Views: 1,185,296 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 06-14-21 12:53 AM

Main - Posts by 54634564

Posted on 11-14-15 06:25 PM, in DSi banner.sav? (rev. 11 of 11-16-15 11:33 PM) Link | #719

In the Brain Age express games, these are called 'SubBanner'. Here's the layout of the SubBanner folder in one of the game's ROM filesystem:
| icon_sub_bnr.zbi
| nou.zbi
| Number.zcg
icon_sub_bnr.zbi and nou.zbi are icons(compressed). The other two files are a graphic containing numbers and its palette(also compressed). I guess the game builds the icon that gets used for banner.sav out of that icon and the number graphic.

The format for the icons is slightly different from the icons built into the ROMs.
There's the version at 0x00, some 2 byte value at 0x08, room for 8 image frames at 0x20, room for 8 palettes at 0x1020, then animation frame info at 0x1120.

I'm going to check these games out on my 3DS and see if I can get them to make a banner. If they do, I'll extract one for you. Although, I'd imagine it'd be the exact same format as the icons above, just with modified frames.

EDIT: Ok, extracted a banner.sav for the Brain Age Express Sudoku game.

Its location in the NAND was 'title\00030004\4b4e3945\data\banner.sav'

Here's a GIF of its animation:[image]
Compare that to the raw icon from the ROM's FS at the top of my post. It has just had a '2' overlaid on some frames.

And here's the banner.sav: https://www.mediafire.com/?1meim3c09avxc7f
Format is as I predicted, exactly the same as what I described earlier. Looks like the file is larger, but I think everything from 0x11A0 onwards is just 'decrypted' junk(as in, it was probably 0xFFs on the NAND. Didn't bother checking).

Hope it's OK to share this here.

Posted on 11-16-15 08:21 PM, in DSi banner.sav? (rev. 3 of 11-16-15 08:25 PM) Link | #736
On my 3DS at least, once the banner.sav exists it replaces the game's own icon anywhere you can see it. Like on the home menu and the DSi data management screen.

Posted on 11-23-15 04:47 PM, in Decrypting the NAND title.db / import.db (rev. 3 of 11-23-15 05:01 PM) Link | #764
Posted by profi200
It's not in the rules but no one will answer if it get's used for purposes we don't like.

You are welcome to ask other things.

Wow, when did you become admin here profi? Congrats on the promotion!

That's it, d0k3. Might as well just delete your posts, can't discuss this. So saith lord profi200.

On a serious note...I don't think people have looked into these files too extensively. That's the reason you probably won't be getting any answers, not any "moral" stuff.
Hell, yellows8 thought there was extra crypto on the tickets in tickets.db up until late last year(there isn't):

Posted on 11-23-15 11:09 PM, in Decrypting the NAND title.db / import.db (rev. 6 of 11-23-15 11:19 PM) Link | #767
d0k3, I just saw your GBAtemp post:
"...The seemingly corrupted parts also happen to be nicely aligned to certain 'round' (ie with zeros at the end) offsets..."

Check those spots in the files on the encrypted NAND, they're probably blocks of 0xFF(never been written to). When you decrypt the NAND, you 'decrypt' these blocks of 0xFF and they end up looking like garbage/encrypted data.

To show an example, see this image: http://i.imgur.com/RdklqTF.png
Top is from decrypted NAND, bottom encrypted.
0xB0E00 is at 0x4E00 into my ticket.db.

Posted on 12-07-15 01:20 PM, in What is this file's format? Link | #822
Posted by Mikle0x
Yeah sorry, someone who wants to stay anon., got this file I-don't-know-where, and had no clue about it either.

They have to know where they got the file from. I seriously doubt it just poofed into existence on their hard drive.

Posted on 12-14-15 12:06 PM, in Get BOOTROM/Key Scrambler? Link | #830
Posted by StapleButter
Dumping the boot ROM is probably impossible without a hardware attack. It permanently disables itself on the way out. Maybe a carefully timed glitch could cause the lockdown instruction to be skipped. This would require measuring how long the boot ROM takes to do its thing, ensuring the timing is reliable (it could be different every time), assuming the lockdown instruction is the last one to be executed...

According to the first entry here:

It should be slightly easier than trying to glitch out one specific instruction. Looks like you have a small window of time right after the bootrom starts running to cause a hardware glitch and gain code execution.

Wonder if anyone has done it yet and just not publicly announced it.

Posted on 06-21-16 05:43 PM, in DSi Font File Format Link | #1047
Definitely has Japanese. Highlighted here are the katakana and hiragana syllabaries used in Japanese:

Shortly after that highlighted bit, you have the large block of kanji. Most kanji are shared with other Asian languages, but I'm not seeing stuff like the Hangul used in Korean. Chinese and Korean units probably have their own font.

Main - Posts by 54634564

Page rendered in 0.012 seconds. (2048KB of memory used)
MySQL - queries: 22, rows: 73/73, time: 0.009 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.