R4i Gold 3DS (r4igold.cc)

[Diego788]

Can my flashcard, "R4i Gold 3DS" be compatible with ntrboot_flasher?

This flashcard can be updated if you put a .nds file from the official page in the SD and opening it... so maybe it can be compatible... the flashcard uses a _DS_MENU.dat and a _rpg folder in the SD.

Here you can find the updater in .nds format with a readme, I know the latest update is from 2013, but it works perfectly fine in all versions of 3DS and DSi.(obviously DSL and DS works)

I put some photos in imgur

[kitlith]

Geeez, R4i Gold 3DS may or may not have a ton of things using the same name, but different hardware. Thanks for the info, we'll take a look at some point.

[Cuphat]

Yeah, I feel like all the "R4i" carts should be categorized by the website that they used. Name alone is too ambiguous.

[pixel-stuck]

@Diego788 can we get pics of the cart, and if you are so daring, pics of the board as well?

[Diego788]

I have 2 "R4i Gold 3DS" flashcarts, they are the same but the one without microSD is dead since 2015, so I opened it to show the board

Images (Click to Expand)

 

[Valeri0p]

Your last one is probably an *sdhc clone, who is already on todo list... Can you try to run the "flash dumper" option on ntrboot tool on it please, and reports the results here?

[EleventhSign]

@Diego788 what ChipID and HW Rev appears when you try to detect it with the tool? The board of my cart looks 100% similar to yours but it is from www.r4isdhc.hk. It's R4 SDHC Dual-Core 2016.

edit: Ok I saw Diego788's photos in the link in the first post and Chip ID & HW Rev (00000FC2 and 2A2A2A2A) are similar to my cart. Even the firmware updater GUI is 100% identical.

[Valeri0p]

@EleventhSign I'll Also post the results on my card tomorrow, since it's identical apart from the year on the sticker (there is only one kernel on the website, so...)

In my previous test with the first release CID and HWrev were often the same, and changed pretty randomly (maybe because it'# YSmenu-bricked?), but the one time they were different, CID was FC2 and HW changed a bit of times... I'll report more accurate info soon ...

[pixel-stuck]

@Diego788 I can confirm that that cart is a clone of the one that has WIP support. I've RE'd most of the updater you posted and basically understand how to dump/flash the device. (most of the commands are the same as ak2i commands) as well as knowing the encryption protocol.

[pixel-stuck]

@Banamy this is an unrelated flashcart, please post them in another issue. Thanks.

[ghost]

Will do. Mind taking a look at it?

[pixel-stuck]

@Banamy I'm going to make a build of ntrboot_flasher for @Diego788 then I can look into your cart.

[pixel-stuck]

@Diego788 here's a test build, it won't flash ntrboot, it should, however, read the flash. Use the "Dump flash" option in the menu and post the result here. [removed old test build]

(Note that others should not try this build, it will always "successfully" find a flashcart)

[Valeri0p]

Ok, I didn't notice the imgurl link on @Diego788 first post 😅; that's my identical same card. For the sake of completeness, here there are my results with ntrboot flasher 0.1.2 First try: ChipID: 2A2A2A2A HW Rew: 2A2A2A2A Second try: ChipID: 00000FC2 HW Rew: 2A2A2A2A and with @dark-samus build :D (yea, I know It dosen't work, I know) First try: ChipID: 00000FC2 HW Rew: 2A2A2A2A Detected: (null) Dump Complete! Backup.bin is 0 bytes (looks empty with an hex editor 😞 )

Second and third try are basically the same...probably because it's YSmenu bricked. Well, at least I've tried :)

[pixel-stuck]

oops, forgot to do something. Try this one: [old build link removed]

[Valeri0p]

just a minute...

[pixel-stuck]

actually, that one should also produce a file of 0 bytes. Give me a sec to get a proper build

[pixel-stuck]

here ya go, sorry about that: [build link removed]

[Valeri0p]

Tried 3 times, exact same result. Remember that my card is bricked, it doesn't show up on home menu and it can be launched with ntr launcher...

Oh, I see, I'll wait, but IMHO even @Diego788 and @EleventhSign should test that.

[Valeri0p]

Thanks :) Can I ask you a stupid question?

[pixel-stuck]

sure :P

[Valeri0p]

Oh! now it says Detected: R4 SDHC Dual Core ! It was very fast, but seems that it dumped it! Let me check the dump...

[pixel-stuck]

please upload that dump here. The flash contents should be encrypted (we've already worked out the encryption scheme though)

[Valeri0p]

Lol, it's filled with 2A2A2A2A2A2A2A... i've bricked it pretty well xD backup.zip I'll do other dumps anyway, sometimes with old builds the CID changed...

Anyway, if we success on make this dumper working, can I unbrick my flashcard by flashing a backup from someone else?

[Valeri0p]

Sorry for the slowness...

[pixel-stuck]

it's fine, don't worry :)

[pixel-stuck]

OK, one more thing, could you attempt to dump the cart with something like GodMode9? This should attempt to read the ROM at least and should give us some indication of whether or not we're getting good data out of the flash dump. That said, it may not dump at all.

[Valeri0p]

Nothing, I've done other 4 dumps and they are all filled with ***** The C: drive with gm9 1.2.7 is empty, 0 bytes, 0 files, 0 directories. Should I use a newer release? Also, if you try to dump flash without a cartridge inside, it will say it's an SDHC and will dump it 2MB of zeroes...

ps: when, in the past, trying to restoring my card, I've tried to run the updater from various environments, nds bootstrap, dslite swapping the card...without any results, so maybe we are talking with a wall...

[Valeri0p]

Anyway, I'll try to dump it with the latest release of gm9 and d9wip, I'll report back later. Edit: nothing, d9wip "is not an ak2i" and gm9 the same thing.

[pixel-stuck]

I may be able to recover your cart, tbh. Then you might be able to be of more help :) at this point, if you can jump on freenode irc, #Cakey then we can communicate better

[Valeri0p]

I see 😏 It will be my first time on IRC, since I'm not a native English speaker. I'll be happy to help you for the next two days =D

[EinyWf]

I have a similar card "r4i unlimited upgradable" from r4i-gold.hk (that web doesn't work anymore) that seems to be a similar clone. I'm not sure what firmware it has (I remember I flashed a different firmware from the one that was on its web). ChipID: 00000FC2 HW Rev: 00000000 I dumped it with the test build and the dump seems correct. I'll attach it here in case it helps somehow. backup.zip

[Diego788]

oh my god so many replies ;-; there have been problems with the internet in my town...

[Valeri0p]

@Diego788 can you try to dump with the last build? https://github.com/kitling/flashcart_core/files/1222726/ntrboot_flasher.zip @EinyWf photos of the card please?

[Diego788]

i used that dump and got this... should i upload my backup.bin?

Image (Click to Expand)


[pixel-stuck]

yes, please do upload your backup

[Diego788]

done backup.bin.zip

[pixel-stuck]

Hmm, that looks the same as @Valeri0p's backup...

[Diego788]

oh true, only 2A

[pixel-stuck]

I'm thinking this isn't actually the readFlash command, and is rather just the default response from commands that aren't valid...

[pixel-stuck]

@mariogamer2 yeah, most cards use 0xFC2 as the chipID. Nothing new.

@EinyWf seems closer to ace3ds. That flash dump is pretty small, just repeats over and over...

[Diego788]

I forgot to show you this post I found on Facebook

Image (Click to Expand)


## TRANSLATE: An EOL (ElOtroLado) user uploaded this photo (the flashcards closed with a red square are the one that worked with NTRBootHax (ntrboot_flasher)) ## my flashcard is in that photo, the R4i Gold 3DS with 2013 in the front, with a red square (works) ## I think that that user just injected ntrboot.. obviously he didn't did a flash dump because of no compatibility, but the good thing is that ntrboot worked for him

[pixel-stuck]

I don't think that information is accurate, tbh. Maybe it is, but I doubt it.

Anyway, try this one please: [removed old build link]

[Diego788]

Image (Click to Expand)


[pixel-stuck]

does the dump look the same as the previous one?

[Valeri0p]

For me yes (documentation sake :p )

[Diego788]

i think it's the same :< backup.bin.zip

[pixel-stuck]

well, qubsica on IRC has the card and I think we'll end up fuzzing the read flash command.

[EinyWf]

I've repeated the dump ten times with my cart (r4i-gold.hk) and got exactly the same file every time, same size (2,1 Mb) and same md5. There's a lot of readable text when opened with a hex editor but I can't really tell if it's a good dump.

[EleventhSign]

I used the 2 last test builds and both generated 2MB of 0x2A. Just to mention, my cart was also YSMenu bricked just like @Valeri0p.

[pixel-stuck]

@EinyWf yeah, it would seem there's something good in that dump. It seems like the beginning of a ROM. However, it would seem it's unrelated to the flashcart I'm working on. Like I said, looks more like the ace3ds from another issue, go find that and post there with future stuff please.