Hacking Private Header question?

NazoXIII

Well-Known Member
OP
Newcomer
Joined
Aug 10, 2008
Messages
97
Trophies
0
XP
599
Country
United States
How do Headers work on a basic level?

I play mostly scene dumps on my GW and a few private dumps from the net and its got me thinking:

What the heck is the purpose of headers, a lot of the game's I've opened up with a rom tool will show a nulled header full of F's (Which I assume creates a header that seems indistinguishable from any legitimate game, yet still public enough to get banned, somehow)

So, what exactly are Headers REALLY used for ?
Are they to determine the legitimacy of a cartridge or to check if a cartridge is I'm possibly loaded on more than one 3DS handheld?

And on that note, why are the two header types (Card1 & 2) not compatible with one another, assuming nintendo uses headers and cart ID's to see If a cartridge is active on more than one console, I want to change the headers of all the games I have to my copy of Mario Party Island Tour (a game I neither play, nor intend to), but I can't use the card1 header on a card2 game (or vice versa) and I can't get a straight answer why that is.
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,719
Trophies
4
Age
44
Location
Engine room, learning
XP
15,431
Country
France
The header is used for both online access and save encryption key.

when no online was possible, they used always the same method to encrypt/decrypt savegames, resulting in the possibility to share .save among users.
When they allowed online access, they needed to restore the use of the Cartridge ID, which is also used to encrypt the savegame.
To prevent losing existing save data, they decided to let user choose between fake header (.3ds) and real header (rename .3ds to .3dz).


The header full of FF or 00 are clean dumps.

The Cartridge ID header is NOT stored in the ROM chipset, gateway is adding it into the ROM dump for easy access.
The ID is retrived from the cartridge information.
When you dump a game and make a clean dump, it's full of 0xFF.
since gateway allow online access, if you dump a game using Gateway, it adds the cartridge ID into the "header" (an unused location at the beginning of the ROM dump) for easy access.



The Cartridge ID has two banks :
UniqueID and Chipset Info.
the chipset info is based on manufacturer, size, etc., the header data in the ROM dump MUST match the original cartridge's information. You can't use a different ChipsetID on different ROMs if they were initially manufactured by different producers.

The UniqueID can be interchanged between all games, but is not random and probably contains a checksum as editing part of it renders online impossible.
We don't know the pattern used by these ID yet. (I think nobody tried to understand what they really contained)
 

NazoXIII

Well-Known Member
OP
Newcomer
Joined
Aug 10, 2008
Messages
97
Trophies
0
XP
599
Country
United States
The header is used for both online access and save encryption key.

when no online was possible, they used always the same method to encrypt/decrypt savegames, resulting in the possibility to share .save among users.
When they allowed online access, they needed to restore the use of the Cartridge ID, which is also used to encrypt the savegame.
To prevent losing existing save data, they decided to let user choose between fake header (.3ds) and real header (rename .3ds to .3dz).


The header full of FF or 00 are clean dumps.

The Cartridge ID header is NOT stored in the ROM chipset, gateway is adding it into the ROM dump for easy access.
The ID is retried from the cartridge information.
When you dump a game and make a clean dump, it's full of 0xFF.
since gateway allow online access, if you dump a game using Gateway, it adds the cartridge ID into the "header" (an unused location at the beginning of the ROM dump) for easy access.



The Cartridge ID has two banks :
UniqueID and Chipset Info.
the chipset info is based on manufacturer, size, etc.
The UniqueID is not random and probably contains a checksum as editing part of it renders online impossible.
We don't know the pattern used by these ID yet. (I think nobody tried to understand what they really contained)

Wow, That puts it all into perspective, Thanks!

My mind is blown wide open learning that it all started as a means to share save games though.
So basically, the UniqueID and Chipset Info are used together to determine what game it is.
And the UniqueID can be anything, but the Chipset is consistent to whatever game it is, meaning the UniqueID can be any ID and the Chipset has to be the one specific to that game, generating a usable cart ID?

That, in a way answer the next question I would've asked, being, What would keep two games using the same header (Common one being MGS3) from clashing save wise.
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,719
Trophies
4
Age
44
Location
Engine room, learning
XP
15,431
Country
France
All this was discovered by users experimenting with their headers.

You can find more info in this thread, and particularly on that post for manufacturer ID, size, card type :
[HOW-TO] Use Scene Dumps with GW 2.2 Online


You can use the same "uniqueID" on card1 and card2, but you need to edit the cartridge info (card type, card size, card manufacturer) to match the ROM dump's original hardware info.
Header editors should detect the ROM size, I don't know if they detect Card type, so you can edit the data manually now that you know the values.


The UniqueID is not used to determine where to save the savegame file or which filename to give to it.
It's only used as encryption key.

the save file is based on the TitleID, and the content inside that file is encrypted using the UniqueID.
So you can use the same ID for multiple games without issue, as long as you don't change the ID mid-game or the save will not be recognized and the game will probably format it due to corruption.
That's also why you can't start a game as .3ds and rename it later as .3dz without losing your progress. the header change, the encryption too.

Speculation only:
Maybe two different UniqueID could have the same savegame encryption key, if the ID itself is encrypted, it could contains a not so unique key, a game ID to check if the game is the correct one, more info, etc.
I guess without a database of existing UniqueID, it's hard to decypher the format.
there's not a lot of public ID, so not a lot of patterns to find from them.
 

NazoXIII

Well-Known Member
OP
Newcomer
Joined
Aug 10, 2008
Messages
97
Trophies
0
XP
599
Country
United States
Well
All this was discovered by users experimenting with their headers.

You can find more info in this thread, and particularly on that post for manufacturer ID, size, card type :
[HOW-TO] Use Scene Dumps with GW 2.2 Online


You can use the same "uniqueID" on card1 and card2, but you need to edit the cartridge info (card type, card size, card manufacturer) to match the ROM dump's original hardware info.
Header editors should detect the ROM size, I don't know if they detect Card type, so you can edit the data manually now that you know the values.


The UniqueID is not used to determine where to save the savegame file or which filename to give to it.
It's only used as encryption key.

the save file is based on the TitleID, and the content inside that file is encrypted using the UniqueID.
So you can use the same ID for multiple games without issue, as long as you don't change the ID mid-game or the save will not be recognized and the game will probably format it due to corruption.
That's also why you can't start a game as .3ds and rename it later as .3dz without losing your progress. the header change, the encryption too.

Speculation only:
Maybe two different UniqueID could have the same savegame encryption key, if the ID itself is encrypted, it could contains a not so unique key, a game ID to check if the game is the correct one, more info, etc.
I guess without a database of existing UniqueID, it's hard to decypher the format.
there's not a lot of public ID, so not a lot of patterns to find from them.


Well that clears up any confusion I had.
Awesome, good to know I can use Card1 headers on card2, I can finally put that Mario Party to use!
 

You may also like...

General chit-chat
Help Users
  • Veho @ Veho:
    Murrica.
    +1
  • K3N1 @ K3N1:
    Guess they didn't like the deal
    +1
  • Veho @ Veho:
    "OFFER ME THE PLANT BASED OPTION ONE MORE TIME I DARE YOU MOTHERFUCKER"
    +1
  • K3N1 @ K3N1:
    FUCK YO SIGN
    +1
  • K3N1 @ K3N1:
    CNN: Man shot over wanting a McChicken by disgruntled ex-McDonald employee
    +1
  • K3N1 @ K3N1:
    McDonald's later promoted the man to ceo
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    The McChicken is great.
  • Veho @ Veho:
    Yet another Anbernic.
  • K3N1 @ K3N1:
    @Veho, Seen the Arduboy Mini?
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    I've heard of the Arduboy.
  • M4x1mumReZ @ M4x1mumReZ:
    Didn't know a Mini one is out.
  • Veho @ Veho:
    Interdasting.
    +1
  • Veho @ Veho:
    But it doesn't have a speaker or battery.
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    Guess you could fit one in there.
  • Veho @ Veho:
    The contacts are there, and the device already has charge control circuitry, but you have to buy and solder the battery yourself.
    +1
  • Veho @ Veho:
    And that's too fiddly for ole' butterfingers over here.
    +1
  • Veho @ Veho:
    Gimme a finished product please.
    +1
  • Veho @ Veho:
    No rough edges either, I might hurt myself.
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    Nah, I can do it within a few mins.
  • Veho @ Veho:
    Well yes, I suppose you can, but I can't.
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    If it has a USB port, then you could perhaps try connecting a power bank.
  • Veho @ Veho:
    It has USB-C.
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    That should be alright.
    M4x1mumReZ @ M4x1mumReZ: That should be alright.