Mike Heskin

Insert "It's been 3000 years…" meme here. sha512sum mariko_feks.bin 065ad23e65bae859096ba1f9886a4da5d15a37266bedc2c6e1b2f27e153764b0844a90b1775ad47a0b50dc72c5bbc768027a1868a10de94807ca4e5e828b6872

June 15th comes once again! Atmosphère 1.11.0 is now released: github.com/Atmosphere-NX/… This adds support for 22.0.0. Special thanks to @__alula for their invaluable contributions! Enjoy! :)

@SciresM It has truly been an honour. Best of luck and godspeed my friend!

@tpu9527 Yes, this seems to have been a staple of theirs for a very long time.

@hexkyz There have the same vm in gateway3ds firm.

Thanks to the great work done by 15432, we can finally decrypt the MIG flashcart firmware code. Here's what we've learned so far (1/9). github.com/15432/mig_rese…

@W00fer Technically yes, but tbh it's way easier to write the whole thing from scratch. Most of the firmware is useless obfuscation tactics with the actual gamecard protocol being just a very small part of it. Also, the actual read/write block logic is implemented by the FPGA instead.

@hexkyz So if all encryption shit is stripped this thing can run on much less specific hardware? You are still in need of the Lotus3 key then.

@notnotzecoxao Yes, but it's also unused. Only aes_key_2 has been used so far.

@hexkyz is aes_key_1 all zeroes?

You can find the scripts I wrote for decrypting the update files (all versions) and the VM (version 1.1.4 only for now) here: gist.github.com/hexkyz/a236646… gist.github.com/hexkyz/0df2ea5… Or in the mig_research project here: github.com/15432/mig_rese…

8) This last XOR-based algorithm is an absolute abomination of mixing random values and multiple seed sources just to make it as hard as possible to reverse engineer (even Ghidra wasn't able to produce an accurate decompilation of it, despite having support for Xtensa). (9/9)

7) Decrypting the "update.s2" file is a matter of stripping away a first layer of TEA encryption, parsing metadata, decrypting the actual firmware code with the right AES key and, finally, deobfuscating the resulting plaintext through their custom XOR-based algorithm. (8/9)

This is a major update, so Atmosphere will be broken until updated. Thank you all for your patience!

It's possible to run custom code on the Nintendo Alarmo via USB - without opening it up! More details in the blog post here: garyodernichts.blogspot.com/2024/10/lookin…

The Atmosphere 1.8.0 pre-release should work with 19.0.1 totally fine, at least at first glance.

Here's a simplified overview of what I figured out about the Alarmo boot process so far.