Open DaNxCorp opened 3 years ago
DaNxCorp
commented
3 years ago Here's some stuff about the cart.
I've taken a detailed and better picture of the cart. In the PCB you can see two chips, the smaller one is a KH25L1636D (the EEPROM, I guess) and the bigger one looks like a microprocessor or something, it's a MIPSgreen PD910B.
Also, here are the original bricked dump and the one that worked the first time, if I don't messed up the names.
EleventhSign
commented
3 years ago You can still probably return the cart to a working state but you won't be able to use the latest kernel for it (it's Wood 1.72 I think) because it'll just give you a white screen. You'll have to use a lower kernel version from r4igold.cc (v3.1). And once you got it working, you can start from there and play around with a different fw and kernel combination.
I was the one who supplied the files in that forum. And in fact the "last_working-backup.bin" files you attached is a dump of my very first r4isdhc.hk cart (it was v7.07 and it had 3 chips: an EEPROM, an SPI chip and the processor). The other backup,bin, I am assuming is the original backup of your cart before you reflashed it (I looked at it and it is v5.06).
Can you try running ntrboot_flasher again and attach the log here?
DaNxCorp
commented
3 years ago Thanks for your reply. I've been messing around with the flasher, ran all options to generate every log in debug mode, here you have. The details that cathed my atention are the hardware revision 2A2A2A2A and a SecureInit fail.
At this point, I'm considering the possibility of booting my Raspberry PI and try to reflash the EEPROM by SPI with FlashROM, but currently I don't have any pomona clip nor the proper hardware to desolder/resolder the chip, that would mean to twist a naked wire on each pin with a pretty high risk of shorting the chip... I keep this option only as a last resort, of course.
If we can recover the cart, my current plan is to use the original firmware (v5.06, as you already found) with its latest kernel, it worked well back then, I don't remember any compatibility issues. Before blindly flashing the dump that bricked the cart, I was trying to peek at the contents in the official r4i-gold.com fw updater specific for this cart (the typical "X.XX_X.XXfwUpdate_VX.XX.nds" of the R4's) to see if I could extract the 2048KB .bin from there, but the files inside were something beyond my knowledge (I expected only a fw image and a flashing script or something similar).
EleventhSign
commented
3 years ago The fw file inside the updater is obfuscated depending on the version of the updater. So extracting that and flashing it to your cart would've also bricked your cart.
Well, log shows it cannot secureinit anymore. If cleaning the contacts of the cart doesn't help ntrboot_flasher initialize/recognize it, then you'll need a hardware flasher.
DaNxCorp
commented
3 years ago Hey, I have good news! I fried (I guess) the original EEPROM while reflashing it by SPI, but I replaced it with a similar one scrapped from a dead device, and flashed the original bricked one... It worked! Now, I'm wondering if it's possible to deobfuscate the fw image from the updater to flash it to the cart to make it useable again.
The cart is apparently in the same state as before the first succesful flash, so this issue is technically resolved. Anyway, I'd like to extract the fw image from the updater, or at least modify the version info of the .bin that worked to something below 5.06 to later use the updater by the official way. I'm going to read about it (any advice would be appreciated). Thanks!
I had this cart lying around for years, it bricked itself (corrupted firmware maybe, appeared on 3DS menu with a weird icon but errored when trying to start it) for no reason back then and recently I decided to bring it up to service again after I learned about this software and the possibility to reflash backups to flashcarts in order to restore them.
So, after some hours of searching, I found a user in a GBATemp thread with EXACTLY the same cart as me, here is the post for reference.
Briefing from this thread, it appears that the hardware on this cart is pretty similar to the ones from r4igold.cc and r4isdhc.hk, in fact, I used the R4 SDHC Dual-Core option in ntrboot_flasher without a hassle.
So I followed the same procedure as him, but using ntrboot_flasher instead of SPI flashing directly in the chip, and it worked almost perfectly. Almost, because the fw+kernel combo had compatibility issues with some of my games, so I decided to search for a previous backup with an earlier fw version to try updating it with the "official" firmware and then use the corresponding kernel... Well, the backup flashing finished without errors, but now the cart doesn't show up on the 3DS menu and ntrboot_flasher says it's unsupported, so I can't flash it back to the last working backup.
Any clue about this? I will provide anything on my hand to troubleshoot further, including the original (bricked) backup I did before the first flash and the one that worked before the second attempt. There are photos of the cart in the GBATemp thread, but I can take better ones if necessary.