Probably wouldn't be too difficult for someone to add that functionality. You could also just extract and decrypt the title key from the ticket and decrypt the title yourself with that.
Homebrew [RELEASE] TWLTool - DSi downgrading, save injection, etc multitool
- Thread starter WulfyStylez
- Start date
- Views 187,708
- Replies 728
- Likes 51
I've done that for downloading the older Sudoku version from the server (using the .tik from the newer Sudoku version), so yes, it does work, but don't forget to decrypt the .tik file before using it with nus downloader (I think the latest twltool version does have a function for decrypting .tik's, so it should be no problem).
The bigger question would be if it's possible to copy .tik files from one console to another. The shop .tik's do contain a console ID value, and, if that ID is verified by the launcher, then one need to change that ID to match with the target console - doing that would make the RSA signature invalid, but I think that would be no problem (from what I can see in the launcher code (as of firmware v1.4E), the launcher is checking RSA for .tmd files, but I really can't find any RSA checks for .tik files). I am quite sure that it's possible to do that stuff, I've just never tried out of laziness (didn't want to go through the hazzle to decrypt/re-encrypt the eMMC dump and .tik's).
WAIT wait wait wait wait a second...
Do you have dowloaded the Eur sudoku v0 version??? And more importantly, when you have buyed the newer version?It's impossible to add credit to dsi shop now!
Last edited by Valery0p,
Ages ago in 2015, see here for details: http://gbatemp.net/threads/does-any...-legit-copy-of-sudokuhax.394075/#post-5622305 also note the read-only-flag trick for the cetk, it should answer Hiccup's question, I had completely forgotten about having done that back then.
Do you have the correct version number (for nus downloader) for the patched EUR EAsudoku dsiware? Anybody?
Nvm, it's 256 according to a helpful random pastebin. lol
Last edited by zoogie,
Yes! I fkng knew it! I've done some research months ago, trying to find that version... And do you know what? It's still on the Nus servers! But the ticket and the decryption trickery was what I needed...
Too bad that the 3ds downgrade-dsiware method, used in @Plailect guide, is now patched, so won't be so useful...at least now isn't MiA :]
http://www.dsibrew.org/wiki/NUS_Downloader/database
Edit:oh,ok, you finded it...
Too bad that the 3ds downgrade-dsiware method, used in @Plailect guide, is now patched, so won't be so useful...at least now isn't MiA :]
It's everything on the dsibrew wiki:
http://www.dsibrew.org/wiki/NUS_Downloader/database
Edit:oh,ok, you finded it...
Last edited by Valery0p,
No, sighax only affects 3ds exploitation.
Please, anyone with a hacked EUR DSi, get in touch with me.
If you find something, please PM me
Ot: the v0 was aslo in the CDN (e-shop) servers...(search for 000480044b344456)
Can somenone check if is still there? (I think it isn't, but because this key is available....)
v0 on the 3ds eshop is identical to version 256/257 (patched v.) on the dsi shop. The hackable sudoku NEVER existed on the 3ds eshop in any way.If you find something, please PM me
Ot: the v0 was aslo in the CDN (e-shop) servers...(search for 000480044b344456)
Can somenone check if is still there? (I think it isn't, but because this key is available....)
After about a year, my dad finally helped me to finish my (1.4.5 U) DSi XL hardmod last night, and I have Sudokuhax working!
So, with that said, I can finally help out with any tests that anyone wants to try out!
It turned out that two of the hardmod-ready MicroSD adapters needed their contacts cleaned and the other two had to have some of the wires resoldered to improve the connections.
I have some purchased, preinstalled, and free DSiWare (including LoZ Four Swords Anniversary Edition). I can help to test this with anyone else who has a DSi hardmod (someone testing my tickets or vice versa).
I will try this out later today!
Last edited by I pwned U!,
, Reason: I added my DSi firmware version and region.
Did you get the DSi tickets decrypted? The newer twltool versions should have some option for doing that. In decrypted form it should look as so: http://problemkaputt.de/gbatek.htm#dsisdmmcdsiwareticketsandtitlemetadata (ie. with the "Root-CA00000001-XS00000006" ASCII string visible in hex-editors at offset 140h).
For the Four Swords ticket, it would be intersting to know if the 4-byte Console ID at offset is 00 00 00 00 (as so in "free" system tickets) or if it's nonzero (ie. working only on your console). I would be afraid that it's nonzero, but since it was a "free" download it might also be all zeroes.
I've never tried the twtool ticket decrypt function myself (only decrypted 1-2 tik's manually), and I don't really know which of the (pre-)installed titles have the Console ID set to zero, and which have it nonzero. If that's easy to test with twltool, it would be nice to have a amall list with "Title" and "Console ID = Zero/Nonzero" (current theory is that system tools are zero, and games are nonzero, and "free games" like flipnote, browser, 3dsxfertool, 4swords might be either one or whatever).
Aside from swapping tickets between consoles, it would be also interesting to decrypt-modify-reencrypt tickets, eg. modify/destroy one or more bytes in the RSA signature at offset 004h..103h in the decrypted ticket - I believe that the DSi launcher would still accept it regardless of the signature, and if that's right than one could also modify anything else.
I just tried to open some tickets in a hex editor, but they all appear to be encrypted. I used TWLTool v1.6 to decrypt my NAND backup. Are there any additional steps that I need to follow for decrypting tickets from a decrypted NAND backup?
So I finally decrypted my tickets and I just found my first interesting discovery!
The Console ID is the important part there.
The following command can be used to decrypt your tickets:
The following command can be used to encrypt your tickets (or encrypt other legit tickets for injecting legit DSiWare on your DSi):
This also applies to the following titles (and any DSiWare titles that came preinstalled in different DSi editions than mine):
http://kotaku.com/5405257/dsi-now-comes-with-pre-installed-software
According to this, there should also be legit versions of the following titles:
(Do not worry, this screenshot does not include any title keys.)
In other words, preinstalled DSiWare titles do not have console unique tickets, similar to preinstalled 3DS titles. This should allow anyone with DSihax to inject legit titles and tickets into the NAND, and successfully launch them!http://problemkaputt.de/gbatek.htm#dsisdmmcdsiwareticketsandtitlemetadata said:
The following command can be used to decrypt your tickets:
Code:
twltool syscrypt --consoleid (your console id) --in in.tik --out out.tik
Code:
twltool syscrypt --consoleid (your console id) --in out.tik --out in.tik- Brain Age Express: Math
- Flipnote Studio
- Nintendo DSi + Internet
- Nintendo DSi Browser
- Photo Clock
http://kotaku.com/5405257/dsi-now-comes-with-pre-installed-software
According to this, there should also be legit versions of the following titles:
- Brain Age Express: Sudoku
- Clubhouse Games Express: Card Classics
- Dr. Mario Express
- Mario Calculator
- Mario Clock
- Mario vs. Donkey Kong: Minis March Again!
- WarioWare: Snapped!
Last edited by I pwned U!,
, Reason: I added more legit titles.
