Dump cart ID2 properly in private header #862
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This prepares changes to fix private header dumps. The name ID2 matches Lotus3 (see Switchbrew) since it's evident Lotus3 is just a continuation of the 3DS cart controller
This prepares changes to fix private header dumps. The name ID2 matches Lotus3 (see Switchbrew) since it's evident Lotus3 is just a continuation of the 3DS cart controller.
This renames the unknowna0_cmd to its proper name and the A0_Response to CartID2, matching Lotus3 terminology.
The ID2 contains important information that in particular determines the cryptographic keys used. It is impossible to decrypt a dump of cart<->controller communications without knowing the ID2 or trying all possible keys. This behavior matches Gateway. I suppose that it was presumed that Gateway would always store zeroes there because regular cartridges on retail would always report zero and then everybody just copied this false assumption.
|
Hey, thanks a lot for the contribution! I see you're also the person who edited the Gamecards page in 3dbrew, so thanks for that one too. The code itself looks good to me, I'm just a bit concerned with the behavior. Do you have any source for this info? Be it datasheets, other cart dumpers, etc? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The private header currently stores the 0x40 unique ID and the cart ID that contains the maker code (e.g. 0xc2 for Macronix). At +0x44, it stores four zero-bytes. This is actually the ID2. The ID2 contains important information that in particular determines the cryptographic keys used. It is impossible to decrypt a dump of cart<->controller communications without knowing the ID2 or trying all possible keys. This proposed new behavior matches Gateway. I suppose that it was presumed that Gateway would always store zeroes there because regular cartridges on retail would always report zero and then everybody just copied this false assumption.
The Switch Lotus3 has CartId1 and CartId2 fields. These map almost 1:1 to the 3DS. It is therefore a natural assumption that these names would match for the 3DS, too.
I propose doing a squash merge instead of a simple merge: These edits were made in the GitHub web editor, one file at a time and then downloaded, build and tested separately (don't ask why). The commit history is as messy as one might expect from a genesis of this sort.