Toggle sidebar

Hacking Switch Cartridge - Reverse Engineering

  • Thread starter Thread starter smiba
  • Start date Start date
  • Views Views 159,825
  • Replies Replies 185
  • Likes Likes 64
Status
Not open for further replies.
GorrillaRIBS said:
I'd go with .ns - if there's no third letter, why add one?
Click to expand...
Probably because .ns is a "namespace" file and is already taken?

Not that it matters since people just use whatever anyway.
I mean .3ds used to be 3d object files.
 
Last edited by Zan',
  • Like
Reactions: Subtle Demise
i have read this reverse engineering thing before, what does it do ?
more like what actually is reverse engineering ?
 
leonmagnus99 said:
i have read this reverse engineering thing before, what does it do ?
more like what actually is reverse engineering ?
Click to expand...

reverse engineering is breaking something apart to learn about it's core concepts/priniciples and how it works.

in this case game cartridge is broken apart, then it's circuit board is carefully observed to find the purpose of each component on it.

all this research helps you make r4 type cartridge for switch in return
 
  • Like
Reactions: leonmagnus99
gundamu said:
reverse engineering is breaking something apart to learn about it's core concepts/priniciples and how it works.

in this case game cartridge is broken apart, then it's circuit board is carefully observed to find the purpose of each component on it.

all this research helps you make r4 type cartridge for switch in return
Click to expand...

wow interesting, cool thanks for the info !
 
In this case and in many cases what we reverse is protected by patents, so we can't release clones stuff but we can share schematics and code that isn't owned by Nintendo, it's why we are not publishing CFW but only patching stuff (there is not Nintendo's codes inside), broads selled for cold boot exploit work the same way it just inject little chunks of code in memory.

So if someone find a way to create a fake cartridge he have to be smart to avoid patents issues and the best way is to let a team working without having a switch (just by sharing enough knowledge to let them work) so they will find solutions without cloning stuff.
 
  • Like
Reactions: Noroxus
The first ever genuine raw dump of a Nintendo Switch Game Card will have the .ns file extension. Also, don't be surprised to find that the ROM is encrypted. I also wouldn't be surprised if the ROM is encrypted with a Game Card-unique key, which has a different key for every Game Card manufactured. And if that ends up happening, that raw dump won't ever be playable, even if an emulator gets made, because the person who dumped it didn't extract the unique encryption key for the ROM.

So if anyone is trying to dump the contents of a Nintendo Switch Game Card, please make sure you extract everything, from every chip found on the Game Card, not just the flash memory that contains the encrypted game.
 
  • Like
Reactions: Subtle Demise
Platinum Lucario said:
The first ever genuine raw dump of a Nintendo Switch Game Card will have the .ns file extension. Also, don't be surprised to find that the ROM is encrypted. I also wouldn't be surprised if the ROM is encrypted with a Game Card-unique key, which has a different key for every Game Card manufactured. And if that ends up happening, that raw dump won't ever be playable, even if an emulator gets made, because the person who dumped it didn't extract the unique encryption key for the ROM.

So if anyone is trying to dump the contents of a Nintendo Switch Game Card, please make sure you extract everything, from every chip found on the Game Card, not just the flash memory that contains the encrypted game.
Click to expand...
There is literally one chip.
 
  • Like
Reactions: TotalInsanity4 and gamesquest1
Platinum Lucario said:
The first ever genuine raw dump of a Nintendo Switch Game Card will have the .ns file extension. Also, don't be surprised to find that the ROM is encrypted. I also wouldn't be surprised if the ROM is encrypted with a Game Card-unique key, which has a different key for every Game Card manufactured. And if that ends up happening, that raw dump won't ever be playable, even if an emulator gets made, because the person who dumped it didn't extract the unique encryption key for the ROM.

So if anyone is trying to dump the contents of a Nintendo Switch Game Card, please make sure you extract everything, from every chip found on the Game Card, not just the flash memory that contains the encrypted game.
Click to expand...
Actually this is the case since the Wii, it depends how well Nintendo protects the root encryption key
 
Platinum Lucario said:
The first ever genuine raw dump of a Nintendo Switch Game Card will have the .ns file extension. Also, don't be surprised to find that the ROM is encrypted. I also wouldn't be surprised if the ROM is encrypted with a Game Card-unique key, which has a different key for every Game Card manufactured. And if that ends up happening, that raw dump won't ever be playable, even if an emulator gets made, because the person who dumped it didn't extract the unique encryption key for the ROM.

So if anyone is trying to dump the contents of a Nintendo Switch Game Card, please make sure you extract everything, from every chip found on the Game Card, not just the flash memory that contains the encrypted game.
Click to expand...

should be .hac
 
Platinum Lucario said:
The first ever genuine raw dump of a Nintendo Switch Game Card will have the .ns file extension. Also, don't be surprised to find that the ROM is encrypted. I also wouldn't be surprised if the ROM is encrypted with a Game Card-unique key, which has a different key for every Game Card manufactured. And if that ends up happening, that raw dump won't ever be playable, even if an emulator gets made, because the person who dumped it didn't extract the unique encryption key for the ROM.

So if anyone is trying to dump the contents of a Nintendo Switch Game Card, please make sure you extract everything, from every chip found on the Game Card, not just the flash memory that contains the encrypted game.
Click to expand...


You must have one hell of a crystal ball to be able to predict the future like that.
 
  • Like
Reactions: gamesquest1, Pluupy and DarthDub
I'm sure that since the game cards only have one flash memory chip, the ROM data itself more than likely to be encrypted with either a common key (like the Wii), or using multiple keys and scrambling it with the key in the Nintendo Switch system (like the Nintendo 3DS). But if I had to take a guess, it would probably end up using a very similar encryption and key scrambling method, like the 3DS uses.

If anyone manages to dump a ROM of a game, I honestly don't mind what file extension it gets named or anything. When the ROM gets dumped, that will be our first step towards finding out if the ROM is encrypted and which areas of the ROM are not encrypted.
 
  • Like
Reactions: Subtle Demise
Hey, I've put some more details of the Gamecart interface and Logic Analyzer screengrabs at the ReSwitched Wiki:
https://reswitched.tech/hardware/gamecard

So far we've found the Pinout and the meaning of the pins, a long with some command - response dumps.

The Switch and gamecard definitely at some points starts to talk encrypted data (ie, randomness).
Have you guys found out anything else?
 
  • Like
Reactions: UnknownShadow2
smiba said:
I'm currently a student so money is my biggest issue. Getting a PCB developed does not cost a lot of money these days. Shipping (still) does through.
Unless we want this to go on snail speed I'd need to pay extra for DHL shipping. I've been waiting for about 2 months on one of my PCB designs and it still hasn't arrived today because that's the service you get when you pay $15 for 10 10cmx10cm PCBs

With the Chinese who knows. My main goal is making the first steps into the development of a flash cart. Maybe I won't be the first but that's no reason for tears, were all trying to achieve the same goal!

As for the cracking of any kind of protection there are way more skilled people out there. Will I do it? Maybe.
At this point my main goal is purely to get a ROM export running on a non original cartridge.



This is what I'm developing right now, although I was wondering if there was an easier way (without destroying my cartridge slot. Remember $300 is a lot for a student). But I think this is the most solid and flexible way



Thanks!
Click to expand...
Man, honestly if money is the BIGGEST hurdle for you, let me help you out. I'm definitely not a super rich mf, but I remember eating Taco Bell packets for supper a few years back in college. Set up some kind of donation site, maybe. Is there already something like this? I'm sure i wouldn't be the only one to throw cash at the cause, even if nothing comes of it. I hate the fact that this green $hit gets in the way of so much talent, it's really depressing.
 
  • Like
Reactions: TotalInsanity4 and Subtle Demise
andxor said:
Hey, I've put some more details of the Gamecart interface and Logic Analyzer screengrabs at the ReSwitched Wiki:
https://reswitched.tech/hardware/gamecard

So far we've found the Pinout and the meaning of the pins, a long with some command - response dumps.

The Switch and gamecard definitely at some points starts to talk encrypted data (ie, randomness).
Have you guys found out anything else?
Click to expand...

I think you got pin 12 and 13 (DAT6 and DAT7) mixed up on the pinout order here:
https://reswitched.tech/_media/gamecard-pinout.png?w=200&tok=0f97e7

This also affects your commands and LA screenshots on the page regarding bus bits, the first command should be '9b' instead of '5b', and so on.

You can reach me via PM or on EFnet if you are interested in comparing LA dumps.
 
andxor said:
Hey, I've put some more details of the Gamecart interface and Logic Analyzer screengrabs at the ReSwitched Wiki:
https://reswitched.tech/hardware/gamecard

So far we've found the Pinout and the meaning of the pins, a long with some command - response dumps.

The Switch and gamecard definitely at some points starts to talk encrypted data (ie, randomness).
Have you guys found out anything else?
Click to expand...

modrobert said:
I think you got pin 12 and 13 (DAT6 and DAT7) mixed up on the pinout order here:
https://reswitched.tech/_media/gamecard-pinout.png?w=200&tok=0f97e7

This also affects your commands and LA screenshots on the page regarding bus bits, the first command should be '9b' instead of '5b', and so on.

You can reach me via PM or on EFnet if you are interested in comparing LA dumps.
Click to expand...

I would agree that it strongly appears (and absent any other relevant information) that ALL the top pins are even numbered bits(D0,D2,D4,D6) and ALL the bottom pins are odd numbered bits(D1,D3,D5,D7)
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?