Homebrew Unlaunch DSi | First public bootcode exploit for DSi

Deleted member 424658

Deleted member 424658

Annoying Weaboo Girl
Member
Level 5
Joined
Jun 4, 2017
Messages
499
Trophies
0
Age
24
Website
www.reddit.com
XP
677
Country
United States
Technicmaster0 said:
The statement "Do not use any bootcode exploits until RocketLauncher is released!" is bullshit.
-RL needs downgrade, this doesn't
-RL needs a supported cartridge, this doesn't

This is clearly superior to RL in about every way. Sure, it's still a bit buggy and still in beta, but after the few remaining bugs are ironed out (which can be in a week) this is clearly superior to everything RL can and RL probably won't be released until this is perfectly stable.
Who knows if RL will be released anyways? This renders it completely useless.
And who knows which unknown bugs RL has when/if it gets the first release.
I have the impression that dsibrew discord is salty because they weren't informed about this and now their work is basically worthless to most of the userbase.
Click to expand...
It's a public beta which has major issues still.
Accessing System Settings, DSi Shop, or 3DS Transfer Tool bricks the console.
The RSA patches don't even work. Homebrew doesn't boot from the home menu.
And the installer doesn't function for many users.
 
Deleted member 424658

Deleted member 424658

Annoying Weaboo Girl
Member
Level 5
Joined
Jun 4, 2017
Messages
499
Trophies
0
Age
24
Website
www.reddit.com
XP
677
Country
United States
huntertron1 said:
does anyone know if theres a installer script for twlnf? or whatever that dsi homebrew is called?
Click to expand...
The recommended way is to inject it into the NAND manually. To prevent from bricking, you need to set Launcher's app and tmd to read-only. twlnf unfortunately can't do that apparently, so it's back to the old days of manual injection.
 
huntertron1

huntertron1

dancing to music!
Member
Level 5
Joined
Oct 28, 2017
Messages
576
Trophies
0
Age
21
XP
625
Country
United States
Lyrin said:
The recommended way is to inject it into the NAND manually. To prevent from bricking, you need to set Launcher's app and tmd to read-only. twlnf unfortunately can't do that apparently, so it's back to the old days of manual injection.
Click to expand...
because gbatemp hates my service and no one give a crap about it and that dsiguide go rid of the way i decrypt nads and juck i can figure out how to decrypt my nand to mount it to edit it
 
ry755

ry755

Well-Known Member
Member
Level 8
Joined
Nov 29, 2017
Messages
534
Trophies
1
Age
20
Location
California
XP
1,498
Country
United States
huntertron1 said:
because gbatemp hates my service and no one give a crap about it and that dsiguide go rid of the way i decrypt nads and juck i can figure out how to decrypt my nand to mount it to edit it
Click to expand...
If you don't know how to install it manually, you can use TempNand to install it. But don't use the modified NAND on a real DSi until the exploit is more stable! Just try it out in no$gba for now.
 
ThisIsDaAccount

ThisIsDaAccount

Well-Known Member
Member
Level 6
Joined
Apr 8, 2016
Messages
1,158
Trophies
0
XP
954
Country
United States
huntertron1 said:
because gbatemp hates my service and no one give a crap about it and that dsiguide go rid of the way i decrypt nads and juck i can figure out how to decrypt my nand to mount it to edit it
Click to expand...
I'm one of the guys who works on DSiguide, you should know that we didn't get rid of the old pages, they're still there. If you want to access them, just add "_(Manual)" to the URL. For example, if you want to access the old downgrading page, which used to be at https://dsiguide.me/downgrading, just go to https://dsiguide.me/downgrading_(Manual)


However, the tool I made, TempNand, was made to decrease the likelihood of user errors leading to bricks. It has an Unlaunch installer, and it's pretty easy to use - you just have to click the button and navigate to the unlaunch.dsi file. Please give the tool a shot, and let me know if anything is wrong so I can fix it. I heard from @Mnecraft368 thst there's a bug that several users have experienced, that I had no idea about. I need users to actually test the tool and let me know if there's something wrong, so it can be as good as possible.
 
Apache Thunder

Apache Thunder

I have cameras in your head!
Member
Level 17
Joined
Oct 7, 2007
Messages
4,478
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,931
Country
United States
ThisIsDaAccount said:
However, the tool I made, TempNand, was made to decrease the likelihood of user errors leading to bricks. It has an Unlaunch installer, and it's pretty easy to use - you just have to click the button and navigate to the unlaunch.dsi file. Please give the tool a shot, and let me know if anything is wrong so I can fix it. I heard from @Mnecraft368 thst there's a bug that several users have experienced, that I had no idea about. I need users to actually test the tool and let me know if there's something wrong, so it can be as good as possible.
Click to expand...

Does TempNAND support setting file attributes? It's required to set read only on Launcher and TMD to prevent apps like Data Management and DSi Shop from deleting them.
 
ThisIsDaAccount

ThisIsDaAccount

Well-Known Member
Member
Level 6
Joined
Apr 8, 2016
Messages
1,158
Trophies
0
XP
954
Country
United States
Apache Thunder said:
Does TempNAND support setting file attributes? It's required to set read only on Launcher and TMD to prevent apps like Data Management and DSi Shop from deleting them.
Click to expand...
Yup! I added an unlaunch installer and it sets the read only flags for both the tmd and the launcher

Edit:
If you wanna take a look, I'll leave the link to the source here:
https://github.com/ThisIsDaAccount/TempNand
https://github.com/ThisIsDaAccount/NandInAJar

TempNand is actually a GUI for the second repo linked, NandInAJar, which actually does all of the work besides handling exceptions and taking user input.

It's all made in java, so that's why it's a pc side tool and not a console side tool
 
Last edited by ThisIsDaAccount,
  • Like
Reactions: wicksand420
huntertron1

huntertron1

dancing to music!
Member
Level 5
Joined
Oct 28, 2017
Messages
576
Trophies
0
Age
21
XP
625
Country
United States
ThisIsDaAccount said:
I'm one of the guys who works on DSiguide, you should know that we didn't get rid of the old pages, they're still there. If you want to access them, just add "_(Manual)" to the URL. For example, if you want to access the old downgrading page, which used to be at https://dsiguide.me/downgrading, just go to https://dsiguide.me/downgrading_(Manual)


However, the tool I made, TempNand, was made to decrease the likelihood of user errors leading to bricks. It has an Unlaunch installer, and it's pretty easy to use - you just have to click the button and navigate to the unlaunch.dsi file. Please give the tool a shot, and let me know if anything is wrong so I can fix it. I heard from @Mnecraft368 thst there's a bug that several users have experienced, that I had no idea about. I need users to actually test the tool and let me know if there's something wrong, so it can be as good as possible.
Click to expand...
thx
 
  • Like
Reactions: ThisIsDaAccount
Technicmaster0

Technicmaster0

Well-Known Member
Member
Level 13
Joined
Oct 22, 2011
Messages
4,420
Trophies
2
Website
www.flashkarten.tk
XP
3,565
Country
Gambia, The
Lyrin said:
It's a public beta which has major issues still.
Accessing System Settings, DSi Shop, or 3DS Transfer Tool bricks the console.
The RSA patches don't even work. Homebrew doesn't boot from the home menu.
And the installer doesn't function for many users.
Click to expand...
Yep but it's in PUBLIC beta and the issues will probably be fixed until RL comes out. Who knows which issues RL has which apache etc. didn't encounter when it gets it's first release.
 
guicrith

guicrith

Well-Known Member
Newcomer
Level 5
Joined
Apr 29, 2013
Messages
72
Trophies
0
Age
44
XP
638
Country
United States
For anyone who wants to know how it works without launching it I ran "strings UNLAUNCH.DSI" and here is the explanation included in the binary.

Bootstage 2 is loading the launcher's TITLE.TMD file to memory, that's done without any FILESIZE>LIMIT check (it's only checking FILESIZE>FILESIZE That is allowing to load about 80Kbytes of useful code, and to overwrite a task switching structure, causing ARM9 execute the loaded code, which can then tweak ARM7 to execute custom code by remapping some portions of shared WRAM, it's actually that simple.
The bigger problem has been to find this exploit within the 400,000 lines of code that bootstages 2 and 3 consist of.
Click to expand...
 
huntertron1

huntertron1

dancing to music!
Member
Level 5
Joined
Oct 28, 2017
Messages
576
Trophies
0
Age
21
XP
625
Country
United States
ok the site is down for this
https://dsiguide.me/downgrading_(Manual)


Capture.PNG

also is this normal for unlauch on emu?
 
Last edited by huntertron1,

Site & Scene News

Go to forum More news

Popular threads in this forum

DSi in 2024...

Weird R4 Firmware.bin dump

Will I not get my flashcart from aliexpress?

Homebrew GBA  GBA Exploader on modern libnds...

It might be possible to add DSONE to ntrboot_flasher.

Help with DS Flash Carts. Which are best besides the OG ones?

Misc Project  Did the DSi Capture Card End with Katsukity?

ROM Hack  Cosmetic Paradise 2 - Make no Kiseki

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Lmao Xbox removed gamescript apparently