HaxxStation: DS Download Station exploit



13 years.

The original DS was released in 2004, and to this day, no hax for Download Play had been made.

Until now.

Gericom found an exploit in DS Download Station, allowing us to run any homebrew we'd like over DS download play.

Source code for dspatch: https://github.com/Gericom/dspatch

Enjoy!

Credits:
Exploit: shutterbug2000, Gericom, and Apache Thunder
Graphics: Jaames, Robz8

And if you want to load unsupported flashcarts on a DSi:

Yes.
Here's Apache Thunder's flashcard launchers edited for HaxxStation. @shutterbug2000 should put this in the first post.
https://www.odrive.com/s/23b9f39c-ae15-4c1b-8ff7-64344fa6f2d2-5939fc7f
 

Attachments

  • dspatch.zip
    19.4 KB · Views: 2,269
  • dspatchv1.1.zip
    19.8 KB · Views: 1,710
Last edited by shutterbug2000,

mariogamer

Well-Known Member
Member
Joined
Aug 12, 2015
Messages
1,256
Trophies
0
Age
28
XP
790
Country
Canada
Is there any launcher for R4i (not gold?) Trying the gold version freeze the console.

I may buy an ak2i, but it seem like there is no compatible one, so maybe I'll take a R4 SDHC 2017
 
Last edited by mariogamer,

Deleted member 424658

Annoying Weaboo Girl
Member
Joined
Jun 4, 2017
Messages
499
Trophies
0
Age
24
Website
www.reddit.com
XP
677
Country
United States
Ok was thinking so.... at least we can run any homebrew... I just hope this may lead to SD read/write
You can't run any homebrew, and it won't lead to sd read/write. I think it was in another thread that Apache Thunder said it's impossible (without some sort of cfw) to get SD access into the DS mode since SD access is disabled the moment it switches into DS mode.
 

mariogamer

Well-Known Member
Member
Joined
Aug 12, 2015
Messages
1,256
Trophies
0
Age
28
XP
790
Country
Canada
You can't run any homebrew, and it won't lead to sd read/write. I think it was in another thread that Apache Thunder said it's impossible (without some sort of cfw) to get SD access into the DS mode since SD access is disabled the moment it switches into DS mode.
Ok....

I'm still interested where is this thread?
 

FIX94

Former Staff
Former Staff
Joined
Dec 3, 2009
Messages
7,284
Trophies
0
Age
29
Location
???
XP
11,238
Country
Germany
If you didnt see it, I now made my wii homebrew version a bit more useful by allowing to send over .nes/.gb/.gbc files directly using internal nesDS/GameYob files ;)
https://github.com/FIX94/wii-ds-rom-sender/releases
Oh also the LZO compression could probably be built into dspatch, not sure if that would make a big difference though.
 

Gericom

Well-Known Member
Member
Joined
Jun 30, 2011
Messages
1,379
Trophies
2
Age
25
XP
4,658
Country
Netherlands
If you didnt see it, I now made my wii homebrew version a bit more useful by allowing to send over .nes/.gb/.gbc files directly using internal nesDS/GameYob files ;)
https://github.com/FIX94/wii-ds-rom-sender/releases
Oh also the LZO compression could probably be built into dspatch, not sure if that would make a big difference though.
While working on the exploit it turned out that the LZO decompressor seemed kinda buggy as half of the time the roms wouldn't run with it (crashes into a disconnection error)
 

FIX94

Former Staff
Former Staff
Joined
Dec 3, 2009
Messages
7,284
Trophies
0
Age
29
Location
???
XP
11,238
Country
Germany
While working on the exploit it turned out that the LZO decompressor seemed kinda buggy as half of the time the roms wouldn't run with it (crashes into a disconnection error)
You possibly didnt know that the file you send has to be 2-byte aligned so you have to possibly append 1 byte when saving it into a file.
 

FIX94

Former Staff
Former Staff
Joined
Dec 3, 2009
Messages
7,284
Trophies
0
Age
29
Location
???
XP
11,238
Country
Germany
Hmm, you might be right. I'm not sure though. You might want to do some tests
The thing with the send protocol is that its size internally is set as "amount of shorts" so it does size>>1 essentially while the size it sends beforehand to the client is in "amount of bytes", meaning if the size is not 2 byte aligned you will loose 1 byte on the internal and it'll never send that last byte, thus failing at 99.99% on the client and disconnecting.
 

Gericom

Well-Known Member
Member
Joined
Jun 30, 2011
Messages
1,379
Trophies
2
Age
25
XP
4,658
Country
Netherlands
The thing with the send protocol is that its size internally is set as "amount of shorts" so it does size>>1 essentially while the size it sends beforehand to the client is in "amount of bytes", meaning if the size is not 2 byte aligned you will loose 1 byte on the internal and it'll never send that last byte, thus failing at 99.99% on the client and disconnecting.
Ah, okay, that makes sense. Nice you found that out
 

Louis Miles

Well-Known Member
Member
Joined
Jul 26, 2016
Messages
131
Trophies
0
Age
24
XP
751
Country
Germany
So from what i understand, it's possible to inject small .nds files into the DS Download Station Server, so untouched DS systems can download and play them.
So, exist there an Homebrew app, that allows to make a download play with a gamehack (for example MKDS custom tracks), without getting stucked at the gray nintendo logo when trying to download?
 

Gericom

Well-Known Member
Member
Joined
Jun 30, 2011
Messages
1,379
Trophies
2
Age
25
XP
4,658
Country
Netherlands
So from what i understand, it's possible to inject small .nds files into the DS Download Station Server, so untouched DS systems can download and play them.
So, exist there an Homebrew app, that allows to make a download play with a gamehack (for example MKDS custom tracks), without getting stucked at the gray nintendo logo when trying to download?
I'm not sure about homebrew, but you can use the TWL version of unsigned download play from the sdk
 

RetroFan90

New Member
Newbie
Joined
Nov 24, 2016
Messages
4
Trophies
0
Age
33
XP
90
Country
Canada
when i use the newest version of wii-ds-sender (v3.0) and try to use an nes game "Ghoul School.nes" it complains about haxxstation and the rom not being signed and will only work on a ds with a flashme cart, what am i doing wrong?
PM ME?
The Required File Hashes to sign a rom and the tools as well?
Same Issue on DSi running 1.4.5U and DS-Lite as well
Be a little more Straightforward with the details?
I am not sure what is wrong?
i have the DS Download Station Volume 1 USA Rom (MD5 : 3039F1ADA32D3A8B58BC25F5537552CD) and dspatch 1.1 and it doesn't help much
 
Last edited by RetroFan90,

FIX94

Former Staff
Former Staff
Joined
Dec 3, 2009
Messages
7,284
Trophies
0
Age
29
Location
???
XP
11,238
Country
Germany
when i use the newest version of wii-ds-sender (v3.0) and try to use an nes game "Ghoul School.nes" it complains about haxxstation and the rom not being signed and will only work on a ds with a flashme cart, what am i doing wrong?
if it complains about that then your ds download station ROM clearly is invalid, it has to be a clean, unpatched 16MB volume 1 one with these hashes.
MD5: efd2c0be4f95deec5053e6050162535b
SHA-1: f18b55f3e1259c03e10d0ecb549693b42905ceb5
CRC32: f067d060
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    SylverReZ @ SylverReZ: @salazarcosplay, Morning