Virtual Console (ambassador games) ROM injection

Discussion in '3DS - Flashcards & Custom Firmwares' started by Nintynuts, Dec 17, 2011.

  1. Nintynuts
    OP

    Nintynuts Member

    Newcomer
    46
    0
    Mar 14, 2009
    England
    Now we have 10 NES and 10 GBA games with emulators we can copy to our SD cards and we know what the ROM data should be, might it be possible to work out the encryption key so we can decode the data and inject different ROMs to play on our 3DSs?

    I know it's not quite as simple as that, as there's the emulator data that will have an overhead (probably at the start) as well as the per-game metadata so if it's encrypted with it's own md5 hash or something that will throw it all off. It was just a thought and i wondered if it was at all feasible?

    Looking forward to hearing some thoughts from people who know what they're talking about :)
     


  2. Tsukurimashou

    Tsukurimashou GBAtemp Regular

    Member
    128
    23
    Oct 8, 2011
    That would be great but I really don't know how it works so I can't help, sorry.
     
  3. Snailface

    Snailface My frothing demand for 3ds homebrew is increasing

    Member
    4,324
    1,981
    Sep 20, 2010
    Engine Room with Cyan, watching him learn.
  4. Nintynuts
    OP

    Nintynuts Member

    Newcomer
    46
    0
    Mar 14, 2009
    England
    I could have, but firstly I was unaware of that thread was stickied for use rather than a reference, but also that every time I've ever posted something in a long running thread like that no-one ever takes any notice.
    This whole forum is 'Hacking & Homebrew' so I don't see why I shouldn't be allowed to make a new thread. I'm not an expert but I have some idea what i'm talking about so I wanted it to get some proper attention.

    But anyway, are there some people about who have played with reverse engineering encryption before?
     
  5. Tom Bombadildo

    Tom Bombadildo Honk!

    pip Contributor
    GBAtemp Patron
    Tom Bombadildo is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    10,124
    9,938
    Jul 11, 2009
    United States
    I forgot
    Well then I'd like everyone to pay attention to the fact that I strongly disagree with you and quite frankly don't care whether or not you wanted attention or not. Stickies are there for a reason, if no one pays attention to your idea, your idea is shitty. Deal with it.

    On topic: There is some sort of encryption and nobody has been able to reverse engineer or crack the encryption or inject ROMs or anything. I remember various threads about this same thing and still nothing has been reported.
     
  6. Rydian

    Rydian Resident Furvertâ„¢

    Member
    27,883
    8,102
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    That thread is made for situations where all somebody has are theories.
     
  7. ferofax

    ferofax End of the World

    Member
    2,566
    437
    Jan 26, 2009
    Philippines
    you don't even know where in the files these VC titles are, much less know how to decrypt them.

    until then, ROM injection has nothing to go on with, and therefore no real reason to discuss it other than just to have something to say about it..
     
  8. totalnoob617

    totalnoob617 Banned

    Banned
    785
    83
    Sep 27, 2010
    United States
    well it wouldnt be hard to find ,all you would need to do is copy your sd card to your pc ,then download one of the games and see what new data is added and how the 2 sd backups dont dont match, the new added files are obviously the game, but we dont know if they use emulation at all i doubt they do ,they are most likely ports no?
     
  9. Clydefrosch

    Clydefrosch GBAtemp Psycho!

    Member
    4,023
    1,125
    Jan 2, 2009
    Gambia, The
    its not as easy, since its all encrypted. you'd need to decrypt it first, to be able to compare things. (considering one download consists of a rom and the needed emulator data?)

    if there was overlapping data on the files, it could be possible to determine where the rom would be and stuff, but im guessing someone who knows better already got that idea
     
  10. celcodioc

    celcodioc Major A$$hole

    Member
    278
    66
    Nov 13, 2011
    Only save files from cartridges have been decrypted before.

    We could probably just search for the ROM header... but since we don't know how to decrypt the apps, we can't do that ^^

    Since they seem to run much like DS games (no StreetPass, no SpotPass, hold START or SELECT to play them in their native resolution, etc), I'd guess they are run natively + a few minor additions for bottom screen and HOME button support.



    [/thread]?
     
  11. Nintynuts
    OP

    Nintynuts Member

    Newcomer
    46
    0
    Mar 14, 2009
    England
    I'm 99% sure the virtual console games are emulated, the 3DS doesn't have an arm7 chip in it like the GBA-DS Lite had (removed from DSi) so there has to be an emulator somewhere, if not embedded in each package then in the firmware. On Wii, which is the nearest comparison in terms of power, each game had it's emulator built in, which is why some ROMS only worked when injected into particular emulators because of optimization. I would have thought the structure of these new Virtual console games is probably the same as the Wii ones, Nintendo don't like re-inventing the wheel. Again, it would be nice to hear some comments from someone who has worked with anything I've mentioned to confirm/deny whether any of this sounds plausible.

    EDIT: I suppose it's remotely possible these games have been recompiled to run on the PICA and new CPU with a wrapper for scaling and new button handling, but it seems unlikely considering Nintendo's track record.
     
  12. spinal_cord

    spinal_cord Knows his stuff

    Member
    2,949
    559
    Jul 21, 2007
    somewhere
    The files are probably encrypted AFTER the rom is combined with the emulator, so comparing rom images will get you nowhere. Someone would have to decrypt the files before ANY progress is made in ANY area of 3DS homebrew. (yes I know rom injection is different, but the point is the same).
    Also, the NES games have been around for a while now, if anyone had made any progress, you would have heard about it already.

    [edit] - yes, the games are emulated, you can tell in a couple of areas, such as random screens of garbled gfx during fades in yoshis island.
     
  13. wchill

    wchill Resident chillxpert

    Member
    1,407
    34
    Jun 12, 2008
    United States
    Which track record would this be? I see emulation as unlikely; just have GBA code run using a hypervisor with the appropriate calls to 3DS functions instead of GBA functions where necessary (ie. the bottom info screen). Why reinvent the wheel and try to emulate something you can run pretty much natively?

    Not saying that ROM injection is likely anytime soon, as spinal_cord mentioned.

    As for graphical glitches, that does not necessarily mean an emulator - it could just be the 3DS screen and/or the code used to drive it.

    (If it wasn't clear, the 3DS's ARM processor is backwards compatible with ARM7 code, just like it is with ARM9 code, which is used in the DS. The Nintendo 1048 0H ARM processor is really a System on Chip with a version of the ARM11 and the Pica200 in one chip. Since ARM11 implements ARM7 and ARM9 instructions, it is backwards compatible.)
     
  14. heartgold

    heartgold GBAtemp Psycho!

    Member
    4,335
    1,031
    Sep 11, 2009
    London
    Not really, NES games have been draining more battery life than GBA games, IMO this isn't 100% emulation and ARM11 core is able to run native ARM7/9 codes.
     
  15. Roxas75

    Roxas75 GBAtemp Advanced Fan

    Member
    518
    1,381
    Oct 9, 2010
    Italy
    I saw a little the structure, so i think that the games are emulated.
    The file 00000001.app is a little bigger than the GBA rom, so i think it's a package that contains emulator and rom.
    The only way is to decrypt them...
     
  16. wchill

    wchill Resident chillxpert

    Member
    1,407
    34
    Jun 12, 2008
    United States

    Please refer to this post on the subject.

     
  17. DiscostewSM

    DiscostewSM GBAtemp Psycho!

    Member
    4,991
    2,629
    Feb 10, 2009
    United States
    Sacramento, California
    I would have to disagree with you there. That can easily be caused by the motion blur, using a low ratio of the retained frame mixed with a high ratio of the current frame. That capability itself is an operation built-in to the GPU. Even the DS had a capture unit for such an effect.

    As has been said already, GBA games on the 3DS have shown to have less power consumption than both the NES and GB games because the ARM11 is capable of interpreting ARM7 and ARM9 code natively. While I say the games aren't fully emulated, I won't rule out the possibility that it is partially emulated. From the original GBA to the DS Lite, each of the devices included a Z80 co-processor, partly for backwards compatibility, but GBA games used it for the audio tone generators alongside it's own 2 8-bit DACs to make up the audio system. From the DSi on, GBA compatibility was removed, which included the removal of anything that wasn't being used by DS games, which included that Z80 co-processor.
     
  18. Nintynuts
    OP

    Nintynuts Member

    Newcomer
    46
    0
    Mar 14, 2009
    England
    Well, I now know a couple of things hadn't initially realized, firstly that ARM11 was backwards compatible with 9 AND 7 and secondly that AES encryption (which nintendo has used in the past, so i guess probably for this too) is so damn complicated, so there's no way of injecting without the key(s) first. I also agree that it's likely that the overhead on the app file is probably per-game compatibility related as it varies in size so much. I would say it's actually simulating the GBA games rather than emulating or running them natively, but that may just be me. However, I don't think this will completely prevent Injection, we may just find some games work better in some of the containers than others; we have 10 to play with.

    I bow to the knowledge of those few who have contributed the most in this thread, and unless people want to continue discussing theories, a mod can go ahead and close this now.

    Thanks everyone
     
  19. totalnoob617

    totalnoob617 Banned

    Banned
    785
    83
    Sep 27, 2010
    United States
    i will say 1 thing the emulation and emulator is kinda shitty ,i mean i know the resolution is much better than nesds but when i run metroid on nesds it runs fine no matter how many sprites are on the screen ,and even i can fast fwd and rew with l and r and its flies, when i play the ambassador version the game slows down considerably even when there are even that many sprites on the screen, i have not tried the wi vc or emulated one but curious how metroid vc runs next to it on a wii nes emulator and how the 2 emulators differ on the 2 systems in terms of performance ,i wonder if the vc metroid slows down too
     
  20. DiscostewSM

    DiscostewSM GBAtemp Psycho!

    Member
    4,991
    2,629
    Feb 10, 2009
    United States
    Sacramento, California
    One emulator is made by homebrewers. The other is made by Nintendo. The homebrew emulator, while having nice extra features, does not have something that Nintendo's emulator has. The ability to execute the game with everything it requires at 100%. Even if the game slows down, that is because it would do so on the actual hardware too. Might seem silly, but keeping it in sync like that allows it to stay accurate (and stable I might add).