Difference between revisions of "Fundraiser"

From 3dbrew
Jump to navigation Jump to search
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
There has been alot of tinkering with the 3DS since launch, and although there have been leaps and bounds due to the combined efforts of many contributors, much of what we're doing would be expedited by extracting the boot code and other proprietary information (secrets) from the custom Nintendo (System-On-a-Chip) of a retail 3DS.
+
There has been alot of tinkering with the 3DS since launch, and although there have been leaps and bounds due to the combined efforts of many contributors, much of what we're doing would be expedited by extracting the boot code and other proprietary information (secrets) from the custom Nintendo SoC (System-On-a-Chip) of a retail 3DS.
  
 +
 +
 +
= UPDATE 12/01/2013 =
 +
We are unable to contact user [[User:Jl12|Jl12]] for months now, if you can contact this user please let us know.  His email address gspeer012 (at) gmail (dot) com. For now the fundraiser is suspended.
 +
 +
<!--
 +
 +
= UPDATE 06/07/2013 =
 +
The fundraiser will remain open until it raises approximately 2,300 in order to pay for the decapping and the applicable taxes. Thus the fundraiser is still running.
  
 
= What is chip decapping? =  
 
= What is chip decapping? =  
 
For those that are unfamiliar: the CPU, GPU & DSP all exist on one proprietary SOC design used on the 3DS. Secure information is stored there partly, most likely burned onto the SoC during manufacturing and not readable by any other normal means or from outside of the SoC, in such a way that the secure information there, always stays there. In good design it will never reach the main memory of the 3DS and so sensitive data (like encryption keys or algorithms) stay secure.
 
For those that are unfamiliar: the CPU, GPU & DSP all exist on one proprietary SOC design used on the 3DS. Secure information is stored there partly, most likely burned onto the SoC during manufacturing and not readable by any other normal means or from outside of the SoC, in such a way that the secure information there, always stays there. In good design it will never reach the main memory of the 3DS and so sensitive data (like encryption keys or algorithms) stay secure.
  
Extracting data from a proprietary chip to reverse-engineer it is typically done by decapping it, which is risky business and involves removing the epoxy, delayering the chip and taking high-resolution pictures of every layer to reconstruct logic from the images. Special equipment is used ( SEM / scanning electron microscope ) and it is rarely done outside of a professional context because it is very costly to an average enthusiast ('hacker') and access to equipment and the expertise is hard to realize.
+
Extracting data from a proprietary chip to reverse-engineer it is typically done by decapping it, which is risky business and involves removing the epoxy, delayering the chip and taking high-resolution pictures of every layer to reconstruct logic from the images. Special equipment is used ( SEM / scanning electron microscope ) and it is rarely done outside of a professional context because it is very costly to an average enthusiast ("hacker") and access to equipment and the expertise is hard to realize.
  
 
Chip decapping has been used by the "emulation" community to reverse-engineer and recover data from special proprietary chips, such as those in SNES cartridges. It has also been used to to reverse-engineer other hardware to create emulators for other platforms besides the SNES.
 
Chip decapping has been used by the "emulation" community to reverse-engineer and recover data from special proprietary chips, such as those in SNES cartridges. It has also been used to to reverse-engineer other hardware to create emulators for other platforms besides the SNES.
 +
 +
= Is this legal? =
 +
Decapping a chip and reverse engineering it is in fact legal in the US, and most likely in other countries too. Check out the [http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984 Semiconductor Chip Protection Act of 1984], which states reverse engineering a chip is not prohibited.
 +
 +
However, we do not endorse piracy, and any information revealed by the chip decapping will be used to advance progress for homebrew applications and games on 3DS, not piracy.
  
 
= How much? =
 
= How much? =
 
We have gotten a price quote from a professional lab on the deal (removal, decap, delayer, SEM imaging) and it came out to $400 per layer of the chip, which they estimate will come to "about $2000 total". Plus the cost of the 3DS we will be donating for the hardware sample(s).
 
We have gotten a price quote from a professional lab on the deal (removal, decap, delayer, SEM imaging) and it came out to $400 per layer of the chip, which they estimate will come to "about $2000 total". Plus the cost of the 3DS we will be donating for the hardware sample(s).
 +
 +
The numbers of layers is approximate because they likely don't know how many layers are in the SoC until they actually decap it. In the worst case we estimate between 8 or 10 layers. For now we're trying to reach their initial quote of $2000 USD and send in the 3DS to get it started. Later on we can still decide to have the remaining layers imaged.
  
  
Line 17: Line 33:
  
 
We created this page here to raise awareness of the fundraiser for this purpose. Now is the chance for you, the viewers of this site, to contribute.
 
We created this page here to raise awareness of the fundraiser for this purpose. Now is the chance for you, the viewers of this site, to contribute.
 +
You will have the noble honor of helping the 3DS community progress forward.
 +
We're also considering giving contributors a copy of the images produced as thanks.
 +
 +
To reiterate, what we're trying to do is: send in initially 1 3DS to a professional lab to get delayered and imaged (covering the costs of doing so). The resulting SEM images will be reconstructed and used towards discovering more of the hardware secrets inside the 3DS.
 +
  
To reiterate, what we're trying to do is: send in initially 1 3DS to a professional lab to get delayered and imaged (covering the costs of doing so). The resulting SEM images will be reconstructed and used towards discovering more of the hardware secrets inside the 3DS.
+
= How likely is this going to help progress? =
 +
It is not possible to give a clear answer on this until the 3DS SoC chip has been decapped. But consider the success story about the SNES decapping [http://byuu.org/articles/emulation/decap here]. There is no 100% guarantee that we will have the same success story, since the technology is different and there might be more technological limitations. But we won't know until we try. We have a team of proven experts, anxious to have a very thorough look inside the SoC of the 3DS.
  
We're considering giving contributors a copy of the images produced as thanks.
+
The most likely focus points will be:
 +
* the boot ROM, possibly containing flaws which allow us to take control of the system
 +
* secret keys, hidden in hardware, used in cryptographic operations
 +
* secret algorithms, implemented in hardware to obscure information
 +
* and possibly much more
  
 
= How can I help? =
 
= How can I help? =
 
If you'd like to donate and help contribute to this cause you can do so by donating [http://n-dev.net/donate.php here].
 
If you'd like to donate and help contribute to this cause you can do so by donating [http://n-dev.net/donate.php here].
 +
 +
 +
 +
= Contact information =
 +
User [[User:Jl12|Jl12]] is in charge of collecting the donations, and will deliver the final samples to [http://www.eaglabs.com/about-eag.html the professional lab] for the chip decapping at the end of the fundraiser. Any more questions can be directed to him at his email address gspeer012 (at) gmail (dot) com
 +
-->

Latest revision as of 22:43, 12 January 2014

There has been alot of tinkering with the 3DS since launch, and although there have been leaps and bounds due to the combined efforts of many contributors, much of what we're doing would be expedited by extracting the boot code and other proprietary information (secrets) from the custom Nintendo SoC (System-On-a-Chip) of a retail 3DS.


UPDATE 12/01/2013

We are unable to contact user Jl12 for months now, if you can contact this user please let us know. His email address gspeer012 (at) gmail (dot) com. For now the fundraiser is suspended.