Depuis son lancement, nous avons étudié la 3DS sous tous les angles et, bien que nous ayons fait des pas de géant grâce aux efforts combinés de nombre de contributeurs, on peut dire que notre travail progresserait énormément si nous étions en mesure d'extraire le code de boot et d'autres informations cachées sur le SoC propriétaire de Nintendo d'une 3DS retail.

Qu'est-ce que le décapsulage ?

Pour ceux qui ne s'y connaîtraient pas, le CPU, le DPU et le GPU sont regroupés sur un SoC propriétaire sur la 3DS. Les informations sensibles y sont stockées en partie et sont vraisemblablement gravées sur le SoC lors du processus d'assemblage en usine. Cependant, ces données ne sont pas lisibles depuis l'extérieur du SoC , de sorte qu'elles n'en sortent jamais. Si cela été bien fait, elles n'atteindront jamais la mémoire principale de la 3DS et, par conséquent, les données privées (algorithmes, clé de cryptage...), le restent.

Pour extraire ces données et ensuite procéder à une rétroingénierie, on a souvent recours à ce que l'on appelle un décapsulage de la puce concernée. C'est une action très délicate puisque qu'il faut d'abord enlever l'époxy, puis retirer une à une les couches avant d'en prendre des clichés en haute résolution afin de pouvoir reconstruire la logique d'agencement des composants et circuits. Special equipment is used ( SEM / scanning electron microscope ) and it is rarely done outside of a professional context because it is very costly to an average enthusiast ("hacker") and access to equipment and the expertise is hard to realize.

Chip decapping has been used by the "emulation" community to reverse-engineer and recover data from special proprietary chips, such as those in SNES cartridges. It has also been used to to reverse-engineer other hardware to create emulators for other platforms besides the SNES.

Is this legal?

Decapping a chip and reverse engineering it is in fact legal in the US, and most likely in other countries too. Check out the Semiconductor Chip Protection Act of 1984, which states reverse engineering a chip is not prohibited.

However, we do not endorse piracy, and any information revealed by the chip decapping will be used to advance progress for homebrew applications and games on 3DS, not piracy.

How much?

We have gotten a price quote from a professional lab on the deal (removal, decap, delayer, SEM imaging) and it came out to $400 per layer of the chip, which they estimate will come to "about $2000 total". Plus the cost of the 3DS we will be donating for the hardware sample(s).

The numbers of layers is approximate because they likely don't know how many layers are in the SoC until they actually decap it. In the worst case we estimate between 8 or 10 layers. For now we're trying to reach their initial quote of $2000 USD and send in the 3DS to get it started. Later on we can still decide to have the remaining layers imaged.

Why should I help?

Kicking it around with other contributors on this site, we all agreed it would be interesting or valuable to us but $2000+ is simply a lot to ask of anyone to drop suddenly on a hobby project. Also $2000+ while a lot for an individual is a very achievable goal for a fund raising.

We created this page here to raise awareness of the fundraiser for this purpose. Now is the chance for you, the viewers of this site, to contribute. You will have the noble honor of helping the 3DS community progress forward. We're also considering giving contributors a copy of the images produced as thanks.

To reiterate, what we're trying to do is: send in initially 1 3DS to a professional lab to get delayered and imaged (covering the costs of doing so). The resulting SEM images will be reconstructed and used towards discovering more of the hardware secrets inside the 3DS.

How likely is this going to help progress?

It is not possible to give a clear answer on this until the 3DS SoC chip has been decapped. But consider the success story about the SNES decapping here. There is no 100% guarantee that we will have the same success story, since the technology is different and there might be more technological limitations. But we won't know until we try. We have a team of proven experts, anxious to have a very thorough look inside the SoC of the 3DS.

The most likely focus points will be:

• the boot ROM, possibly containing flaws which allow us to take control of the system
• secret keys, hidden in hardware, used in cryptographic operations
• secret algorithms, implemented in hardware to obscure information
• and possibly much more

How can I help?

If you'd like to donate and help contribute to this cause you can do so by donating here.

Contact information

User Jl12 is in charge of collecting the donations, and will deliver the final samples to the professional lab for the chip decapping at the end of the fundraiser. Any more questions can be directed to him at his email address gspeer012 (at) gmail (dot) com