Tuesday, February 08, 2005


I stopped the Real Time Clock in the DS and proved the encryption bases its random number generator on the time and the 4-character gamecode in the header. The game does not start when the gamecode is altered. Most of the bios code has been dumped and we found some others things on the encryption.
I've analyzed the random number generators and can reproduce the numbers, but unfortunately the initial numbers are in a locked part of the bios. The are ways to read it though :)
I'm currently making some program that calculates the LFSR values from the stream in reverse direction... challenging ;)

No comments: