The NSMB Hacking Domain

Posted on 05-13-18, 09:37 am in Nintendo DS dev hardware! IS-NITRO-EMULATOR & co.

Link
ID: 61710
+1

Super Mario
( ͡° ͜ʖ ͡°)

Karma: 10020
Posts: 4423/4457
Since: 06-08-11

Posted by Myria

We can't simply regenerate the data. While 1600-1647 and 1C00-2BFF are algorithmically generated, 1000-15FF, 1648-1BFF and 2C00-2FFF appear random with no known source. If you corrupt these seemingly unused areas of a cartridge and flash it to a dev cartridge, the dev cartridge still works. The random garbage might be chaff to make it less likely that hackers found it. But the annoying part is that it means we can't simply generate this data and attach it to existing dumps.

Is it that important if that data is entirely 100% useless though?

Posted by Myria

However, a ray of hope exists: if you flash a cartridge with corrupted unused data, it will work fine, but if you then ask the IS-NITRO-EMULATOR (etc.) to verify the dump, it will say that the flash is bad. Try again with the hacked image and it will say that it's correct. In other words, something is able to read the security data.

This is not visible in the USB communication with the IS devices. Whatever is happening has to be on the device's side. I don't have the electronics know-how to set up a logic analyzer on the cartridge protocol bus to see what's involved with verifying.

Very interesting. Maybe Gericom's REing of the nitroemu firmware can shed some light in this too? I'd be very very interesting to see how the dev card protocol works, for flashing, erasing and verifying. Maybe it's possible to program them from regular DS's if it's just special commands (as opposed to special voltages or weird stuff?)

Posted by Myria

It's quite possible that only dev cartridges respond to whatever the IS devices are sending. But this is a ray of hope for correct dumps.

This is what I fear too, yup. It's very likely, otherwise it'd probably mean you can use that to break encryption...

Dirbaio	Posted on 05-20-18, 06:04 pm in Auto-run when event ID 30 is active (rev. 1 by Dirbaio on 05-20-18, 06:05 pm) Hi. Link ID: 61919 +1
Super Mario ( ͡° ͜ʖ ͡°) Karma: 10020 Posts: 4425/4457 Since: 06-08-11	The activator bitmask is only 64 bits though. ID 72 cant work there... I don't know if the bitmask is actually an array, or the IDs higher than 64 have special meanings that are calculated from other stuff iirc..? Edit: you edit-ninja'd me lol.

Dirbaio	Posted on 05-29-19, 08:43 pm in search function securing. Hi. Link ID: 66016 +1
Super Mario ( ͡° ͜ʖ ͡°) Karma: 10020 Posts: 4433/4457 Since: 06-08-11	Pull requests are welcome --> https://github.com/Dirbaio/NSMBHD

Dirbaio	Posted on 02-15-21, 12:44 pm in Downtime? (rev. 1 by Dirbaio on 02-15-21, 12:45 pm) Hi. Link ID: 70231 +1
Super Mario ( ͡° ͜ʖ ͡°) Karma: 10020 Posts: 4446/4457 Since: 06-08-11	I deleted some certbot certs for a website that was no longer in use, but didn't delete the nginx config for it. During the night certbot renewed stuff and restarted nginx. Aaand it turns out that if nginx config references a cert that doesn't exist, ALL sites fail to come up, not just the broken one. Sorry about that! Shouldn't happen again

Pages: « ‹ 12 13 14 15 1617