so here are some fun facts about the gamecube, primarily around loading unauthorized code
some mentions of the wii where relevant, since its hardware architecture is heavily based on the gc

software exploits:

- the very first method to boot into homebrew was to exploit a flow in phantasy star online
the game would download a binary from the game server and execute it without any authentication, so you could just spoof the game server and serve your own code

- at the time, the preferred method of loading pirated games was actually net-loading, though that mostly died out when it became possible to use dvd-r and, eventually, sd cards
nowadays, it’s possible to net-load games via swiss but even though it’s one of the best methods, it remains unpopular

- modchips quickly replaced this method, and no software exploits were used until the twilight hack (from early wii days) was ported to the gc version of the game

- several other save file exploits were subsequently found in more common games, so “soft modding” is a reasonable option

- there is no authentication of disc contents whatsoever, so provided you can get the console to accept an arbitrary disc, it will happily boot it

- datel released several discs for various purposes including region-free game loading (freeloader), cheating (action replay), and straight up loading homebrew (sd media launcher)

- there were no known flaws in the system menu until recently, so there is currently no “true” soft mod for the gamecube

- the one known bug seems somewhat impractical, considering it requires a much larger memory card than was ever made or supported

bootrom:

- the bootrom is attached over an spi-like bus, and it’s possible to replace it

- the bootrom is scrambled, being xored with a fixed-seed prng stream
- the data is de-scrambled on the fly by the hardware, before it enters the internal shift register
- due to a hardware bug, the bus controller will spit most of the incoming data back on the MOSI line
in the case of the bootrom, this is in fact the clear text! this means that you can xor the scrambled rom contents with it to obtain the scrambling stream, and then scramble your own bootrom
- of course like everything else, rom contents are completely unauthenticated
- the prng was completely reverse-engineered by a genius, which allows full control from the very first instruction executed by the cpu

- I’ve implemented my own bootrom replacement modchip, the hyperboot modchip is heavily based on my code and design
- I’ve provided some advice to webhdx for picoboot
- I’m the original author of iplboot, which the hyperboot menu is somewhat derived from, and which picoboot also uses

disc drive:

- retail discs are physically authenticated by the drive through an interesting scheme involving laser marks that were added after pressing the disc, they also modified the on-disc format somewhat from the dvd standard but it’s still pretty close
- datel figured out how to make discs that the console would accept in completely unmodified form, as mentioned above
- it’s possible to “unlock” the drive from host software to gain full read/write access to its memory and upload custom code

- this way, it is possible to patch firmware to bypass authentication and allow standards-compliant dvd-r discs to be read
- this was fixed on the wii from the very beginning

- there is an exposed debug port on the drive that allows to do the exact same thing

- the xenogc modchip was a cheap alternative to bootrom replacement chips, as it only required a simple microcontroller rather than an fpga at the time
- the wiikey modchip was the exact same thing, by the exact same team, and it was the first method to pirate games on the wii until nintendo finally killed it off after several drive revisions

- as is the running theme by now, the drive is completely trusted by the host

- it is not authenticated, and communications are not encrypted, so you can just replace the drive with your own device!
- nintendo had their own disc drive emulation system for development
- early attempts were made by crazynation to be able to use a hard drive with linux, but this was unpopular to my knowledge
- commercial drive emulators finally came to the wii after nintendo made it impossible to use dvd-r
these were adapted for the gamecube by people who made portables, as the reduced footprint and power consumption was advantageous for them
- I’ve implemented my own, but never released it (maybe some day I’ll finish this project)
- the wii modchips are discontinued, but gcloader exists as a newer drive emulator that is specifically made for the gamecube

- it sucks :akko_mlem:

I think that’s about it for now, this turned out a lot longer than I thought it would :akko_derp: