three headers to remove their unique encryption, then they come out to be the same). In 1.34 the two versions we have are different - most of the header is the same, but there are four pieces that differ. I'm currently trying to see if I can determine whether they're region specific for locking purposes, or just offsets due to the differences in language. But then, if they were able to do all languages without different offsets before... either these new codes are region lock pieces, or they purposefully moved things around to make it harder to unlock...

 

[Styles420]

I'm assuming that the files contain ARM Code,

Perhaps Disassembly would give some information on what it's doing....



I haven't been able to find any disassemblers for ARM Code for Mac to investigate this further....
But something like IDA Pro would work well on PC, there seems to be a 30 Day Trial..

I've been trying to use ADA to disassemble to ARM, but I don't know if I can do it correctly - I think ADA assumes only one processor, and I don't know if the code we're disassembling factors in both ARM processors, or just one - and which one, if that's the case. I'm really wishing I could get my hands on the professionals' tools for this one...

Good thinking, though - maybe I should give it another go, with the new patterns I've noticed - I might have better luck.

 

[Densetsu]

haha I've been watching from the sidelines

I've been using 1.34 2nd Edition since its come out on my Chinese cart. What do you mean by "unique" booting ability?Anyone with a Chinese or Japanese flashcart can boot this, but the majority of people who frequent these forums use the US/European flashcart, which can't boot v1.34. As Styles420 said in an earlier post, the files for the Chinese cart are more similar to the US/European cart compared to the Japanese cart, so you could probably test files in the SYSTEM folder with your cart and help the hackers isolate which file does what. No pressure though if you're not up for it. But I don't know anything about hacking, so it requires no skill. All you need is just the "unique ability" to boot the card.

Btw thanks for that demo vid Densetsu3000.. helped me set up my M3 Sakura settings as I can't actually read chinese.. I got my cart in HK but I live in AU

No problem, glad it helped!

As Mr.Seiko said, if you replace the language file I uploaded (see his post above for more details), it will convert your M3 to a fully English GUI. If copying the file to your card doesn't do anything, that means you'll have to rename it like Mr.Seiko said. Just change the .932 extension to one of these: .936 .949 or .950. I'm guessing that it's probably .936.

QUOTE(Styles420 @ Jan 22 2009, 12:18 PM)

I need better tools... trial and error is going to take a long time, does anyone know anything about how iamnobody traced the functions? I'm still trying to identify the pertinent pieces of code... but there are hundreds of similar pieces of code so the process of elimination is becoming ever tedious...

I wish I knew. As you know, iamanobody logs on only very sporadically, and even when he was here and busy hacking the firmware, he never replied directly to any of my PMs. He was just in and out, like a ninja. He's more ninja than me!

 

[Densetsu]

At the risk of sounding like a complete dolt, has anyone considered just asking M3 for support on this? I mean, they were kind enough to ask for the translation files assembled by the previous team.

I went straight to the source and asked Moonlight himself to help us unlock it (I wrote a rather lengthy e-mail, in Japanese no less to make sure he understood exactly what we were doing), but I guess he "ate my email without looking" like he said he would. I imagine that he's been inundated with e-mails as of late regarding the whole M3 fiasco, and my message was just one in a sea of them.

Sorry for the double post, but the quote limit per post is three, otherwise I would've included this in my last message.

*EDIT*
Heh, used the wrong quote. It's fixed now

 

[chuckstudios]

I'm assuming that the files contain ARM Code,

Perhaps Disassembly would give some information on what it's doing....



I haven't been able to find any disassemblers for ARM Code for Mac to investigate this further....
But something like IDA Pro would work well on PC, there seems to be a 30 Day Trial..

I've been trying to use ADA to disassemble to ARM, but I don't know if I can do it correctly - I think ADA assumes only one processor, and I don't know if the code we're disassembling factors in both ARM processors, or just one - and which one, if that's the case. I'm really wishing I could get my hands on the professionals' tools for this one...

Good thinking, though - maybe I should give it another go, with the new patterns I've noticed - I might have better luck.

The code you'd be disassembling targets only one of the processors - either the ARM9 or the ARM7. The file, however, could easily contain code for both processors starting at different points in the file. Also, what is ADA? I can't find anything relevant with Google.

 

[Styles420]

I'm assuming that the files contain ARM Code,

Perhaps Disassembly would give some information on what it's doing....



I haven't been able to find any disassemblers for ARM Code for Mac to investigate this further....
But something like IDA Pro would work well on PC, there seems to be a 30 Day Trial..

I've been trying to use ADA to disassemble to ARM, but I don't know if I can do it correctly - I think ADA assumes only one processor, and I don't know if the code we're disassembling factors in both ARM processors, or just one - and which one, if that's the case. I'm really wishing I could get my hands on the professionals' tools for this one...

Good thinking, though - maybe I should give it another go, with the new patterns I've noticed - I might have better luck.

The code you'd be disassembling targets only one of the processors - either the ARM9 or the ARM7. The file, however, could easily contain code for both processors starting at different points in the file. Also, what is ADA? I can't find anything relevant with Google.

ADA is supposed to IDA - my mistake

It stands for Interactive DisAssembler. Seems like a good program, but I'm still getting used to it - the last time I did any hex hacking, it was a simpler program with simpler methods, and a lot of nearly identical files to compare to. So I have the exposure to understand what I'm trying to do, but a little lacking in experience with this exact type of situation... (I've never really messed with multiprocessor applications before this, and I'm used to messing with programs that I can actually execute on the machine I'm using to crack them)

You make a good point about the code - I suppose I will just have to experiment until I find a piece that can be disassembled into code that references the known data sections - at this point the difficulty is in separating the code into data sections and code sections (some parts are stored information, but the disassembler can still try to interpret them into assembler code, it just won't be correct)

This section has been corrected, changes in bold

As a side note, I've discovered two addresses in the headers of the g6dsload.[rgn] files that appear to be unencrypted - 0x00000070 - 73 and 0x00000078 - 7B (that's four bytes and four bytes, respectively, in case I'm not clear enough). I just don't know if they're region identifiers or offsets...

@Densetsu - I just got an idea - I'd like to send you modified files with the values mentioned above switched around, to see if it prevents you from booting the JP version and/or allows you to boot the Chinese ver... I have to go to work soon, though, but if you're willing to try it out, I should be able to gather the files up and modify them by this weekend at the latest (I may be too tired tonight when I get off of work). I will work out some more details to this idea to set up the necessary tests. If these are region specific codes, I may have to study the different region touchpod files to see if there's a pattern that I can use to derive the English codes.

 

[Densetsu]

@Densetsu - I just got an idea - I'd like to send you modified files with the values mentioned above switched around, to see if it prevents you from booting the JP version and/or allows you to boot the Chinese ver... I have to go to work soon, though, but if you're willing to try it out, I should be able to gather the files up and modify them by this weekend at the latest (I may be too tired tonight when I get off of work). I will work out some more details to this idea to set up the necessary tests. If these are region specific codes, I may have to study the different region touchpod files to see if there's a pattern that I can use to derive the English codes.

Sure, send them on over! Anything I can do to help.

*EDIT*
I've already taken the necessary precautions, backed up all my files, etc. I'm good to go!

 

[Styles420]

Awesome, as soon as I have them ready, I'll PM you.

Also, I'm expanding the range of unencrypted data from my post above (I will edit it once I'm done with this post, this is just to bring everyone's attention to it)

 

[Mr.Seiko]

I may have some access to a PC over the next few days, but I won't be online.


So I downloaded the IDA Pro Trial, and I will mess around with that if I get a chance.


Hopefully we can come up with something.

 

[deviant.zero]

haha I've been watching from the sidelines

I've been using 1.34 2nd Edition since its come out on my Chinese cart. What do you mean by "unique" booting ability?

Anyone with a Chinese or Japanese flashcart can boot this, but the majority of people who frequent these forums use the US/European flashcart, which can't boot v1.34. As Styles420 said in an earlier post, the files for the Chinese cart are more similar to the US/European cart compared to the Japanese cart, so you could probably test files in the SYSTEM folder with your cart and help the hackers isolate which file does what. No pressure though if you're not up for it. But I don't know anything about hacking, so it requires no skill. All you need is just the "unique ability" to boot the card.

I'd be willing to help out

Just if you guys don't mind waiting till the 29th as I'm capped and my net is REALLY slow.. 10kB/s max..

 

[deviant.zero]

Btw thanks for that demo vid Densetsu3000.. helped me set up my M3 Sakura settings as I can't actually read chinese.. I got my cart in HK but I live in AU

No problem, glad it helped!

As Mr.Seiko said, if you replace the language file I uploaded (see his post above for more details), it will convert your M3 to a fully English GUI. If copying the file to your card doesn't do anything, that means you'll have to rename it like Mr.Seiko said. Just change the .932 extension to one of these: .936 .949 or .950. I'm guessing that it's probably .936.

Thanks for that guys! Seem to have skipped that post.. As you guys said, indeed the english translation did work once I changed it to .936 but when I try to access the language settings in the GUI, all three languages to pick from are "Language error!!' Is that supposed to happen? And also, in the NDS Rom Option menu, the "Soft-Reset /Real Time" label seems to have overlapped one of the options. Besides from these, the translations are flawless! Very much usable.

EDIT: Sorry for the double post

EDIT 2: The implemented Touchpod firmware hasn't been translated correct? Not that it matters much to me.. Just curious.

 

[Densetsu]

I'd be willing to help out

Just if you guys don't mind waiting till the 29th as I'm capped and my net is REALLY slow.. 10kB/s max..Awesome, though I'm hoping this gets cracked (or released) before then. If neither happens by then and we haven't all keeled over from exhaustion, your help will certainly be welcome.

QUOTE(deviant.zero @ Jan 22 2009, 03:35 PM) Thanks for that guys! Seem to have skipped that post.. As you guys said, indeed the english translation did work once I changed it to .936 but when I try to access the language settings in the GUI, all three languages to pick from are "Language error!!' Is that supposed to happen? And also, in the NDS Rom Option menu, the "Soft-Reset /Real Time" label seems to have overlapped one of the options. Besides from these, the translations are flawless! Very much usable.

EDIT: Sorry for the double post

EDIT 2: The implemented Touchpod firmware hasn't been translated correct? Not that it matters much to me.. Just curious.

I think I know why it says "Language error!!" The Asian firmware has options for 3 languages (Simplified Chinese, Traditional Chinese and Korean). The Japanese firmware has only the Japanese language. Since there are three choices of language for the Asian version and only one choice of language for the Japanese version, the Asian messages.936 file contains three lines of internal text that aren't in the Japanese messages.932 file. So when the firmware references the messages.936 file (in your case, the one that you renamed from the messages.932 file), it's trying to display lines that should be in the file, but aren't. That's why you see the "Language error!!" message where the names of the languages normally would be.

I pretty sure I can fix that, but could you upload the original messages.936 file from the Asian firmware? I'll re-upload the fixed file on the Sakura FAQ so anyone else in your situation (owns a Chinese M3 Real, but can't read Chinese) can use it. I'd download it myself, but then I'd have to install the Asian Sakura DSM encoder on my PC and go through the process of setting the SYSTEM folder up on the MicroSD card, etc. just to get the file (which may or may not require me to uninstall my current Japanese DSM encoder, in which case it would be even more of a pain in the ass

).

As for TouchPod, it hasn't been translated. You could try asking FiRsT-aNd-LaSt which file(s) are responsible for language in TouchPod, maybe he can tell you which files to replace on your flashcart since he figured out how to configure Rudolph's Japanese triple loader into English. I'm not sure if it's as simple as merely replacing files, but it doesn't hurt to ask.

 

[AXYPB]

Maybe there's a clue in the Moonlight 2.0 beta 5 source code or something? I wish I could be more helpful here but now I'm just throwing out ridiculous ideas hoping it will inspire someone who can actually do stuff.