Toggle sidebar

Hacking Switch Cartridge - Reverse Engineering

  • Thread starter Thread starter smiba
  • Start date Start date
  • Views Views 159,827
  • Replies Replies 185
  • Likes Likes 64
Status
Not open for further replies.
You know, if you make a custom PCB that mimics the pins of the cartridge but it's way taller, you can make use of the plastic from 1 2 switch and make an extender of the cartridge slot. Do you get what I'm trying to say? :p

That way it would be easier to attach all different kinds of devices in between to analyze the data.
 
  • Like
Reactions: peteruk
I'm thinking the exact same thing as Issac here. Ideally you would want to mimic those pads on one end of the PCB and then have a card slot on the other with a few test points (pads or through holes) located somewhere in the middle. This might be pricey, and unsure as to if the card holder can be bought.

Another option, since you now have two open cartages, could be to cut traces with an exacto and directly attach wires above the pads. That way you have wires hanging outside of the console to connect anywhere you want, ie to another cartages and oscope.
 
smiba said:
I don't think this is the case, but I guess time will tell. Adding CPU-Protection and stuff really adds up on production costs when you make millions of them.
Click to expand...

The data will be statically encrypted inside the chip and dynamically encrypted when transferred. In terms of the production cost at the volumes they will do, it is essentially free.

The cost of not adding adequate security is that Nintendo make no sales after week 1 due to flash carts and counterfeits.
 
Last edited by smf,
  • Like
Reactions: DayVeeBoi and pelago
JimmyZ said:
Criticizing is one kind of advice, and thanks for the correction.
Click to expand...
Eh, you're welcome.
Also, you have a point. But I think there could be better way to help the guy out, like telling him what you know so he could do better for example.
Just sayin' :D
 
ItsTheWolf said:
Eh, you're welcome.
Also, you have a point. But I think there could be better way to help the guy out, like telling him what you know so he could do better for example.
Just sayin' :D
Click to expand...
At least two people already did(said) that, we already have a userland exploit, the next step should be elevation and kernel access and dump the cart from there, they also said things like "good luck", I think that's just being polite, mostly probably, OP might have some soldering practice at best on current route.
 
JimmyZ said:
You're the one being ignorant, doing these thing requires certain set of skills like Roamin64 mentioned. honestly speaking, I don't see OP's qualified for the task, from what he's talking, he might be able to do a GBA flashcart, but no further.

I guess I'm going to be bashed for elitism again, you guys should learn the difference, Isaac Newton has never been able to pilot an airplane, that's not discriminating, that's just stating a fact.
Click to expand...

Your words would hold ground if you did something for the community or were a specialist in this category and even then you'd sound like a dick. Being a discouraging keyboard warrior does not make any of your points valid, you don't know him, he does whatever he wants. You're not his boss or manager, here he decides himself whether he has the set of skills required or not.
 
Ra1d said:
Your words would hold ground if you did something for the community or were a specialist in this category and even then you'd sound like a dick. Being a discouraging keyboard warrior does not make any of your points valid, you don't know him, he does whatever he wants. You're not his boss or manager, here he decides himself whether he has the set of skills required or not.
Click to expand...
Who said I'm his boss? and of course I can't stop him if he really want to do those pointless things, now you're just delusional.
 
For reference: https://3dbrew.org/wiki/Gamecards

3DS game cards have a custom-protocol ROM chip (or NAND flash in the case of Card-2). The wire protocol is initially unencrypted when it reads the header, but then it switches to an AES-encrypted mode. (DS cards also do this, but with an insecure scrambling algorithm and Blowfish instead of AES.)

Switch game cards probably use something similar.
 
Last edited by GerbilSoft, , Reason: +flash
  • Like
Reactions: DarthDub and Subtle Demise
this sounds very interesting, only reason i am getting a switch is in the hope roms can be dumped and i would like to help test, the console wont be updated so touch wood :D
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?