The GBA had few piracy woes
*cough*GBAtemp.com*cough*
The GBA had few piracy woes
This is being worked on presently by some wololo community members and some people further off in the shadows.
Myself and one other (katsu, who first developed the proof of concept) have the retail carts hooked up in such a fashion that we can dump the encrypted NAND contents on it, and also potentially write dumps back (well, we can now, but we brick the card obviously).
The issue is that without an attack vector in the auth/encryption for the cartridge we can't progress much further. We have gotten some analysis done on the non-encrypted game update and save sectors of the dumped images.
This doesn't mean it is coming, this just means we're poking around and the concept of a "flash cart" is not completely outlandish. It's like anything current though, in the console security world: we require attack vectors for peeking at some of the parts of the encryption keys if at all possible. Then there is everything else we have to do analysis wise, assuming we can even glimpse enough of the parts of the key to break it. Don't hold your breath. You will die by the time we get there at our current rate.
I just thought for the sake of knowledge, you guys might be interested in that piece of current info.
Interesting, you skim past many points that I would like clarifications:
1) "dump the encrypted NAND contents" Is it plain NAND? I assume you use katsu's pinout diagrams? He however said that you have to have the card inserted for the dump to work. Is that true? If so, is the reason because of some auth? Do you have pictures of your dump setup?
2) "also potentially write dumps back" So you say you can write to the NAND on the game's partition (not just saves/extra content)? Can you write a 2GB image and then read it back?
3) "non-encrypted game update" What do you mean by this? I was not aware such a thing exists. All game updates I've see are encrypted sony .pkg files.
4) "some of the parts of the encryption keys" Parts? What do you mean by part of the key? And I assume you mean decryption keys? Since encryption keys are always private.
Thank you for the clarification. Did you also use a memory stick pro duo to do the dump, or did you dump the NAND directly with some hardware like Teensy2++?
I am attempting it using a memory stick as well. I have been thinking about getting my hands on a dev board to play around with doing it though. But first off I wanted to be able to successfully be able to repeat the original method without fail. It is a shame katsu seems to be quiet and has not replied.
EDIT: Has anyone else been playing with this that you know of?
Good to know I am not the only one having problems. I am also wondering if (though to the experienced eye it looks OK) I have a problem with my soldering or if I am getting some noise or another problem from using inappropriate diameter wires. I am trying with it plugged in to the Vita.
I have not spent too much time on it as I don't have interest in cloning/piracy. I am spending more time focusing on software like getting kernel code running. Good luck though, and keep me updated.
Thank you. Yeah I am of two minds about it. I post the info on the thread on wololo once I've got it working properly. I too have not spent much time yet on it. Hopefully I will have more luck soon. Hopefully you will have more luck with getting some kernel code running successfully.
I know it is off topic, but are you still interested in developing a toolchain for a small bounty, regardless of if the main one can get any traction? (Seeing as we are stuck with not having legal counsel to help us make sure we can do it safely)
Fair enough, I guess I took what you said in the bounty thread and ran with it too far.
I was worried about mentioning the leaked toolchain. Good to know we have got some confirmation on that. It saved the need to take a look for myself. How exactly did they not work?
I really should figure out how to get a little bit more involved in directly talking to the other guys and girls playing with all of these toys. I appreciate what you've been able to confirm for me. I am kind of running blind on my own and teaching myself as I go. Sorry if I am pestering you.


If ShadowSoldier wasn't 12, he'd notice that there's a lot of PSVita games, he's just not allowed to buy them yet because he's too young and the clerk would give him a row in the store. ;O;If a flashcard were to appear on Vita... what gaems are there to play? :3
If a flashcard were to appear on Vita... developers would sell only 5... the same number of people who own a Vita :3


