Hacking [stupid idea] Homebrew Game Carts?

gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
I came up with a stupid idea today, take the 3DS ROM format of some homebrew and shove it into a DIY game cart.

I know this is impracticle and stupid, I'm just kinda curious about how hard it would be to make a normal looking and feeling 3DS cart for homebrew on modded consoles.

I understand this wouldn't work without a CFW.

This is not intended as a piracy discussion.

This is for civil discussion and learning purposes.
 
Navonod

Navonod

Luigi from Luigi's Mansion
Member
Level 8
Joined
Sep 14, 2016
Messages
601
Trophies
0
Age
34
XP
1,549
Country
United States
Would be interesting. I always thought of cubic ninja as a homebrew game cart because that's all it's good for.

Edit: Would be nice to have all homebrew apps and cfw on a game cart with out having to modify the system in any way. Kinda how R4i flash carts work. But I don't see that happening honestly.
 
Last edited by Navonod,
zoogie

zoogie

playing around in the end of life
Developer
Level 25
Joined
Nov 30, 2014
Messages
8,560
Trophies
4
XP
15,493
Country
Micronesia, Federated States of
You should, in theory, be able to run homebrew on sky3ds carts.
I've edited commercial dumps with a byte here and there and they will still run with cfw sig patches.
The sky3ds will reject homebrew cci's built with makerom though.

Should be able to work with modifications, however.
 
  • Like
Reactions: gnmmarechal
gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
zoogie said:
You should, in theory, be able to run homebrew on sky3ds carts.
I've edited commercial dumps with a byte here and there and they will still run with cfw sig patches.
The sky3ds will reject homebrew cci's built with makerom though.

Should be able to work with modifications, however.
Click to expand...

Any idea what hardware is in there?

I should probably read the wiki too.

Edit:
Not much use.
 
Last edited by gudenau,
ThisIsDaAccount

ThisIsDaAccount

Well-Known Member
Member
Level 6
Joined
Apr 8, 2016
Messages
1,158
Trophies
0
XP
954
Country
United States
Sciresm has said on r/3dshacks that there's a key we need to make custom carts. Unfortunately, that key is not actually on the 3DS, it's on the carts themselves, so it won't be easy to dump. Gateway and Sky3DS have done it, but they obviously won't share it.

Edit: here's the source
 
Last edited by ThisIsDaAccount,
  • Like
Reactions: gnmmarechal
gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
ThisIsDaAccount said:
Sciresm has said on r/3dshacks that there's a key we need to make custom carts. Unfortunately, that key is not actually on the 3DS, it's on the carts themselves, so it won't be easy to dump. Gateway and Sky3DS have done it, but they obviously won't share it.

Edit: here's the source
Click to expand...

Interesting...

Guess I'll look into the sky thing, see if I can't find hardware pictures.

Edit:
Couldn't find any.
 
Last edited by gudenau,
D

Deleted User

Guest
ThisIsDaAccount said:
Sciresm has said on r/3dshacks that there's a key we need to make custom carts. Unfortunately, that key is not actually on the 3DS, it's on the carts themselves, so it won't be easy to dump. Gateway and Sky3DS have done it, but they obviously won't share it.

Edit: here's the source
Click to expand...
I wonder if this is what is preventing us from launching games from the SD card...
Well, one of the things at least

--------------------- MERGED ---------------------------

Sorry for double post, but I would just like to say that if we could write to our own gamecards, it would be amazing to have a cartridge with a custom sticker that has a ROM hack on it.
 
gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
blujay said:
I wonder if this is what is preventing us from launching games from the SD card...
Well, one of the things at least

--------------------- MERGED ---------------------------

Sorry for double post, but I would just like to say that if we could write to our own gamecards, it would be amazing to have a cartridge with a custom sticker that has a ROM hack on it.
Click to expand...

I mean, launching stuff off of a SD card is fairly easy. Just install as a CIA.

gnmmarechal said:
The Sky3DS is one I would like to own, but it is extremely expensive. I wouldn't mind having an EZ-Flash Redux either.
Click to expand...

I kinda want one right now just to take apart. :-P
 
D

Deleted User

Guest
Well, IIRC, the Gamecard controller is what receives the key and then sends the decrypted data to the system to read. The firmware for this is completely separate from ARM9 and probably won't be accessible without external hardwdare. I am not quite sure how you would take over this and get the key, but it is possible.

And theoretically, if we had this key, couldn't we encrypt what goes on the cartridge so that we could load it on stock? Probably wrong here, but just an idea.
 
gnmmarechal

gnmmarechal

Local ArcheAge Degen
Member
GBAtemp Patron
Level 17
Joined
Jul 13, 2014
Messages
6,104
Trophies
4
Age
26
Location
https://gs2012.xyz
Website
gs2012.xyz
XP
6,385
Country
Portugal
blujay said:
Well, IIRC, the Gamecard controller is what receives the key and then sends the decrypted data to the system to read. The firmware for this is completely separate from ARM9 and probably won't be accessible without external hardwdare. I am not quite sure how you would take over this and get the key, but it is possible.

And theoretically, if we had this key, couldn't we encrypt what goes on the cartridge so that we could load it on stock? Probably wrong here, but just an idea.
Click to expand...
Sigchecks are still a thing. Don't think it is the same key.
 
gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
blujay said:
Well, IIRC, the Gamecard controller is what receives the key and then sends the decrypted data to the system to read. The firmware for this is completely separate from ARM9 and probably won't be accessible without external hardwdare. I am not quite sure how you would take over this and get the key, but it is possible.

And theoretically, if we had this key, couldn't we encrypt what goes on the cartridge so that we could load it on stock? Probably wrong here, but just an idea.
Click to expand...

The 3DS carts are basically one chip, can't MITM it.
 
D

Deleted User

Guest
gudenau said:
The 3DS carts are basically one chip, can't MITM it.
Click to expand...
What you just said went right over my head. Can you explain what you mean? What I am saying is that the gamecard has the special key that gets sent to the Cart controller, which then decrypts the game, and then the decrypted data gets sent to the console.
 
gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
blujay said:
What you just said went right over my head. Can you explain what you mean? What I am saying is that the gamecard has the special key that gets sent to the Cart controller, which then decrypts the game, and then the decrypted data gets sent to the console.
Click to expand...

Uhm, your off the mark a bit.

So you know what HTTPS is right? That's basically what we are dealing with here. The communications between the console and the game cart are encrypted. On top of this there is the other encryption that also exists on CIA files and 3DS ROMs. I'll make a diagram when I get home.

--------------------- MERGED ---------------------------

blujay said:
Retail cartridges are signed? I didn't know that.
Click to expand...

Everything is signed, more or less.
 
gudenau

gudenau

Largely ignored
OP
Member
Level 17
Joined
Jul 7, 2010
Messages
4,096
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
6,754
Country
United States
jE8zbO7.png

I hope this is helpful. All the points where there is crypto on the top left block there are also signature checks, plus a couple that I did not put on there.

@blujay
 
Last edited by gudenau,
D

Deleted User

Guest
So, what are the checkmarks for? And why isn't there one next to Crypto on the Gamecart one?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulator  Azahar (3DS Emulator) got released !

Mh4u/Mhxx Cheats, ask me to make something I'll see if I can

Homebrew  Korean 3DS Firmware could add Themes in Official Home menu Theme Changer?

Hacking Homebrew Project  MHXX/MHGU Save Manager

Un-Hack New 3DS?

Bringing back nintendo network

Hacking Emulation Homebrew  How do we make a complete backup of sysnand and sd, including all save data and installed CIAs; and then restore that backup to a reformatted sysnand?

No sound on Twilight Menu++ on my 3DS

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://youtu.be/MhmsXl51EDU?t=55