Gamecards: Difference between revisions
Created page with "===Physical interface=== The 3DS gamecards have the same physical interface as regular DS and DSi gamecards. There is only a minor cosmetic difference in the plastic case, which ..." |
Link to where the 0x200 InitialData comes from, I noticed the pattern looking at the Lotus3 page at Switchbrew |
||
| (31 intermediate revisions by 11 users not shown) | |||
| Line 1: | Line 1: | ||
[[File:Gamecard.jpg|thumb|right|A 3DS gamecard]] | |||
[[File:GamecardPhy.jpg|thumb|right|Close-up of PCB]] | |||
===Physical interface=== | ===Physical interface=== | ||
The 3DS gamecards have the same physical interface as regular DS and DSi gamecards. There is only a minor cosmetic difference in the plastic case, which has a small extruding notch on the top-right side. As such, it prevents insertion of the gamecard into old Nintendo DS or DSi systems. | The 3DS gamecards have the same physical interface as regular DS and DSi gamecards. There is only a minor cosmetic difference in the plastic case, which has a small extruding notch on the top-right side. As such, it prevents insertion of the gamecard into old Nintendo DS or DSi systems. | ||
| Line 4: | Line 7: | ||
When modifying the case so that the 3DS gamecard fits in a DS or DSi system, those systems will refuse to detect the gamecard and show no banner icon. | When modifying the case so that the 3DS gamecard fits in a DS or DSi system, those systems will refuse to detect the gamecard and show no banner icon. | ||
{| class="wikitable" border="1" | |||
[[ | |- | ||
! Pin | |||
! Name | |||
!colspan="2"| Description | |||
|- | |||
| 1 | |||
| GND | |||
|colspan="2"| Ground | |||
|- | |||
| 2 | |||
| CLK | |||
|colspan="2"| Clock. Frequencies 6.7MHz and 4.2MHz for DS/DSi gamecards, up to 16.6MHz for 3DS gamecards (for both SPI and ROM transfers). | |||
|- | |||
| 3 | |||
| NC | |||
|colspan="2"| Not connected. Possibly used to program cards. | |||
|- | |||
| 4 | |||
| RCS | |||
|colspan="2"| ROM select, active low. Pulled low to start a ROM transfer. | |||
|- | |||
| 5 | |||
| RST | |||
|colspan="2"| Reset, active low. | |||
|- | |||
| 6 | |||
| ECS | |||
|colspan="2"| Savegame chip select, active low. Pulled low to start a savegame SPI transfer. | |||
|- | |||
| 7 | |||
| IRQ | |||
|colspan="2"| Removal detection. | |||
|- | |||
| 8 | |||
| VCC | |||
|colspan="2"| Powersupply 3.3V. | |||
|- | |||
! | |||
! | |||
! ROM bus (selected by RCS) | |||
! Savegame bus (selected by ECS) | |||
|- | |||
| 9 | |||
| DAT0 | |||
|rowspan="8"| Bidirectional data bus. | |||
|rowspan="4"| NC | |||
|- | |||
| 10 | |||
| DAT1 | |||
|- | |||
| 11 | |||
| DAT2 | |||
|- | |||
| 12 | |||
| DAT3 | |||
|- | |||
| 13 | |||
| DAT4 | |||
| NC/SIO3 | |||
|- | |||
| 14 | |||
| DAT5 | |||
| WP#/SIO2 | |||
|- | |||
| 15 | |||
| DAT6 | |||
| SO/SIO1 | |||
|- | |||
| 16 | |||
| DAT7 | |||
| SI/SIO0 | |||
|- | |||
| 17 | |||
| GND | |||
|colspan="2"| Ground | |||
|} | |||
{| class="wikitable" border="1" | |||
|- | |||
! | |||
! 3DS | |||
! DS and DSi | |||
|- | |||
| VCC | |||
| Only enabled when the power supply bits of [[CONFIG9_Registers#CFG9_CARDSTATUS|CFG9_CARDSTATUS]] are set to <tt>10</tt> | |||
| Always available when card is detected | |||
|- | |||
| Card-detect | |||
| Physical insertion switch, readable through [[CONFIG9_Registers#CFG9_CARDSTATUS|CFG9_CARDSTATUS]] bit 0 | |||
| IRQ pin | |||
|- | |||
| Time to first clock pulse | |||
| ~280ms | |||
| ~166ms | |||
|} | |||
===SPI flash=== | |||
Savegame SPI flash transfers use CPOL=1 and CPHA=1. So far, only one savegame FLASH chip has been identified. The chip identifies as <tt>0xC22211</tt>. The JEDEC manufacturer ID is Macronix, and despite the chip label saying 25L1001, the JEDEC ID matches the MX25L1021E. Datasheet at:<br> | |||
[https://www.macronix.com/Lists/Datasheet/Attachments/8796/MX25L1021E,%203V,%201Mb,%20v1.3.pdf Macronix (Rev. 1.3, nov. 11, 2013)] <br> | |||
[https://web.archive.org/web/20160307235354/http://www.beilenet.com/download/MX25L1021E,%203V,%201Mb,%20v0.01.pdf Old version mirror (Rev. 0.01, apr. 07, 2010)] <br> | |||
However, the MX25L1021E doesn't support the 4 bit wide transmission that the 3DS uses to talk to the SPI flash. It is thus likely that this is a custom flash chip. | |||
===Format=== | |||
Cartridges can come in several sizes and include system updates in a region reserved for this. In ROMs less than 1GB the update region can be found with: | |||
CART_SIZE_MAX-( 0x280000*(CART_SIZE_MAX/CART_SIZE_128MB) )-0x2000000. The region is then 0x2000000 bytes. | |||
===Protocol=== | ===Protocol=== | ||
The communication protocol between the 3DS system and the 3DS gamecard has changed completely in comparison with the DS and DSi gamecard communication protocol. | The communication protocol between the 3DS system and the 3DS gamecard has changed almost completely in comparison with the [http://problemkaputt.de/gbatek.htm#dscartridgeprotocol DS and DSi gamecard communication protocol]. | ||
The protocol begins in a DS-compatible 8-byte command mode (unencrypted). It switches to a 3DS-only 16-byte mode (encrypted) after the 0x3e command. When 16-byte commands are used, the data bus maintains the value 0x00 until the card signals it is ready by clocking a single byte 0x01, followed by the actual data. After each 0x200-byte block of actual data, a 4-byte standard CRC32 of the block data (before encryption, polynomial 0x82608edb and the final output is xored with 0xffffffff) follows. | |||
Here's a set of sample gamecard commands for the title LEGO Star Wars III The Clone Wars (EUR), title ID 0004000000038c00, that a 3DS sends to a 3DS gamecard: | |||
{| class="wikitable" border="1" | |||
|- | |||
! Size | |||
! Command | |||
! Decrypted command | |||
! Description | |||
|- | |||
|<tt>2000</tt> | |||
|<tt>9F00000000000000</tt> | |||
|<tt>9F00000000000000</tt> | |||
|Reset | |||
|- | |||
|<tt>0000</tt> | |||
|<tt>71C93FE9BB0A3B18</tt> | |||
|<tt>71C93FE9BB0A3B18</tt> | |||
|Signal that the gamecard should act as a 3DS gamecard | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>9000000000000000</tt> | |||
|<tt>9000000000000000</tt> | |||
|Get gamecard ID1, response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>9000000000000000</tt> | |||
|<tt>9000000000000000</tt> | |||
|Get gamecard ID1, response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>A000000000000000</tt> | |||
|<tt>A000000000000000</tt> | |||
|Get gamecard ID2, response=00000000 | |||
|- | |||
|<tt>0000</tt> | |||
|<tt>3E00000000000000</tt> | |||
|<tt>3E00000000000000</tt> | |||
|Enter 16-byte command mode | |||
|- | |||
|<tt>0200</tt> | |||
|<tt>82000000000000000000000000000000</tt> | |||
|<tt>82000000000000000000000000000000</tt> | |||
|Get gamecard header and enable encryption | |||
|- | |||
|<tt>0000</tt> | |||
|<tt>F32C92D85C9D44DED3E0E41DBE7C90D9</tt> | |||
|<tt>8300000000000000708DF1A731717D0B</tt> | |||
|Seed (rekey cryptography) | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>696B9D8582FB55D31B68CAFE70C74A95</tt> | |||
|<tt>A200000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID1 (using cryptography), response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>BAA4812CA0AC9C5D19399530E3ACCCAB</tt> | |||
|<tt>A300000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID2 (using cryptography) | |||
|- | |||
|<tt>0000</tt> | |||
|<tt>178E427C22D87ADB86387249A97D321A</tt> | |||
|<tt>C500000000000000708DF1A731717D0B</tt> | |||
|Refresh cart NAND | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>E06019B1BD5C9130ED6A4D9F4A9E7193</tt> | |||
|<tt>A200000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID1 (using cryptography), response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>4E0D224862523BBFE2E6255F80E15F37</tt> | |||
|<tt>A200000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID1 (using cryptography), response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>4CDF93D319FB62D0DB632A45E3E8D84C</tt> | |||
|<tt>A200000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID1 (using cryptography), response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>9AA5D80551002F955546D296A57F0FEF</tt> | |||
|<tt>A200000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID1 (using cryptography), response=9000FEC2 | |||
|- | |||
|<tt>0004</tt> | |||
|<tt>C12BA81AEF30DDDBD93FAD5D544C6334</tt> | |||
|<tt>A200000000000000708DF1A731717D0B</tt> | |||
|Get gamecard ID1 (using cryptography), response=9000FEC2 | |||
|- | |||
|<tt>0200</tt> | |||
|<tt>62EC5FB7F420AE1DC6253AE18AFA5BB3</tt> | |||
|<tt>BF000000000000000000000000000000</tt> | |||
|Read gamecard at address 0 | |||
|- | |||
|<tt>0200</tt> | |||
|<tt>E3FA23AA016BE0C93430D1F42FF41324</tt> | |||
|<tt>BF000000000040000000000000000000</tt> | |||
|Read gamecard at address 0x4000 | |||
|} | |||
The header command has some initial dummy bytes, and eventually responds with the 0x200 byte [[NCSD#InitialData|InitialData]]. Here's an example for Lego Starwars 3: | |||
0000000: 00 8c 03 00 00 00 04 00 00 00 00 00 00 00 00 00 ................ | |||
0000010: b3 cf fb c6 6a b1 cb 20 32 af ce 35 d4 1c 74 c9 ....j.. 2..5..t. | |||
0000020: 8e 6b 27 2f 08 01 28 3b d4 30 de 44 37 f5 b0 46 .k'/..(;.0.D7..F | |||
0000030: 91 59 d7 38 33 48 df 83 fd 71 84 2c 00 00 00 00 .Y.83H...q.,.... | |||
0000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000100: 4e 43 43 48 7a 7f 0e 00 00 8c 03 00 00 00 04 00 NCCHz........... | |||
0000110: 36 34 02 00 00 00 00 00 00 8c 03 00 00 00 04 00 64.............. | |||
0000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
0000150: 43 54 52 2d 50 2d 41 4c 47 50 00 00 00 00 00 00 CTR-P-ALGP...... | |||
0000160: 0c 27 e3 c1 de 7b 2a e2 d3 11 4f 32 a4 ee bf 46 .'...{*...O2...F | |||
0000170: 9a fd 0c f3 52 c1 1d 49 84 c2 a9 f1 d2 14 4c 63 ....R..I......Lc | |||
0000180: 00 04 00 00 00 00 00 00 00 00 00 00 01 03 00 00 ................ | |||
0000190: 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00001a0: 06 00 00 00 1c 0a 00 00 01 00 00 00 00 00 00 00 ................ | |||
00001b0: 22 0a 00 00 58 75 0e 00 01 00 00 00 00 00 00 00 "...Xu.......... | |||
00001c0: 13 0c 04 26 15 f6 47 c4 c6 32 25 ea 9e 67 f8 a2 ...&..G..2%..g.. | |||
00001d0: 7b 15 24 6b 88 fb c7 a9 27 25 7b 84 97 7b 78 7b {.$k....'%{..{x{ | |||
00001e0: a6 5b ee 10 60 bb 6a 68 21 bb ce c6 00 03 5b 7e .[..`.jh!.....[~ | |||
00001f0: 64 fb 6e ac a7 f0 96 0c fb 1f 5a 37 08 77 28 f7 d.n.......Z7.w(. | |||
After the 0x82 command, cryptography is initialized, which can be reproduced following this algorithm; unless noted otherwise, all operations are in big endian byte order: | |||
# Set the [[AES_Registers|AES keyslot 0x3b keyY]] to the values at 0x000:0x010. The corresponding keyX is set in [[Bootloader|Boot9]]. | |||
# Decrypt the 16 bytes at 0x010:0x020 using AES-128-CCM in keyslot 0x3b using the 12-byte nonce at 0x030:0x03c to obtain the primary seed; if the response to the 0xa0 command AND 0x00000003 equals 3, instead use slot 0x11 and set the normalkey to 0x00000000000000000000000000000000. Verify that the 16-byte tag at 0x020:0x030 is valid. | |||
# Split the primary seed into two halves: left and right. | |||
# Initialize a context for the SNOW 2.0 stream cipher. The 128-bit key is the primary seed. The 128-bit IV is a 128-bit static value depending on the gamecard ID2. | |||
# Call the SNOW 2.0 stream cipher 32 times to obtain 1024 bits (32 words) of output. Discard them. | |||
# Initialize a context for the RC4 stream cipher. The 256-bit key consists of a 128-bit static value depending on the gamecard ID2 followed by four outputs of the SNOW 2.0 stream. | |||
# Call the RC4 stream cipher 256 times to obtain 2048 bits (256 bytes) of output. Discard them. | |||
All commands and responses are now encrypted using RC4. The gamecard controller and gamecard itself share the RC4 key and advance the state accordingly. | |||
If the 0x83 command is sent, the cryptography is re-keyed: | |||
# Initialize a new context for the SNOW 2.0 stream cipher. The 128-bit key consists of the left half of the primary seed followed by the lower 64 bytes of the decrypted 0x83 command. The 128-bit IV is the same 128-bit static value depending on the gamecard ID2 as before. | |||
# Call the SNOW 2.0 stream cipher 32 times to obtain 1024 bits (32 words) of output. Discard them. | |||
# Initialize a new context for the RC4 stream cipher. The 256-bit key consists of the same 128-bit static value depending on the gamecard ID2 as before followed by four outputs of the new SNOW 2.0 stream. | |||
# Call the RC4 stream cipher 256 times to obtain 2048 bits (256 bytes) of output. Discard them. | |||
The above example commands can be decrypted in this manner. | |||
The static values are fixed in the gamecard controller and gamecards themselves, they are not obtained from Process9 or anywhere in NATIVE_FIRM. | |||