Found The Biggest Loser locally for a few bucks, and have it here now. I'll get right to work on a better write-up and all that jazz. I'll try to document the NAND-mod process as well.
Can you also PM me when it's done?These things... They take time...
But seriously, I'm still working on getting this stuff working. I'll PM you when it's done.
Sure.Can you also PM me when it's done?
@WulfyStylez mentioned it was totally possible to brute-force the CID, and it takes about a full day on an 8-threaded quad-core with hardware AES. No release on software to do it though. You should be able to do it with an Arduino UNO or Teensy++ 2.0 as well, but it's a bit more involved.I don't have The Biggest Loser nor a Raspberry Pi...
Is it possible to brute force the CID? Would it take much time on an i7-3770?
@WulfyStylez mentioned it was totally possible to brute-force the CID, and it takes about a full day on an 8-threaded quad-core with hardware AES. No release on software to do it though. You should be able to do it with an Arduino UNO or Teensy++ 2.0 as well, but it's a bit more involved.
Additionally, more tricks-o-the-trade!
When reading and writing the NAND of the DSi, it doesn't actually need the battery present.
Plug in the console, plug in the SD reader, hold in the battery, power up to 0000FE00, and remove the battery. It'll stay on and RW will continue without needing to tape the battery on or hold it in place. No need to reassemble at all!
I can write a script for that, but I need to know what happens (what's displayed on the terminal, the size of the output file) when the CID is correct and what happens when it's not...@WulfyStylez mentioned it was totally possible to brute-force the CID, and it takes about a full day on an 8-threaded quad-core with hardware AES. No release on software to do it though. You should be able to do it with an Arduino UNO or Teensy++ 2.0 as well, but it's a bit more involved.
Additionally, more tricks-o-the-trade!
When reading and writing the NAND of the DSi, it doesn't actually need the battery present.
Plug in the console, plug in the SD reader, hold in the battery, power up to 0000FE00, and remove the battery. It'll stay on and RW will continue without needing to tape the battery on or hold it in place. No need to reassemble at all!
Read the source for the 3DS Debricker build for Arduino: https://github.com/krisztian1997/3dsunbricker/blob/master/sd_raw_roland.cppI can write a script for that, but I need to know what happens (what's displayed on the terminal, the size of the output file) when the CID is correct and what happens when it's not...
P.S.: I do have an Arduino UNO (a clone, actually), so how could I get the CID with that?
For the rPi, use RPU: https://github.com/bkifft/RPUSo many options for getting the CID. I have a raspberry pi and a teensy++ 2.0 just need info on what to do. Could just buy biggest loser but can't find it locally and don't want to wait for delivery.
Read the source for the 3DS Debricker build for Arduino: https://github.com/krisztian1997/3dsunbricker/blob/master/sd_raw_roland.cpp
You'll want to add a new option to the menu that only uses the CID read code found in the "v - VERNAM CYPHER UNLOCK" method. You will need either an SD shield, or you'll have to add voltage splitters to the IO pins. 5v will fry the eMMC.
For the rPi, use RPU: https://github.com/bkifft/RPU
When it starts up and gets to the menu, use the "(S)afe run (Query only)" option. It will read and display the CID register of the eMMC chip. You`ll have to type it in by hand in this case though, where as the Teensy and Arduino UNO have the Serial Monitor for the data to be directly copied.
I have successfully decrypted my DSi XL`s NAND though, and I'm in the middle of downgrading titles and injecting saves. I'm also doing that other thing that was requested.
I don't have an SD shield nor voltage splittersRead the source for the 3DS Debricker build for Arduino: https://github.com/krisztian1997/3dsunbricker/blob/master/sd_raw_roland.cpp
You'll want to add a new option to the menu that only uses the CID read code found in the "v - VERNAM CYPHER UNLOCK" method. You will need either an SD shield, or you'll have to add voltage splitters to the IO pins. 5v will fry the eMMC.
For the rPi, use RPU: https://github.com/bkifft/RPU
When it starts up and gets to the menu, use the "(S)afe run (Query only)" option. It will read and display the CID register of the eMMC chip. You`ll have to type it in by hand in this case though, where as the Teensy and Arduino UNO have the Serial Monitor for the data to be directly copied.
I have successfully decrypted my DSi XL`s NAND though, and I'm in the middle of downgrading titles and injecting saves. I'm also doing that other thing that was requested.
Well, it's pretty simple. If the CID is correct, you'll be able to open the decrypted NAND.bin in WinImage. If it's not, you won't. The tool doesn't really have any checks, it just does its thing and that's it. Image size is the same as your input NAND.bin, regardless of right or wrong.I don't have an SD shield nor voltage splitters
I think I'll create the script. I only need to know:
- When the CID is wrong, if the output file exists and what's its size
- When the CID is correct, what's the size of the output file
Really? Then I'll wait until @WulfyStylez adds an option to brute-force (if you do, don't forget to save the CID somewhere...), unless there is a way to use a 3DS to get the key.Well, it's pretty simple. If the CID is correct, you'll be able to open the decrypted NAND.bin in WinImage. If it's not, you won't. The tool doesn't really have any checks, it just does its thing and that's it. Image size is the same as your input NAND.bin, regardless of right or wrong.
You need to read the CID register from the eMMC chip. There's three available ways, and a fourth through the third.Really? Then I'll wait until @WulfyStylez adds an option to brute-force (if you do, don't forget to save the CID somewhere...), unless there is a way to use a 3DS to get the key.
To be safe, I do recommend grabbing the tmd from here in addition to this.Alright, so SUDOKU is easy. Grab the decrypted old version from the same place as the 3DS thread. Open your decrypted NAND, and navigate to "title\00030004\4b344445\content", and replace the "00000001.app" with the old version, renamed to "00000001.app". No need to tinker with the TMD file, the one that's there is fine. Install the save the same way and you're golden.
Good call, I did test it without it though, and there were no issues.To be safe, I do recommend grabbing the tmd from here in addition to this.