Homebrew TWLbf - a tool to brute force DSi Console ID or EMMC CID

[JimmyZ]

Source code, and (a little) document on github:
https://github.com/Jimmy-Z/TWLbf/
windows binary download
https://github.com/Jimmy-Z/TWLbf/releases
https://github.com/Jimmy-Z/bfCL/releases OpenCL rewrite

You'll need NAND dump and one of the ID to be possible to brute out the other one.
update: with the brilliant idea from @dark_samus3, we are now able to brute with only the NAND dump, and EMMC CID brute can be dramatically faster. (this is only implemented in bfCL)

Previous discussions and how this tool started:
https://gbatemp.net/threads/any-hope-for-dsis-with-no-dsiware.481338/

Performance notes about different versions:
some (old) test numbers:

TWLbf OpenSSL on i5-3450, single thread:

1924 seconds for Console ID 10 BCD digits, 5.2 M/s
914 seconds for Console ID 32bits, 4.7 M/s
578 seconds for EMMC CID 32bits, 7.4 M/s​

If you don't have a discrete GPU, you should use this for EMMC CID

TWLbf mbed TLS on i5-3450, single thread

745 seconds for Console ID 10 BCD digits, 13.4 M/s
323 seconds for Console ID 32bits, 13.3 M/s
612 seconds for EMMC CID 32bits, 7.0 M/s​

If you don't have a discrete GPU, you should use this for Console ID

bfCL on AMD HD7950, all around 350 M/s:

29 seconds for Console ID 10 BCD digits
12 seconds for Console ID 32 bits
12 seconds for EMMC CID 32 bits​

If you have a good discrete GPU, you should use this one.
I also tested on an entry level card R7-250, around 90 M/s.

If you don't know if your GPU is enough to be useful, run bfCL without parameters(double click it):

selected device Capeverde on platform AMD Accelerated Parallel Processing
AES Key: 0d0b8bd02564dd0351d7e415e6f23f36
randomize source buffer using RDRAND
0.616 seconds for preparing test data, 217.88 MB/s
0.593 seconds for OpenCL compiling
0.046 seconds for data upload, 2917.27 MB/s
# sha1_16_test on 128 MB
local work size: 256
0.036 seconds for OpenCL, 3770.37 MB/s
0.029 seconds for data download, 4551.45 MB/s
1.046 seconds for reference C(single thread), 128.31 MB/s
sha1_16_test: succeed
# aes_128_ecb_test on 128 MB
local work size: 256
0.097 seconds for OpenCL, 1385.86 MB/s
0.015 seconds for data download, 9205.61 MB/s
0.867 seconds for reference C(single thread), 154.87 MB/s
aes_128_ecb_test: succeed
Press any key to continue . . .

Look at sha1_16/aes_128_ecb tests numbers, basically, if OpenCL speed > C speed * (your CPU's thread capability), it outperforms your CPU.

TWLbf runs a single thread, you should run multiple instances according to your CPU's thread capability and how many templates you want to try on. for example: if you want to brute Console ID for a DSi XL on a Core i3 or higher, you should run 4 TWLbf mbed TLS each targeting 08201 08202 08203 08204. that should be done in about 15 minutes.

bfCL on the other hand always saturate the best GPU in your system, so you shouldn't run multiple instances, and if your GPU is weak, the system becomes unresponsive while bfCL is running. Worst case if your GPU fan can't handle the heat, you system may hang, that's especially true for entry level GPUs, like the the R7-250 I tested, if the work is done in like ten seconds, it works, longer than that the system hang.


Call for share/document:
This tool can't brute force blindly, after all Console ID is 64 bits and EMMC CID is 120 bits, we need some pre-knowledge about them to make the brute forcing viable, if more people could collaborate on this, we could make this tool more useful.

Although, sharing those IDs directly might be risky. so specifically, I(we) want to know:

• for Console ID:
  • the first 5 digits
    • if you're not comfortable to share, at least tell us if it's on the list already
  • is the 14th(3rd from the right) digit "1"?
  • are all the other digits in the 0~9 range(no a~f hex digits)
• for EMMC CID:
  • the 1st byte(2 digits)
    • this is supposedly a Month/Year date code of the EMMC chip
  • 10 bytes skipping the first 5 bytes(or 20 digits skipping the first 10 digits)
    • this is supposedly a Manufacturer/Product code
    • again, if you're not comfortable to share, tell us if it's on the list
  • photo or transcript of the EMMC chip label if possilbe.
• model of the corresponding unit: DSi or DSi XL/LL, E or U or J
• if you have strange cases(violates rules above), and if you don't mind, PM me the entire Console ID + EMMC ID + first 512 bytes of the NAND/EMMC dump for me to test this tool.

Current list:
Console ID first 5 digits, so far the rest are always in BCD range, and the 14th digit is always "1".

08A15
    DSi, from GBATEK
    unknown
08A16
    DSi, J, report from windwakr
08A18
    DSi, U, Black, report from leratrad
    DSi, U, Black, report from hutiu
08A19
    DSi, U, Black, report dark_samus3(also noted in GBATEK)
    DSi, U, Black, report from Abequinn
08A20
    DSi, from GBATEK
08A21
    DSi, U, Cyan, report from wsquan171
    DSi, U, Light Blue, report from FFT.
08201
    DSi XL, from GBATEK
    DSi, U, Metallic Blue, report from friendsxix
    DSi, U, White, report from friendsxix
    DSi XL, U, Burgundy, report from friendsxix
    DSi XL, U, Burgundy, report from kittensauce
    DSi, E, Metallic Blue, report from Oleboy555
    DSi XL, E, Dark Brown, report from FFT
    DSi XL, U, Burgundy, report from Abequinn
08202
    DSi XL, E, Blue and Black?, mine
    DSi XL, U, Red, report from enderghast13
    DSi XL, U, Burgundy, report from hutiu
08203
    DSi XL, U, report from Apache Thunder
08204
    DSi, U, Pink, report from Apache Thunder
    DSi XL, U, Blue, report from enderghast13
    DSi, U, Light Blue, report from MassExplosion213

EMMC CID 1 byte month/year date code + 10 bytes manufacturer/product code, the last byte is always 00 according to GBATEK
Open your DSi(XL/LL) and read the EMMC label:

• MY code can be translated from the 3 digits after "SAMSUNG", for example:
  • CC, DSi XL, U, Burgundy, report from kittensauce, SAMSUNG 949 KMAPF0000M-S998 N24N5GJB, I guess 949 means 2009 49th week, so 49th week -> december -> Month code C, 2009 -> Year code C.
• chip model to manufacture/product code:
  • KMAPF0000M -> 03 4D 30 30 46 50 41 00 00 15 00
  • KLM5617EFW -> 32 57 37 31 36 35 4D 00 01 15 00

If you can't read the label, then just try all of them, it's doable.

MY ss ss ss ss 03 4D 30 30 46 50 41 00 00 15 00
    unknown, DSi, from GBATEK, KMAPF0000M-S998
    AB, DSi, U, Black, report from dark_samus3(also noted in GBATEK)
    BB, DSi, U, Black, report from leratrad
    2C, DSi, U, Cyan, MY: 2C, report from wsquan171
    3C, DSi, U, Black, report from kittensauce
    9C, DSi, E, Metallic Blue, report from Oleboy555
    CC, DSi XL, U, Burgundy, report from kittensauce, SAMSUNG 949 KMAPF0000M-S998 N24N5GJB
    5d, DSi XL, E, Dark Brown, report from FFT
    5c, DSi, U, Light Blue, report from FFT
    BB, DSi, U, Black, report from hutiu, SAMSUNG 846 KMAPF0000M-S998 N1GUTMC3
    bc, DSi XL, U, Burgundy, report from Abequinn, SAMSUNG 946 KMAPF0000M-S998 N23A3MF6
    bb, DSi, U, Black, report from Abequinn, SAMSUNG 846 KMAPF0000M-S998 N1HW8MC2
MY ss ss ss ss 32 57 37 31 36 35 4D 00 01 15 00
    unknown, DSi, from GBATEK, KLM5617EFW-B301
    3E, DSi XL, U, Blue, report from enderghast13
    6E, DSi, U, Light Blue, report from MassExplosion213
    9D, DSi XL, U, Burgundy, report from hutiu

Thanks:

• Martin Korth(@nocash123) for GBATEK
• @WulfyStylez/WinterMute for TWLTool
• mbed TLS and OpenSSL
• everyone shared their Console IDs and EMMC CIDs with us!
• and special thanks to @kittensauce and @WiiHomebrew+Snes

 

[wicksand420]

Awesome, Thanks for this, this should help out the DSi scene.

 

[JellyPerson]

this will help out a lot for the people without dsiware, many thanks to you.

 

[JimmyZ]

Document updated extensively.

--------------------- MERGED ---------------------------

Just realized I spelled the name wrong in the title and it seems I can't edit that :facepalm:

 

[GhostLatte]

Document updated extensively.

--------------------- MERGED ---------------------------

Just realized I spelled the name wrong in the title and it seems I can't edit that :facepalm:

You can report the original post!

 

[Apache Thunder]

Current list:
Console ID first 5 digits

08A20 DSi
08A19 DSi
08A15 DSi
08201 DSi XL
08202 DSi XL E

Time to add a couple new constants to that list. My DSi XL USA console has this ConsoleID:

0820310105092122

Note the first 5 digits. My console ends in 3 not 1 or 2: 08203

Also this is the first 5 digits of the USA region Pink non XL DSi I used to own:

08204

I won't reveal the full ID to that one as I have sold that to someone else now.

 

[driverdis]

so, does this tool work for bruteforcing the ConsoleID while having the CID already dumped? I was lucky this time and was able to get Data management to show up on my DSi XL since I never used it (top screen is dark and inverted since the POT for it is broken) and was still able to get to the DSi Store for it to appear. I was able to get the ConsoleID afterward but bruteforcing would be nice in case I run across any DSi's that are missing Data Management and have broken WiFi.

 

[JimmyZ]

Time to add a couple new constants to that list. My DSi XL USA console has this ConsoleID:

0820310105092122

Note the first 5 digits. My console ends in 3 not 1 or 2: 08203

Also this is the first 5 digits of the USA region Pink non XL DSi I used to own:

08204

I won't reveal the full ID to that one as I have sold that to someone else now.

thanks, I'll add this to the list, a non XL with 0820 leading, that's new.

 

[Apache Thunder]

It's probably a newer non XL. It did come with Flipnote Studio and I recall only some newer batches had it.

 

[JimmyZ]

so, does this tool work for bruteforcing the ConsoleID while having the CID already dumped? I was lucky this time and was able to get Data management to show up on my DSi XL since I never used it (top screen is dark and inverted since the POT for it is broken) and was still able to get to the DSi Store for it to appear. I was able to get the ConsoleID afterward but bruteforcing would be nice in case I run across any DSi's that are missing Data Management and have broken WiFi.

Yes.

 

[Apache Thunder]

Then again I picked up that console from a pawn shop. BUT Flipnote wasn't available for redownload from DSi Shop the time I checked for downloadable software on it (before I downgraded it) so I think it came preinstalled?

 

[Friendsxix]

I have a Matte Blue DSi (non-XL) with the Console ID 0820105505XXXXXX.

EDIT: Oops, the official name is apparently "Metallic Blue." "Matte Blue" is a slightly different shade.

 

[JimmyZ]

I have a Matte Blue DSi (non-XL) with the Console ID 0820105505XXXXXX.

EDIT: Oops, the official name is apparently "Metallic Blue." "Matte Blue" is a slightly different shade.

Thank you, and, are all the XXXXXX in 1~9 range? is the 3rd from the right "1", and region?

 

[CatmanFan]

Is it possible to bruteforce the CID if you already have the Console ID?

 

[JimmyZ]

Is it possible to bruteforce the CID if you already have the Console ID?

"You'll need NAND dump and one of the ID to be possible to brute out the other one."

 

[windwakr]

08A16... console ID on a non-XL Japanese DSi

 

[Friendsxix]

Thank you, and, are all the XXXXXX in 1~9 range? is the 3rd from the right "1", and region?

They are in the 0~9 range, the third character from the right is a 1, and it is an American unit.

 

[enderghast13]

Blue DSi XL Console ID:
First 5 digits are 08204.
3rd digit from the right is a 1.
Every digit is 0-9.

Blue DSi XL CID:
First 2 bytes are 3E.
Last 22 digits are 3257373136354D00011500
I can't get a photo of the EMMC chip label.

Red DSi XL Console ID:
First 5 digits are 08202.
3rd digit from the right is 1.
Every digit is 0-9.
I don't have the CID for this one.

--------------------- MERGED ---------------------------

Can we also post Console IDs from 3ds's?

 

[JimmyZ]

Thanks to all of you for sharing!

Blue DSi XL Console ID:
First 5 digits are 08204.
3rd digit from the right is a 1.
Every digit is 0-9.

Blue DSi XL CID:
First 2 bytes are 3E.
Last 22 digits are 3257373136354D00011500
I can't get a photo of the EMMC chip label.

Red DSi XL Console ID:
First 5 digits are 08202.
3rd digit from the right is 1.
Every digit is 0-9.
I don't have the CID for this one.

Thank you for the detailed report and our first EMMC CID report! I assume they're all US region based on your location?

Can we also post Console IDs from 3ds's?

I don't know much about that, aren't 3DS like totally hacked already?
And this tool actually doesn't support 3DS TWL FIRM, they're encrypted differently according to GBATEK and TWLTool.
I could add support to this if such needs arise though.

 

[nocash123]

OpenSSL EVP cost 177 seconds on a 3.1GHz i5, vs 267 seconds on 2.5GHz i3m for PolarSSL, I'm really disappointed, I suppose the usage pattern couldn't benefit much from AES-NI.

I've had a look at polarssl and openssl some years ago when trying to "understand how AES works"... openssl looked very confusing, and polarssl looked a bit straighter (but still very confusing and overcomplicated)... anyways, as far as I remember polarssl did support AES hardware acceleration, too. So both might be same as long as you have a PC with AES-NI support (which seems to have been invented in 2010). For multi-core CPUs, I wonder if each core is having its own AES hardware? If not, then multi-threading won't actually speedup the calculations.

Also did some profiling:
SHA1: 185357
AES: 10227
memcmp: 6783
so apparently SHA1 now cost most of the time

Is that using an "optimized" SHA1 function? One older optimization mentioned here https://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1 uses gerneral-purpose SSSE3 instructions (this should be also implemented in openssl). And newer intel processors should have extra opcodes SHA1RNDS4, SHA1NEXTE, SHA1MSG1/2 (not sure if/when/where that's supported, intel announced that stuff in 2013, but some other webpage mentioned it not being implemented until 2016, or so).
And, another (small) optimization would be appending the sha1-end-byte and sha1-padding-bytes to the CID, and then passing that directly to the 64-byte-sha1-core function (ie. avoiding the same padding to be repeated on each calculation).

And this tool actually doesn't support 3DS TWL FIRM, they're encrypted differently according to GBATEK and TWLTool.

I thought the MBR and DSi partitions are using the same encryption on 3DS? That should be somewhat required to be so for DSi backwards compatibility. The MBR may contain different/extra data on 3DS (so brute forcing may fail when searching for certain "fixed" values in the MBR).
For the ConsoleID, I think the 3DS does have it's own "3DS ID" (for whatever 3DS things), and separate/crippled "DSi ID" (for DSi-style eMMC encryption). The latter one being reported to be 6B27D20002000000h on one n3DS console.