5,579
edits
Changes
Jump to navigation
Jump to search
→Technical explanation: details on what gets dumped from where
Line 2:
Line 2:
== Technical explanation ==
== Technical explanation ==
−In [[MIOS]], only the bottom 16MB (of 64MB) of MEM2 could be used; this was used to emulate ARAM. Because of this, Nintendo never bothered to clear out the other 48MB, which resulted in some of the higher addresses still having data from [[IOS]], [[BC]], and [[boot2]], all of which happily store the encryption keys in memory. As a result, by reconnecting the address lines to other 16MB windows of MEM2, it becomes possible to read these other bytes.
+In [[MIOS]], only the bottom 16MB (of 64MB) of MEM2 could be used; this was used to emulate ARAM. Because of this, Nintendo never bothered to clear out the other 48MB, which resulted in 36MB of [[Broadway]] data being dumped from MEM2, as well as the 12MB reserved for [[IOS]], including [[boot2]] code for [[IOSC]], [[FS]], and [[ES]], as well as IOS30 code for the other modules (excluding the main part of the [[IOS/Kernel|kernel]], which lives in internal SRAM). As a result, by reconnecting the address lines to other 16MB windows of MEM2, it becomes possible to read these other bytes.
The data itself was uploaded to a computer through a GameCube controller port.
The data itself was uploaded to a computer through a GameCube controller port.