Hacking Private Header question?

[NazoXIII]

How do Headers work on a basic level?

I play mostly scene dumps on my GW and a few private dumps from the net and its got me thinking:

What the heck is the purpose of headers, a lot of the game's I've opened up with a rom tool will show a nulled header full of F's (Which I assume creates a header that seems indistinguishable from any legitimate game, yet still public enough to get banned, somehow)

So, what exactly are Headers REALLY used for ?
Are they to determine the legitimacy of a cartridge or to check if a cartridge is I'm possibly loaded on more than one 3DS handheld?

And on that note, why are the two header types (Card1 & 2) not compatible with one another, assuming nintendo uses headers and cart ID's to see If a cartridge is active on more than one console, I want to change the headers of all the games I have to my copy of Mario Party Island Tour (a game I neither play, nor intend to), but I can't use the card1 header on a card2 game (or vice versa) and I can't get a straight answer why that is.

 

[Cyan]

The header is used for both online access and save encryption key.

when no online was possible, they used always the same method to encrypt/decrypt savegames, resulting in the possibility to share .save among users.
When they allowed online access, they needed to restore the use of the Cartridge ID, which is also used to encrypt the savegame.
To prevent losing existing save data, they decided to let user choose between fake header (.3ds) and real header (rename .3ds to .3dz).


The header full of FF or 00 are clean dumps.

The Cartridge ID header is NOT stored in the ROM chipset, gateway is adding it into the ROM dump for easy access.
The ID is retrived from the cartridge information.
When you dump a game and make a clean dump, it's full of 0xFF.
since gateway allow online access, if you dump a game using Gateway, it adds the cartridge ID into the "header" (an unused location at the beginning of the ROM dump) for easy access.



The Cartridge ID has two banks :
UniqueID and Chipset Info.
the chipset info is based on manufacturer, size, etc., the header data in the ROM dump MUST match the original cartridge's information. You can't use a different ChipsetID on different ROMs if they were initially manufactured by different producers.

The UniqueID can be interchanged between all games, but is not random and probably contains a checksum as editing part of it renders online impossible.
We don't know the pattern used by these ID yet. (I think nobody tried to understand what they really contained)

 

[NazoXIII]

The header is used for both online access and save encryption key.

when no online was possible, they used always the same method to encrypt/decrypt savegames, resulting in the possibility to share .save among users.
When they allowed online access, they needed to restore the use of the Cartridge ID, which is also used to encrypt the savegame.
To prevent losing existing save data, they decided to let user choose between fake header (.3ds) and real header (rename .3ds to .3dz).


The header full of FF or 00 are clean dumps.

The Cartridge ID header is NOT stored in the ROM chipset, gateway is adding it into the ROM dump for easy access.
The ID is retried from the cartridge information.
When you dump a game and make a clean dump, it's full of 0xFF.
since gateway allow online access, if you dump a game using Gateway, it adds the cartridge ID into the "header" (an unused location at the beginning of the ROM dump) for easy access.



The Cartridge ID has two banks :
UniqueID and Chipset Info.
the chipset info is based on manufacturer, size, etc.
The UniqueID is not random and probably contains a checksum as editing part of it renders online impossible.
We don't know the pattern used by these ID yet. (I think nobody tried to understand what they really contained)

Wow, That puts it all into perspective, Thanks!

My mind is blown wide open learning that it all started as a means to share save games though.
So basically, the UniqueID and Chipset Info are used together to determine what game it is.
And the UniqueID can be anything, but the Chipset is consistent to whatever game it is, meaning the UniqueID can be any ID and the Chipset has to be the one specific to that game, generating a usable cart ID?

That, in a way answer the next question I would've asked, being, What would keep two games using the same header (Common one being MGS3) from clashing save wise.

 

[Cyan]

All this was discovered by users experimenting with their headers.

You can find more info in this thread, and particularly on that post for manufacturer ID, size, card type :
[HOW-TO] Use Scene Dumps with GW 2.2 Online


You can use the same "uniqueID" on card1 and card2, but you need to edit the cartridge info (card type, card size, card manufacturer) to match the ROM dump's original hardware info.
Header editors should detect the ROM size, I don't know if they detect Card type, so you can edit the data manually now that you know the values.


The UniqueID is not used to determine where to save the savegame file or which filename to give to it.
It's only used as encryption key.

the save file is based on the TitleID, and the content inside that file is encrypted using the UniqueID.
So you can use the same ID for multiple games without issue, as long as you don't change the ID mid-game or the save will not be recognized and the game will probably format it due to corruption.
That's also why you can't start a game as .3ds and rename it later as .3dz without losing your progress. the header change, the encryption too.

Speculation only:
Maybe two different UniqueID could have the same savegame encryption key, if the ID itself is encrypted, it could contains a not so unique key, a game ID to check if the game is the correct one, more info, etc.
I guess without a database of existing UniqueID, it's hard to decypher the format.
there's not a lot of public ID, so not a lot of patterns to find from them.

 

[NazoXIII]

Well

All this was discovered by users experimenting with their headers.

You can find more info in this thread, and particularly on that post for manufacturer ID, size, card type :
[HOW-TO] Use Scene Dumps with GW 2.2 Online


You can use the same "uniqueID" on card1 and card2, but you need to edit the cartridge info (card type, card size, card manufacturer) to match the ROM dump's original hardware info.
Header editors should detect the ROM size, I don't know if they detect Card type, so you can edit the data manually now that you know the values.


The UniqueID is not used to determine where to save the savegame file or which filename to give to it.
It's only used as encryption key.

the save file is based on the TitleID, and the content inside that file is encrypted using the UniqueID.
So you can use the same ID for multiple games without issue, as long as you don't change the ID mid-game or the save will not be recognized and the game will probably format it due to corruption.
That's also why you can't start a game as .3ds and rename it later as .3dz without losing your progress. the header change, the encryption too.

Speculation only:
Maybe two different UniqueID could have the same savegame encryption key, if the ID itself is encrypted, it could contains a not so unique key, a game ID to check if the game is the correct one, more info, etc.
I guess without a database of existing UniqueID, it's hard to decypher the format.
there's not a lot of public ID, so not a lot of patterns to find from them.

Well that clears up any confusion I had.
Awesome, good to know I can use Card1 headers on card2, I can finally put that Mario Party to use!