PassMe

History

To talk about the devices and people who managed to crack Nintendo DS encryption, we need to discuss what this protection was and how the console loaded cartridges. This entire process is quite unique and starts when you press the power button, ending when the console's main menu loads.

So, you turn on the Nintendo DS.

On the Nintendo DS board, there were two BIOS chips that stored data necessary for the processors:

A 4 KB BIOS connected to the ARM9 bus.

A 16 KB BIOS connected to the ARM7 bus.

Note that the ARM7 processor's BIOS is larger in size. It stores encryption data, and access to this data is only granted once—when the console is turned on. You might have noticed that if you insert a cartridge into the Nintendo DS after turning it on, it won't display or launch. This is due to the protection. After the encryption is verified and the cartridge is confirmed as original, the encryption table is deleted from memory.

The BIOS is responsible for loading the console and the cartridge. They had their own division: the ARM9 BIOS was responsible for loading the entire console, while the ARM7 BIOS was responsible for verifying and loading the cartridge into RAM.

Conditionally, the cartridge loading process can be divided into three parts:

1. Reading and writing the header to RAM;

2. Reading and writing the protected area to RAM;

3. Reading and writing the game's executable file to RAM;

All texts, images, music, and other files remained on the cartridge itself.

Let's talk more about cartridge initialization.

The cartridge header contained a lot of information, but from a boot perspective, two lines are interesting: "Key 1," which was needed to continue loading the cartridge, and the line with the address of the game's executable file.

After the header was transferred and the key data was obtained, the protected area was copied into memory (it was encrypted with this key from the factory). Then it was encrypted using "Key 2" (this key was created by mixing the value of "Key 1" with various random values, such as time). Then all data was decrypted, and the resulting verification value was compared with the original. If something didn't match, the data was erased, and the executable file was not copied. Given the amount of data used for encryption, it was extremely easy to get a different final value. If everything went well, the Nintendo DS executable file was loaded into the main 4MB PSRAM, and the Game Boy Advance executable file was loaded into the 64KB WRAM.

After everything was loaded into memory and ready to start the system, the main Nintendo DS shell loaded.

Where is the weak spot here?

Nintendo developers decided not to encrypt the entire cartridge because it would have caused an unjustified load on the processor. Therefore, encryption was initially applied only to commands between the cartridge and the processor (and not all commands, but only at a certain moment), and there was a small "Protected Area" on the cartridge itself. This area stored the final value used to verify the results (which is why this area was encrypted).

Now let's return to the history of Nintendo DS hacking.

This story begins with a device called PassMe, invented by a person hiding under the nickname DarkFader (Rafael Vuijk). In early 2005, no one knew him, but later he became quite famous. DarkFader developed the first method to hack the Nintendo DS, allowing the execution of unlicensed code. Later, he would also write the first virus for the NDS. He would later apologize for this and create a program to restore consoles. Then his trail would be lost. It's interesting to see how his fate unfolded.

DarkFader, not having the console in hand, immediately wrote that he wanted to try hacking the Nintendo DS and was waiting for it to arrive in the Netherlands.

When he first saw the Nintendo DS, he decided to see how the cartridge and console interacted. For this, he developed a whole device based on an FPGA (Field-Programmable Gate Array). On one side, an original cartridge was inserted into this device, and on the other side, there was a homemade board (shaped like a cartridge) that was inserted into the Nintendo DS.

Unfortunately, the photos of this device are of very low quality.

This equipment allowed not only tracking how the cartridge and console communicated but also changing the code on the fly. He immediately saw that the original cartridge had a header with various data. He also managed to substitute the header data.

After turning on the console, the header data table was loaded from the cartridge into RAM. At this stage, the main data substitution occurred. The following data in the cartridge header (which looked like a table) was changed:

Cartridge autoload was enabled (the autoload bit was changed from 0 to 1);

For the ARM7 processor, the executable file address was changed (to 080000C0h) from Nintendo DS to Game Boy Advance cartridge;

The ARM9 processor was sent into an infinite loop;

The CRC code was corrected (initially, only one Metroid Prime Hunters cartridge could be used because the correct CRC value was calculated manually).

What was the result?

You turned on the console. The processors loaded their BIOS. Then the header table from the Nintendo DS cartridge was loaded (already modified data). The ARM9 went into an infinite loop and waited for the ARM7 to finish verifying the NDS cartridge's authenticity. And here's where the interesting part happened.

Normally, two executable files from the NDS and GBA cartridges should have been loaded into their respective memory (GBA into 64KB WRAM, NDS into 4MB PSRAM). However, the ARM9 processor remained in an infinite loop, and the ARM7 processor, instead of loading the GBA cartridge's executable file into 64KB WRAM, loaded the GBA cartridge's executable file (which contained the NDS program) into 4MB PSRAM. This happened due to a special loader file applied to the NDS ROM image, which essentially had a simple pointer -> load into the main PSRAM. After the loading was complete, the ARM7 told the ARM9 processor that everything was ready. At this point, the main Nintendo DS shell should have loaded. But since the cartridge autoload was enabled, the ARM9 immediately loaded the game.

Later, DarkFader uploaded all the files (including the VHDL code) to the internet, and those who wanted could follow his path. But, as you understand, not many could do this. It would have likely ended there if not for Natrium42 (Alexey Karpenko), who decided to try building such a device himself. His version was also quite bulky:

But I wouldn't write about him if he had just replicated DarkFader's creation. Natrium42 significantly reduced the size of the entire structure. He created a board design based on a CPLD circuit, and its size was 3.5 cm by 5.4 cm, not much larger than a standard Nintendo DS cartridge. Compare this to what's in the photo above.

Natrium42 uploaded this design to the internet but wrote that there might be errors in it. He ordered printed circuit boards from a factory and, to avoid waiting, decided to assemble a prototype by hand.

But while Natrium42 was waiting for the boards to arrive, Lynx (another member of the NDS community) had already received the board from the factory based on Natrium42's design and created the first cartridge, called PassMe.

Interestingly, Lynx later wrote that it didn't work for him at the time. But he still posted the news on the gbadev.org website.

I don't know if that first assembled PassMe worked, but it's safe to say that this topic didn't die out. Initially, Natrium42 didn't want to make a ready-made device. This would have definitely killed the PassMe project. It's one thing when you buy a ready-made device and quite another when you have to order the board separately, find chips in stores, and then solder everything. So Lynx decided to take on this responsibility and started producing a finished product.

What is PassMe?

Initially, PassMe couldn't do much. It was a board into which an original Nintendo DS cartridge was inserted.

The worst part was that the cartridge had to be soldered directly to the board. Notice the small orange piece of plastic; it was needed to make PassMe snap in like an original cartridge.

Later, a version with PCI connectors appeared, and the cartridge no longer needed to be soldered.

Later, Natrium42 and Lynx came up with an interesting idea: they bought GameBoy connectors and cut them in half. This eliminated the need to solder the cartridge to PassMe or make those awkward connectors.

One thing to note here is that at the start of Nintendo DS sales, the console was sold with a Metroid Prime Demo cartridge.

And the first PassMe devices only worked with this cartridge. So if you didn't have this demo cartridge but had some other one, you couldn't use PassMe.

But even if you had the demo game and a purchased PassMe, what did you get in the end?

This whole setup allowed running homebrew Nintendo DS applications from a Game Boy Advance flash cartridge, meaning you couldn't run original Nintendo games initially. And this was quite logical. Imagine installing a game on your computer and then moving the executable .exe file (which launches the game) to another location. This file simply wouldn't be able to find the game's resources and would throw an error. The same thing happened here: the DS game's executable file was loaded into the correct RAM, but the game itself accessed the NDS cartridge (which had a different game) and simply didn't understand that the files were stored elsewhere.

Game modifications were required, but no one knew how to do this. Well, DarkFader knew how to do it, but he didn't release any patches or programs.

Distributed Hacking

As I wrote above, the first PassMe devices only worked with the Metroid Prime Demo cartridge. The problem was that Nintendo developers included a CRC check in the game's code.

To put it simply, any program (or even a string or sentence) can be represented as binary code. And at the end of such code, a value was added, which was calculated using a specific algorithm (CRC16 in the case of Nintendo DS). This value was essentially a checksum for the code. If the value matched, it meant the code was transmitted correctly; if not, it meant there was a read error, and the console's RAM was cleared.

Now imagine you substitute the code with another one (as in our case with the executable file address), which means the final CRC value changes. But the console doesn't understand this and thinks the data was read with errors, so the code doesn't run.

When everyone has the same game, you can manually adjust this value. But what if everyone has a different game? You need to recalculate the CRC value each time, and that's a problem.

CRC generation on the Nintendo DS was done using linear-feedback shift registers (LFSR). Such a register was used to generate pseudo-random numbers. It differed from a random number generator in that each subsequent value was calculated using a formula that depended on previous numbers.

To attempt to hack the console, DarkFader developed a program that calculated LFSR values from a stream in reverse. But the problem was that this required a huge amount of time. So the Nintendo DS homebrew community turned this into a competition. You could download the program and then make it to the top.

Many responded to this offer and installed the application on their computers. The result was obtained in about 30 hours. But the total time spent by all computers, and there were more than 100 of them, was 1763 hours, or 73 days!

DarkFader got all the necessary data. About two weeks after testing, he rewrote the VHDL code with dynamic CRC generation. This meant that PassMe no longer needed a specific game; any game would work.

Epilogue

These events mark the beginning of the long history of Nintendo DS hacking. Many interesting things will happen next, and various devices and methods to bypass Nintendo DS encryption will appear. Nintendo programmers will try to modify the Nintendo DS firmware to prevent bypassing the protection, but will they succeed?

In the next article, we will talk about the emergence of commercial PassMe clones. This marks the beginning of the era of Slot-2 Nintendo DS cartridges. And DarkFader played a role in creating the NeoFlash monopoly.