patching the 2.0b2 loader???

Discussion in '3DS - Flashcards & Custom Firmwares' started by lafleche, Feb 24, 2014.

  1. lafleche
    OP

    lafleche GBAtemp Fan

    Member
    377
    81
    Jan 4, 2007
    Netherlands
    Hi,

    I am probably (surely?) making it sound far to simple but bear with me...

    In the early days it was claimed that the gateway loader was decrypted.
    What is keeping some clever guys (which I am not!) from patching the bricking code out of the b2 loader?

    On the windows platform all kind of patched executables and/or dll's are released on a daily basis to circumvent the copy protection of games/programs.

    I know that if it was that simple it would already have been done but if Gateway does a Get-away it would be our only hope playing the newer titles without the fear of bricking.
     


  2. satan89

    satan89 GBAtemp Fan

    Member
    359
    110
    Jan 30, 2014
    India
    Bangalore
    I think it's mostly because the people who know how to patch it are against piracy.
     
    NEP and cearp like this.
  3. gamesquest1

    gamesquest1 Nabnut

    Member
    14,118
    9,453
    Sep 23, 2013
    The checks would no doubt be coded into the firmware and removing/disabling them would have adverse effects elsewhere, also if I remember correctly the whole launcher wasn't decrypted, I think 1.2 was but 2.0b1 had extra encryption
     
  4. Pedeadstrian

    Pedeadstrian GBAtemp's Official frill-necked lizard.

    Member
    3,509
    1,560
    Oct 12, 2012
    United States
    Sandy Eggo
    It's either what the dude above me said, or that they never actually found the bricking code in the first place. If the former is true, it'd be possible for others that don't care about piracy to fix it. I can't imagine every single capable hacker is anti-piracy. That makes me think that they never actually found it.
     
  5. gamesquest1

    gamesquest1 Nabnut

    Member
    14,118
    9,453
    Sep 23, 2013
    Well from what I read, they didn't find the actual code, but they "saw" it in action by running the encrypted code through a simple 3ds emulator ( not a emulator like some people would want) but something that would "run" the encrypted code so they could see the results

    Kinda like looking at an engine running if it was made out of glass, the can see what is happening on the hardware, but they can't actually decrypt the code to change what happens....only look at it once it is running
     
  6. Pedeadstrian

    Pedeadstrian GBAtemp's Official frill-necked lizard.

    Member
    3,509
    1,560
    Oct 12, 2012
    United States
    Sandy Eggo
    I seem to recall actual code, but maybe it was falsified.
     
  7. gamesquest1

    gamesquest1 Nabnut

    Member
    14,118
    9,453
    Sep 23, 2013
    Well it could of been a replication of what the code needed to perform the actions would have to look like, more reverse engineering, I'm sure some of the top elite hackers would have more luck at actually modifying the code, but I think after the whole region free "safe" conclusions, they wouldn't want to risk releasing anything if they might of missed something else, they would need to be 100% sure there isn't another well hidden bit of code that could do something

    Don't forget the clone manufactures would no doubt be looking to pay someone to do it, and the fact they haven't had any success yet is probably an indication that it's not as simple as deleting a bit of code
     
  8. Neimod

    Neimod Banned

    Banned
    26
    77
    Jan 4, 2013
    Netherlands
    Exactly.
     
    NEP, satan89 and mathieulh like this.
  9. Arras

    Arras GBAtemp Guru

    Member
    5,857
    2,673
    Sep 14, 2010
    Netherlands
    Also risks. Even if you patch out some of the bricking code there might be more that hasn't been found and the result would only be more bricks. IIRC profi200 said somewhere he wouldn't touch b2 with a 50 feet pole and I agree 100%.
     
  10. masterzero

    masterzero GBAtemp Advanced Fan

    Member
    610
    102
    Apr 20, 2007
    the risks are moot when some people in this forum have recovered their 3ds from brick and installed a micro usb port in the process , making fixing it again really really easy. they could easily test the patched launchers for some time to see if they brick or not
     
  11. gamesquest1

    gamesquest1 Nabnut

    Member
    14,118
    9,453
    Sep 23, 2013
    Really really easy for some, fact is the additional costs of the raspberry pi and soldering required would be something most people could do without
     
  12. masterzero

    masterzero GBAtemp Advanced Fan

    Member
    610
    102
    Apr 20, 2007
    but do you read me ? the people who have the usb mod can easily try those patched firmwares for some time , if they brick something is still wrong but they can easily fix thru the usb. If not , people could start using them
     
  13. gamesquest1

    gamesquest1 Nabnut

    Member
    14,118
    9,453
    Sep 23, 2013
    Yeah but as has been discussed in the tread I made about the diagnostics bricking......it's impossible to prove that avoiding diagnostics is 100% safe! just if say 6 people test for a few weeks we might all get lucky and not get bricked, and then once everyone jumps onboard their is a piece of code that no testers ran in to, not to mention all it would take is 1 troll to come in and say they got bricked and the whole thing would be deemed confirmed to brick, kinda like 1 person saying b1 bricked them caused people to panic and avoid b1 even though it was 1 very vague and third hand report.... I'm surprised we haven't had a troll come along and say 1.2 bricked them too :P
     
  14. krisztian1997

    krisztian1997 GBAtemp Fan

    Member
    369
    146
    Dec 14, 2013
    Romania
    The code can be decrypted from what I remember, but the problem is that the bricking code and everything related to it is very obfuscated
     
  15. profi200

    profi200 Banned

    Banned
    330
    216
    Sep 3, 2011
    Gambia, The
    The code doing the eMMC lock is in the VCPU and all that stuff is heavily obfuscated. The emulator is indeed accurate enough to get usable results. We looked into the code, after locating it with the emulator, otherwise we could not be sure about it.

    But as already said, we are not interested to patch anything out, because it is to much risk and we don't help pirates.
     
    NEP, krisztian1997 and mathieulh like this.
  16. mathieulh

    mathieulh GBAtemp Fan

    Member
    335
    394
    Feb 28, 2008
    France

    In fact you only need to patch this code rather than every single checks that trigger it.
    Of course there might be another brick function hidden elsewhere but I doubt so.

    In the end patching Gateway launcher brings nothing to the homebrew scene as there are already tools available to execute your own payload in ARM9 context on the device, therefore it's understandable that most developers aren't interested in this endeavor.
     
    profi200 likes this.
  17. DRWS

    DRWS Advanced Member

    Newcomer
    58
    11
    Sep 19, 2010
    United States
    Before anyone says "OMG WTF 3DS EMULATOR?!" they are talking about a program that emulates the ARM CPUs used in the 3DS, like QEMU. It is just good enough to test the Gateway code, but does not emulate a 3DS.
     
  18. SilverfalconLP

    SilverfalconLP Advanced Member

    Newcomer
    75
    24
    Dec 23, 2013
  19. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,537
    21,496
    Sep 13, 2009
    Poland
    Gaming Grotto
    That's actually how all emulators start off. It emulates the 3DS's CPU's and is capable of running some code... which is a start. ;) Maybe once the scene properly kicks off, we'll see full-blown 3DS emulators, not necessarily for the sake of loading ROM's, rather for the sake of testing homebrew.
     
    d4mation likes this.
  20. R4iFanboi
    This message by R4iFanboi has been removed from public view by ProtoKun7, Feb 24, 2014, Reason: Try not to fall asleep on your keyboard again..
    Feb 24, 2014
  21. redkeyboard

    redkeyboard GBAtemp Advanced Fan

    Member
    627
    154
    Jan 8, 2013
    United States
    IIRC Normatt did patch out the code from 2.0b2, but there was still some deep brick code in there somewhere that got triggered.