Hacking The confusion needs to be cleared on FPGA updates and clones

[t-master]

Gateway likely has a 3DS Cart to JTAG adapter they use for debugging/prototyping. The 3DS isn't designed to be a JTAG programmer for Actel devices. When I program Xilinx FPGAs, I use a Xilinx JTAG tool. When I program Altera FPGAs, I use an Altera JTAG tool. You'd use a similar tool for Actel devices.

If they used a soft-core processor with an external program rom, they can update the code in that program rom which would allow for new features. That's what I assume they mean when they mention updating the FPGA.

You don't necessarily need a JTAG Programmer for this, some Actel documents mention a method to update one of their FPGAs via some seperate chips (they are calling it Microprocessor ISP, http://avmaster.bonissi.it/datasheets/Actel-ProgrammingGuide.pdf Page 3), which might be the purpose of some of the chips on the GW board, though this is just a guess on my side. It also might be why the clones didn't copy the GW-card directly, since this would mean they had to include this chips too, resulting in a more expensive board, so they might have simply dropped anything related to that.

 

[Xzi]

fix'd

How is that a necessary add when I put essentially the same thing in parentheses in my original post?

Just another bunch of code that the clone teams couldn't replicate or figure out.

 

[mr. fancypants]

How is that a necessary add when I put essentially the same thing in parentheses in my original post?

Just another bunch of code that the clone teams couldn't replicate or figure out.

just a joke... ( dont be mad at me)

 

[Xzi]

just a joke... ( dont be mad at me)

 

[Arras]

I personally do not believe that there is any definite proof that any code was placed in the Gateway Software that was intended for bricking consoles.

Regardless, assuming you are convinced that said proof has been found, please keep in mind that it was located by basically amateur homebrew hackers within a day of the bricks being reported.

Now take into consideration that any hacker worth his salt will tell you that by far the hardest part of hacking compiled code is finding the segment containing the instructions you wish to remove. Altering the binaries to disable the code is trivial in comparison.

If someone had the ability to locate the instruction set that bricks the 3ds when certain conditions are met within a day of the reports, he should have no trouble at all disabling that code within a few minutes by editing any one of the conditional checks to always return FALSE.

Now consider that to this date, none of the clone companies have been able to release a solution despite their claims that they have a dedicated team of professionals developing the software for their product. And instead of releasing a fix, they have had to resort to advising their customers to download a roll back in firmware which has been poorly disguised as an upgrade.

If you truly believe that multiple homebrew amateur coders have found definite proof of the intentional malicious brick code in Gateways's launcher.dat by locating the exact code, then it only stands to reason that the clone cart teams of software developers are either non-existent or so incompetent or so apathetic about fixing the issue, that they might as well be a bunch of monkeys banging away at a keyboard.

Whatever the case may be, given this scenario, the simple conclusion is that the clone cart users can not rely on the teams behind their clone carts to protect them from any malicious intent Gateway may fancy to inflict upon clone users in future updates.

In such a scenario, what would you rather trust and use? The Gateway Cart an it's team which have been proven more than competent if a bit ethically questionable or the clone carts whose teams have proven to be unable to fix in a month what amateur coders would have been able to do within a day if they so chose to.

Would you rather be safe behind the canons that may on rare occasion accidentally misfire or directly under the sights of those canons, cowering behind the paper facade of empty promises made by the clone manufacturers to protect their valued customers.

They can disable the code they have found and IIRC Normatt's region patch actually did some of that. However there is always the chance of there being multiple checks and them missing a few. Fuck up here and you fuck up bad. That and none of the hackers seem to give a shit about helping pirates.
Also amateur != bad.
And as to the last two paragraphs I would trust neither after this whole mess.

 

[Commoner]

They can disable the code they have found and IIRC Normatt's region patch actually did some of that. However there is always the chance of there being multiple checks and them missing a few. Fuck up here and you fuck up bad. That and none of the hackers seem to give a shit about helping pirates.
Also amateur != bad.
And as to the last two paragraphs I would trust neither after this whole mess.

Multiple checks is not a particularly effective safeguard to ensure copy protection. Once you locate one instance of the code, it becomes much easier to locate the rest. And if you are able to isolate the first in a day, the others shouldn't give you very much trouble.

The only reason why you'd have problems locating multiple checks is if it were a completely different kind of check or you you were simply just pressed for time and as a consequence were not very thorough.

Professionals get paid for their work. Amateurs just do it on their own free time. Thus in general, if you are a professional, you has better be better than the amateurs. Otherwise it is just a matter of time until you get replaced by someone who can do the job better than you for less money.

If you trust neither Gateway nor the clones then I guess you're much better off just using retail carts. You could say that MT-Card is an alternative but it does not exactly have a solid historical record of fulfilling promises as it has already started off by falsely advertising features which were missing in the final product in order to push sales. In addition, there is some pretty good circumstantial evidence that the MT-Cart was released by the same team behind the R4i Deluxe Gold clone cart. So if you don't trust the clone companies, you should by extension approach the MT-Card with great caution as well.

 

[cypher007]

hmm, still wonder if this brick wasn't aimed at two end results:

1) make clones unpopular.
2) make GW some money fixing all the bricks.

 

[cypher007]

ground:

or it was kind of the update prevention which they were working on, and they left some code inside or something (guess we will never know )

I also wondered this and mentioned it in a post about a week ago. it even states on there web site they ended up bricking there consoles several times in testing. my theory is that the brick code was developed by accident from this research.

 

[Elusivo]

lol come on, that is really far fetched... what kind of update prevention requires the nand not being able to be read?

 

[McHaggis]

Professionals get paid for their work. Amateurs just do it on their own free time. Thus in general, if you are a professional, you has better be better than the amateurs. Otherwise it is just a matter of time until you get replaced by someone who can do the job better than you for less money.

There's nothing saying that Neimod, yellows8 and others are amateurs. Plenty of professionals use their skills in their spare time too. In fact, their skills indicate a high level of expertise.

 

[Commoner]

There's nothing saying that Neimod, yellows8 and others are amateurs. Plenty of professionals use their skills in their spare time too. In fact, their skills indicate a high level of expertise.

As long as you do not get paid for what you are doing, you are an amateur. Granted, you can be a NASA engineer working on 3ds homebrew but as long as we are not privy to such information, we should very much expect that the teams behind the clone carts should at the very least have skill sets that are at par with those of the amateur 3ds homebrew coders.

And the main thing here is that even if we assume that the 3ds homebrew coders do the same sort of thing at work, by definition they can only work on 3ds related hacks in their spare time. The teams behind the clone carts on the the other hand can pretty much dedicate all their time working on essentially the same thing.

Now, given that the amateurs allegedly isolated the brick code with about one day's worth of their spare time, what does that say about the teams of coders behind the clone carts that have had almost a month of their full time to address the issue with nothing to show?

This is not even considering the unlikeliness that someone who spends all day long getting paid handsomely for working on something, would be crazy enough to dedicate a good chunk of their spare time essentially doing the same thing for free.

 

[Mr_Pichu]

The better your tools the better your work, and obviously experience does count here as well. It appears to me the GW team has some skillz and maybe access to Nintendo's 3DS SDK. The clone developers have GW's work, but they don't have the skillz or resources to create their own software.

If the homebrew scene had access to the official SDK, we would be playing a feature complete version of Pacman right now.

If it turns out the GW team completely reverse engineered everything without an SDK, then they deserve even more credit.

The confusion will continue until the dust settles and we have the official GW 2.0 software in our hands.

 

[going]

Version 2.0 final of gateway's firmware is due to be published at the first day next week. It will upgrade the FPGA's firmware so after that it will be incompatible with launchers <= 2.0 final. It will not have removed the bricking code, and it will have more vectors to activate than current 2.0b2.

All this is to ensure clones can't use newer launchers and legit gateway users will use the latest launcher (remember if you update you can't go back).

 

[cypher007]

lol come on, that is really far fetched... what kind of update prevention requires the nand not being able to be read?

yes but maybe they were trying to write protect it, so the update wouldn't overwrite the original 4.5. at this point they then discovered they could lock the nand, so after this they then developed code that erased the nand and locked it.

 

[Elusivo]

ok, it may have evolved from an update prevention thing, but it doesn't really matter, the brick code was still done on purpose, not as something left there by accident or forgotten.

 

[gix222]

Version 2.0 final of gateway's firmware is due to be published at the first day next week. It will upgrade the FPGA's firmware so after that it will be incompatible with launchers <= 2.0 final. It will not have removed the bricking code, and it will have more vectors to activate than current 2.0b2.

All this is to ensure clones can't use newer launchers and legit gateway users will use the latest launcher (remember if you update you can't go back).

Gw representative? how you know such information?

 

[profi200]

There's nothing saying that Neimod, yellows8 and others are amateurs. Plenty of professionals use their skills in their spare time too. In fact, their skills indicate a high level of expertise.

I fully agree. I can't think of users, which are more skilled then they. They manage everything they want to do. I would say i'm an amateur, but they are professionals in their area. But they are not interested in piracy like me too, so...

 

[RachelB]

As long as you do not get paid for what you are doing, you are an amateur. Granted, you can be a NASA engineer working on 3ds homebrew but as long as we are not privy to such information, we should very much expect that the teams behind the clone carts should at the very least have skill sets that are at par with those of the amateur 3ds homebrew coders.

I think the word you're looking for is hobbyist. Amateur implies that they aren't very good.

 

[SpaceJump]

Version 2.0 final of gateway's firmware is due to be published at the first day next week. It will upgrade the FPGA's firmware so after that it will be incompatible with launchers <= 2.0 final. It will not have removed the bricking code, and it will have more vectors to activate than current 2.0b2.

All this is to ensure clones can't use newer launchers and legit gateway users will use the latest launcher (remember if you update you can't go back).

Source?

 

[spinner09]

Version 2.0 final of gateway's firmware is due to be published at the first day next week. It will upgrade the FPGA's firmware so after that it will be incompatible with launchers <= 2.0 final. It will not have removed the bricking code, and it will have more vectors to activate than current 2.0b2.

All this is to ensure clones can't use newer launchers and legit gateway users will use the latest launcher (remember if you update you can't go back).

That's an interesting claim, but...
What do you have to say about Ratman9977's posts on the previous page of this thread? He says Gateway can't update the FPGA at all!

Gateway can't update the FPGA at all -- it's impossible without a JTAG debugger, which the nintendo 3ds is not. The best they could do -- is if they used a softcore with an external rom containing the code -- is to update that via SPI. In that case, the clones would be able to perform the same action.

Gateway can only use those JTAG inputs with an external tool to program the FPGA. The 3DS itself is not a JTAG programmer, therefore the FPGA design cannot be updated on either the Gateway or clones from the 3DS itself.