GBATemp DSi modding help thread and guide

Discussion in 'NDS - Tutorials' started by ThisIsDaAccount, Aug 16, 2017.

  1. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    GBATemp DSi modding help thread and guide

    NOTE 1: This guide is not complete without a way to dump the BIOSDSI7.ROM and BOSDSI9.ROM files! If you have a way to legitimately dump these files, leave me a comment below. Also leave a comment if you find a typo or mistake.
    NOTE 2: Ugopwn, the exploit used in this guide, is USA-only. If your console is not a USA-region DSi, you will need another exploit. You can check if your console is a USA console by opening system settings and checking what letter your System version ends with (if it ends with a U, its a USA console).
    NOTE 3: This guide is SOFTMOD ONLY! If you want hardmod instructions, look here.



    With the new developments of the DSi scene, I felt it was time to get a modern guide that would save users the time needed to find all info across various sources. This post is intended to be a standalone page without the need of additional instructions or info, and is intended to be easy to understand even for beginners.

    This post is not so much an original guide as it is a compilation of other guides into one. As such, I will always provide credit to the author and link to the source. Should you see some of your content on this guide and wish for it to be removed, please leave a comment and I will get rid of it.

    As of the beginning of November of 2017, the upcoming RocketLauncher exploit that takes over the highest security levels on the DSi has not been released yet. Until it is released, this guide will focus on regular DSiWarehax installation in order to boot into the DSi hombrew in userland. Even though full CFW is not possible without RocketLauncher, homebrew access still allows for a lot of cool stuff. Here are some of the possibilities:

    - NAND backup/restore
    - Launching nds cart dumps through nds-bootstrap
    - NDS homebrew games and utilities
    - Emulators

    Without any further ado, here are the sections this guide will divided into: obtaining a NAND backup and IDs through FWTool, obtaining a NAND backup and IDs through a hardmod, decrypting a NAND backup, injecting DSiWarehax saves and apps, and testing a NAND backup through No$gba (and flashing it back).



    Section 1: Obtaining a Nand backup and IDs through FWTool
    For this section, you’ll need to have a way to boot into homebrew in DSi-mode. In the case of this guide, we will boot homebrew using ugopwn, an exploit for Flipnote Studio, but you can follow along and substitute any other exploit for ugopwn. You’ll also need a hex editor on your computer (if you don’t have one, get one here).

    The build of FWTool that we will use is the FWTool safety mod, since I believe it checks for the presence of encryption when reflashing, which reduces the possibility of bricking. Find it in the Section 1 pack below. If you’re using a newer exploit, such as 4swordhax or any other payload that may need a "payload.dat" file, check out this post for a payload that should make this FWTool compatible with your exploit. Do note that if you are using the modified payload.dat, you should be using an SDHC card (4 - 32 GB). This is based on my own testing, and if someone got the modified payload to work on a card smaller this please leave me a comment. Directions:

    Section 1 instructions



    Section 2: Decrypting and mounting a Nand Backup
    For this section we will be using WulfyStylez’s TWLTool to decrypt the Nand backup you got, and OSFMount (or its equivalent for your computer) to mount it. You’ll need the Nand backup and IDs you should have already dumped to continue (they should be in a folder that starts with FW). You’ll also need a hex editor.

    Section 2 instructions




    Section 3: Injecting DSiWarehax saves and games
    We finally got to the exciting part! Getting you a way to boot into DSi homebrew was the goal of this guide, after all. First thing, however, we’ll need to install an exploitable app. Because the DSi shop is completely dead at this point in time, we’ll need to install the app through a nonconventional way. If you have already installed the game you plan to boot into homebrew through, you do not need to do these next few plarts and can just skip straight into the hacked save installation. For those of you who don’t, you’ll need to do these next few steps.

    First, pick one of the following DSiWare games for you to exploit (If you already have one or some of these on your DSi or on a 3DS, pick it/those):

    upload_2017-8-16_20-29-17.png

    Write down the short and long IDs of your game.

    First things first, you’ll need to obtain the .app version of your game if you don’t have it installed. To do that, we need a .cia version of the DSiWare. If you don't have a .cia versio of your DSiWare, check out FunKeyCIA, which can get them straight from the 3DS eShop using an existing enctitlekeys.bin file, which you can get from your 3ds using Godmode9 or Decypt9WIP and will work with any titles you have purchased. Do not ask for an enctitlekeys.bin here, as they are copyrighted content and should not be distributed. If you have any questions about downloading .cia files, please ask them in the FunKeyCIA thread.

    DSiWare CIA extraction instructions

    You should now have a folder with the name as your game’s short ID. Inside, you should have a content folder with a .app file and a data folder that is empty.

    In order to actually install the DSiWare onto your DSi, follow these steps (or don’t, if you already have the app installed on your DSi):

    DSiWare installation instructions

    After you have followed these steps, you should have the app installed on your DSi’s Nand image. Now, all we have to is install the hacked save onto the save. Follow these steps:

    Exploit installation instructions

    Before we finish off this section, there is one final procedure for those who plan to run homebrew with Sudoku. After the initial sudokuhax exploit was released, a patched version of Sudoku was introduced to the DSi Shop (and eShop) in order to prevent its use for hacking purposes. Because of this, if you just installed Sudoku (or bought it after March 2011) you should follow this short procedure to revert back to the original, exploitable, Sudoku. Here are the steps:

    Sudokuhax downgrade instructions

    Finally, we’re going to unmount and re-encrypt our Nand image, and Section 3 will be over. Follow these steps:

    Re-encrypt Nand instructions


    Section 4: Checking your Nand with No$GBA and reflashing it
    This part is technically optional, but strongly recommended. What we will do in this section is use a DSi emulator, No$GBA, in order to check that our Nand is working correctly. You could very well skip this section and try to flash your Nand without testing but that would very much be stupid, and is the easiest way to brick. Unless you’re willing to take that risk, follow this procedure.

    Before we start however, you will need a few files I cannot link you to. They are called the DSi firmware files, and are named as individually as follows:

    - bios7i.bin
    - bios9i.bin
    - BIOSNDS7.ROM
    - BIOSNDS9.ROM
    - BIOSDSI7.ROM
    - BIOSDSI9.ROM

    The first two can be dumped by FWTool, and the next two can be dumped using this tool, preferably on a DS Lite/phat (although dumps from a DSi have worked for me). All you have to is put the tool on a flashcart and run it, and the files will appear on the cart’s microSD.

    I have not found any way to dump the last two however. Please tell me if you know of a way to dump the BIOSDSI.ROM files!

    Once you have these files, follow these steps:

    No$GBA emulation instructions

    You should now have tested and verified that your NAND works correctly. Follow these last few steps to flash your modified NAND to your DSi.

    Re-flashing instructions

    And that’s all there is to it! If you have any questions, feel free to ask on this thread.

    Credits:

    - @Gadorach for the DSi downgrade guide
    - @WulfyStylez for TWLTool
    - @Ryccardo for his DSiWare installation guide
    - @ihaveamac for pointing out that ctrtool had been updated with the 3DS boot9 keys used to extract .cia files.
    - u/ndizzle over on r/emulation for his No$GBA DSi guide
    - Plailect’s 3DS guide for info on the DSi exploit games
    - @billy Acuña for compiling and posting 4swordshax and the modified payload.dat
     

    Attached Files:

    Last edited by ThisIsDaAccount, Nov 7, 2017
  2. pandavova

    pandavova @pandavova FOLLOW ME ON TWITTER

    Member
    649
    291
    Oct 27, 2015
    Germany
    Windows 10 Pro
    Well... I come back later when ugopwn is JAP compatible...
     
    ThisIsDaAccount likes this.
  3. Diego788

    Diego788 GBAtemp Fan

    Member
    348
    123
    Jun 27, 2014
    Chile
    Santiago, Chile
    oh god, this guide is so good
    i'll use it when i finally hardmod the DSi, then i'll install the entrypoints
     
    siamese likes this.
  4. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    I'll make sure to add it as soon as it is released (and compatible with more regions).

    — Posts automatically merged - Please don't double post! —

    Glad you like it! Gadorach's guide is more hardmod oriented but this one works well for the non-dumping parts.
     
    pandavova likes this.
  5. Nirmonculus

    Nirmonculus GBAtemp Advanced Fan

    Member
    675
    147
    Nov 4, 2014
    What can you do with a fully hacked dsi? I'm planning to hack mine if it is good.
     
  6. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    You can run dsi homebrew programs and emulators, run nds cartridge backups with SRLoader, edit your nand to install dsiware from the 3ds eshop even after the shutdown of the dsi shop, and run blocked flashcarts.
     
  7. GhostLatte

    GhostLatte Yet Another Shitposter

    Member
    2,792
    13,848
    Mar 26, 2015
    United States
    The University of Shitpostology
    This should certainly be useful for people who haven't sudokuhaxed their DSi systems yet :P
     
    ThisIsDaAccount likes this.
  8. Nirmonculus

    Nirmonculus GBAtemp Advanced Fan

    Member
    675
    147
    Nov 4, 2014
    Sounds great! I'll give it a shot.
     
    ThisIsDaAccount likes this.
  9. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    If you have any questions, feel free to ask here!
     
  10. siamese

    siamese GBAtemp Regular

    Member
    112
    57
    Mar 13, 2010
    Mexico
    green hill zone
    Truly amazing ! I've managed to test my Nand dump with No$Gba after downgrading it !!! Thanks a lot
     
    ThisIsDaAccount likes this.
  11. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    I'm glad it was helpful!
     
  12. DeoNaught

    DeoNaught ¯\_(ツ)_/¯

    Member
    1,563
    1,589
    Aug 22, 2016
    United States
    Constant Fear
    can you add a things need b4 hand?

    can you use a Flash card for this?
     
  13. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    All you need is a dsi and an exploit. Theres an exploit for flipnote that was leaked but I won't be covering it until it's official release which should be fairly soon.

    — Posts automatically merged - Please don't double post! —

    To answer the flash cart question, a flash cart can't be used but is really not necessary.
     
  14. pandavova

    pandavova @pandavova FOLLOW ME ON TWITTER

    Member
    649
    291
    Oct 27, 2015
    Germany
    Windows 10 Pro
    FTFY
     
    ThisIsDaAccount likes this.
  15. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    Yeah, there really is no definite timeline but considering the leak worked for a lot of people I would say it doesn't need much more for release.
     
  16. pandavova

    pandavova @pandavova FOLLOW ME ON TWITTER

    Member
    649
    291
    Oct 27, 2015
    Germany
    Windows 10 Pro
    "Only" make it work for Jap and Eur devices :D
     
    Ryccardo and ThisIsDaAccount like this.
  17. jimmyj

    jimmyj Official founder of altariaism. Copyright jimmyj

    Member
    841
    221
    May 26, 2017
    Italy
    Hyrule
    actually there is a .app of sudoku on 3ds.guide I think that's easier
     
  18. ThisIsDaAccount
    OP

    ThisIsDaAccount GBAtemp Advanced Fan

    Member
    699
    302
    Apr 8, 2016
    United States
    I guess thats possible, but I wanted to write this guide without advocating piracy.
     
    Tomato Hentai and pandavova like this.
  19. mariogamer

    mariogamer GBAtemp Advanced Fan

    Member
    830
    229
    Aug 12, 2015
    Canada
    Those rom file can't be dumped throught software, only throught big hardware RAM hack (I found it on a emulator wiki)

    (Also you can dump .app throught a 3ds after installing a cia... four sword on internet, sudoku 3ds guide or other for jpn)
     
    Last edited by mariogamer, Aug 19, 2017
  20. BOBdotEXE

    BOBdotEXE GBAtemp Regular

    Member
    131
    45
    Mar 25, 2011
    United States
    The Internet
    Will this work via ds link, for DSi cart homebrew methods?

    Such as "biggest loser", I know you can use that to boot the homebrew channel, but I'm not sure if booting the homebrew channel that way support SdCard R/W