A Simple Guide to Unlocking the Game and Nintendo Watch
Nintendo’s reborn little portable game has certainly caught the attention of hackers, and we’ve been treated to a string of feats as its secrets have been unlocked one by one. With a relatively simple material, it hides a potential well beyond a simple Mario game or two, and he’s now at the stage of having a path to dump both his SPI Flash and internal Flash, unlock his processor, and execute arbitrary code. The unlocking process is now simple enough to warrant a HOWTO video, to which [stacksmashing] treated us. This is just the beginning and is still touted as being aimed at developers rather than gamers, but it serves to show where the work is going on this console.
The console’s STM32 architecture means that the programming hardware is fairly straightforward to find, although we are cautioned against using the cheap AliExpress type that we could use with a blue pill or the like. Instead, the instant programmer that comes with an STM Nucleo board is a safer choice that many people probably already have.
The relative simplicity of the process as seen in the video below must hide an immense amount of work from multiple people. It is a succession of scripts to sequentially unlock and save the different firmwares with STM payloads for each step. Finally, the STM32 itself is unlocked and the saved Nintendo firmware can be returned to the device or instead, custom firmware can be created. Besides the DOOM we’ve already seen, there are NES and Game Boy emulators in development, and fascinatingly, they work on bare-metal games as well.
Given the lack of custom chips in this console, it’s easily possible that its hardware could be directly cloned and Nintendo unintentionally created a new general-purpose pirate handheld gaming platform. There is some hardware work in progress, such as increasing the size of the SPI flash and finding the unconnected USB pins, so we look forward to more interesting news this quarter.