ntrteam / flashcart_core

A hopefully reusable component for dealing with flashcart specific behavior.
GNU General Public License v3.0
128 stars 32 forks source link

Ace3ds Plus (ace3ds.com) / Gateway Blue (gateway-3ds.com) / R4isdhc.com.cn #33

Open az4521 opened 7 years ago

az4521 commented 7 years ago

firmware updates: https://filetrip.net/dl?Rqf4x1K5L5 - Wood R4 1.62 https://filetrip.net/dl?QCMwTu7FCo - AOS 2.13

Chip ID: 00000FC2 HW Rev: 00000000

Images (Click to Expand)

GM9 Dump (untrimmed): https://giveitbackja.ml/up/ewqzky.nds (SPONGEBOB AP_AL3E78_00.nds)
pixel-stuck commented 7 years ago

when we say "images" we mean pictures of the cart and the PCB. Please read the README and then post the proper information here.

az4521 commented 7 years ago

those are pictures of it? i scanned the PCB and cart

EDIT: here are some more

https://giveitbackja.ml/up/rgbdhg.jpg https://giveitbackja.ml/up/pxvm.jpg https://giveitbackja.ml/up/vcbgma.jpg

kitlith commented 7 years ago

@dark-samus click on the arrow next to "Images" to view the images.

Sorry, new issue template. reason why they're hidden by default was to try and help reduce overall clutter.

Edit: Adding "(Click to Expand)" to the template to make it obvious, so I edited your post as well.

zaksabeast commented 7 years ago

I'd like to note that the ace3ds+ has been found to be the same as a Blue Gateway flashcart.

This gbatemp post has quite a lot of information suggesting the carts are the same.

To support this, I tested the ace3ds+ updates (Wood and AOS) on my Blue Gatway to find they work perfectly. An untrimmed rom dump I got from my Blue Gateway is identical to the "SPONGEBOB AP_AL3E78_00.nds" posted above, and my Chip ID and HW Rev match those posted above as well (00000FC2 and 00000000 respectively).

The gbatemp post also has two update roms at the bottom for download, and my Blue Gateway works with this ace3ds+ update in particular, saying that it's already been updated to the latest version.

pixel-stuck commented 7 years ago

@az4521 is there any way you can get me the numbers on that chip with the blueish-greenish dot on it?

az4521 commented 7 years ago

i'll do [digit, digit] for when i dont exactly know what it is.

chip has this on it

X 2C12[A,B,8,9,5) F387[9,7]2 [v,u]829 PHILLIPINES C6-BMS 7C

Craftyawesome commented 7 years ago

Interestingly, both my plus's have slightly different hardware.

Images (Click to Expand)

![img_20170816_202758](https://user-images.githubusercontent.com/19976035/29749863-85f28242-8b03-11e7-9ff8-76addc1c3748.jpg) ![img_20170816_202809](https://user-images.githubusercontent.com/19976035/29749864-85f66880-8b03-11e7-907e-10cc05b297cb.jpg)

Newer (spongebob) is on the left both times. (older is alex rider) Also something to note is there was a "ace3ds_fix_all" file on older versions of ace3ds's website. Not sure if for plus's at all. [ace3ds_fix_all.zip](https://github.com/kitling/flashcart_core/files/1254391/ace3ds_fix_all.zip) This is able to tell my 2 apart
Images (Click to Expand)

![img_20170816_192216](https://user-images.githubusercontent.com/19976035/29749915-49a96bb0-8b04-11e7-8f3e-7a053a321dad.jpg) ![img_20170816_192039](https://user-images.githubusercontent.com/19976035/29749916-49ae3b86-8b04-11e7-8572-44e9a8826218.jpg)

Maybe run on a gateway and see what is says? Alex rider dump (untrimmed): [ALEX_RIDER_ALXP78_00.zip](https://github.com/kitling/flashcart_core/files/1254399/ALEX_RIDER_ALXP78_00.zip)
zaksabeast commented 7 years ago

Here's a picture of my Blue Gateway running the ace3ds_fix_all.nds rom.

Images (Click to Expand)

![bluegateway_ace3ds_fix_all](https://user-images.githubusercontent.com/19464008/29751329-f8c4fd22-8b08-11e7-972f-9ef03329eaad.jpg)

I did a bindiff to compare the one @Craftyawesome posted and the one from the gbatemp link I posted to find that they're identical. A bindiff is also how I compared the Blue Gateway Spongebob rom and the ace3ds+ Spongebob rom in the original post to find them to be identical as well.
pixel-stuck commented 7 years ago

@zaksabeast if I modified an updater, would you be willing to attempt to flash your GW blue card? Please note that it may brick the card if things don't go well.

Craftyawesome commented 7 years ago

@dark-samus I know you aren't addressing me, but I can sacrifice my old one.

pixel-stuck commented 7 years ago

OK, I've figured out how to patch it so that it won't give the "Don't need any patch" message. @Craftyawesome do you have a GW blue card or an ace3ds+?

Craftyawesome commented 7 years ago

@dark-samus ace3ds+

pixel-stuck commented 7 years ago

@Craftyawesome I was more interested in testing a GW blue card with the ace3ds+ updater.

TheGreekBoy commented 7 years ago

i have 2 gw blue cards

pixel-stuck commented 7 years ago

ace3ds_fix_all_mod.zip

try this :)

TheGreekBoy commented 7 years ago

it says not a valid card when i'm run the .nds file

TheGreekBoy commented 7 years ago

my gw blue cards have deep labyrinth bootstrap in home menu.

yacepi15 commented 7 years ago

I have a GW, but i don't want to risk it. I can help in any way?

TheGreekBoy commented 7 years ago

i can risk everything:)

yacepi15 commented 7 years ago

@TheGreekBoy I think there're some revisions of the Blue GW card. Could you please, open the card (its very easy) and tell what code is above the connectors?

TheGreekBoy commented 7 years ago

X-C

zaksabeast commented 7 years ago

@dark-samus Great job! It worked nicely with my Blue Gateway (Spongebob boot)

Images (Click to Expand)

![dark-samus_ace3ds _fix_all_mod](https://user-images.githubusercontent.com/19464008/29755506-80f7df78-8b56-11e7-84f1-2a9300a7563e.jpg)

Edit: it powers on just fine too and still works great.
yacepi15 commented 7 years ago

What is the game on the menu?

PS: Mine is X-C1.

yacepi15 commented 7 years ago

(The motherboard code)

TheGreekBoy commented 7 years ago

Deep Labyrinth

yacepi15 commented 7 years ago

It was for @zaksabeast , i didn't read the Spongebob thing. So... It can be updated? It was as simple as trying a official ace3ds updater?

yacepi15 commented 7 years ago

@zaksabeast, what code has your gw blue card motherboard? Thank you.

pixel-stuck commented 7 years ago

@TheGreekBoy @zaksabeast can you guys take your carts apart and show me the internals? Trying to get a handle on which ones can be updated and which ones can't. So far, the ones with spongebob seem to be the ones that work with the Ace3ds+ SW.

TheGreekBoy commented 7 years ago

give 5 minute

TheGreekBoy commented 7 years ago

HERE is my old GW blue card HERE is my new GW blue card

both says not valid card when i'm running the ace3ds_fix_all_mod.nds

pixel-stuck commented 7 years ago

@TheGreekBoy thanks for the pictures. I also was curious about something; you'll see in @zaksabeast's pictures that there's a number next to the "ACE3DS Firmware Fix" text. Does yours have a number? If so, what is it?

TheGreekBoy commented 7 years ago

it says : 00FFFFFF

yacepi15 commented 7 years ago

@TheGreekBoy @dark-samus Mine gives the same error.

yacepi15 commented 7 years ago

It says:

ACE3DS firmware fix 00FFFFFF Not a valid Cart.

Both original and mod updaters.

zaksabeast commented 7 years ago

I'm not really in a good position to open my cart up right now, however it's worth noting that before erasing, writing, and verifying (reading) the updater likes to run this check:

if ( (a2 - 0xEF4015) <= 1 || a2 == 0xC84015 || a2 == 0xEF3015 || a2 == 0xC22015 )

Which matches the number in the upper right next to the "ACE3DS Firmware Fix" text. My number in the screenshots is 0xC84015 and @Craftyawesome had 0xEF4015 both times.

yacepi15 commented 7 years ago

@zaksabeast How can i see the code of a NDS file? I want to see how this thing works by myself.

kitlith commented 7 years ago

Use ndstool to extract the arm9 binary (ndstool -x file.nds -9 arm9.bin), Find the loading address and entry point (ndstool -i file.nds), and then throw it into your favorite decompiler/disassembler. (radare2/IDA)

pixel-stuck commented 7 years ago

@zaksabeast yeah, I had noticed that. My patch was pretty simple, just skipping the update check. I'm working on a more in-depth RE of it. It'd really help to have a cart though. I may order one soon if I can find one.

EDIT: interestingly, they check something else the first time too: screenshot from 2017-08-28 17-57-14 but they don't do that later... interestingly, they check against one that shouldn't have gotten here at all: screenshot from 2017-08-28 18-00-31

zaksabeast commented 7 years ago

@dark-samus Right, I made sure to check your patch before testing it out. You changed one instruction to take out the conditional and just use it as a branch.

Life has currently limited my time, so I haven't been able to dig into this much except for a few minutes here and there. I'll still continue looking into this, but can only do so as time allows. I'm glad to hear you're working on this as well. Thanks!

Edit: As far as that first check goes, they did a few things differently. They seemed to check if the hardware wasn't equal to 0xEF4015 whereas all the other checks they did the same thing, but in a different way (I was curious about this as well). However you're right, they did have one extra condition too.

polarbernd commented 7 years ago

Gateway Blue Deep Labyrinth X-C Chip ID: 00000FC2 HW Rev: 00000000 The ace3ds_fix_all_mod doesn't work. (Invalid Card)

Images (Click to Expand)

![front](https://user-images.githubusercontent.com/6576487/29797614-85720436-8c58-11e7-9a97-0b1f7208cdb5.jpg) ![back](https://user-images.githubusercontent.com/6576487/29797620-903f67dc-8c58-11e7-9bfc-3f4e84a2588f.jpg)

[DEEPLABYRINT_ADLEEB_00.zip](https://github.com/kitling/flashcart_core/files/1258651/DEEPLABYRINT_ADLEEB_00.zip) And here a dump from my "Wood 1.62" micro-sd: (https://github.com/kitling/flashcart_core/files/1258669/SD_dump.zip)
pixel-stuck commented 7 years ago

well, I think I've about got everything I need nailed down. My notes are here for anyone who wants them: https://gist.github.com/dark-samus/f7ab5b643500d9ee1d75c279d343b1de Idk when exactly I'll have this supported, but it's in the works :)

yacepi15 commented 7 years ago

@Dark-samus , it will be for every blue gw card or only the ones that worked with the updater? Thank you.

pixel-stuck commented 7 years ago

@yacepi15 I mean, it says Ace3dsPlus :P Idk if it will work with both. Maybe I can get @TheGreekBoy to try with one of his blue cards. If he's up for that, I'll patch the updater.

yacepi15 commented 7 years ago

If you want, i can try to do a dump from my gw.

pixel-stuck commented 7 years ago

I don't want dumps, I want someone to try the updater :P

zaksabeast commented 7 years ago

@dark-samus I had some time earlier and noted those as well. It looks strikingly similar to how the R4i Gold 3ds works - it might be good to use the R4i Gold 3ds as a template. Depending on time, I might go for this too.

Anyways, thanks for your work! It's always exciting to have a new cart added to this project.

TheGreekBoy commented 7 years ago

hi i can try it in 1 hour if you want:)

TheGreekBoy commented 7 years ago

@dark-samus i can try it right now if you want:)

pixel-stuck commented 7 years ago

@TheGreekBoy sorry, I posted that at 2 AM last night. I went to bed soon after... I'll work on modifying the updater and we'll see how it turns out whenever you can run it; please note it's very likely to brick your cart.

TheGreekBoy commented 7 years ago

i cannot recovery the card somehow if it brick?