Hacking Switch ievo mode to DSi from a DSL

[GH0ST]

Yes sorry I just saw your news one minute ago ... You should edit the first post with a link to filestrip. I remove the duplicate one.

 

[Another World]

good idea, i'll do that =)

-another world

 

[GH0ST]

Here is the ressurected thread if someone want more details ( we keep it alive since TC never answered if we shall moderate/close/delete this sensitive and original work ):

Cached pages of Team Cyclops Forums > CycloDS Evolution Discussion > iEvolution General Discussion : Finding the Magic Switch

http://webcache.googleusercontent.com/sear...php%3Ft%3D11304

Page 2 :
http://webcache.googleusercontent.com/sear...1304%26page%3D2

Last page :
http://webcache.googleusercontent.com/sear...php%3Fp%3D93661

Here is what reset.mse do (there might be shorcuts if you want to implement it) :
* Get the last 4 byte of boot.ievo
* XOR them with 0x696D6520. The result is an offset (O1) in boot.ievo
* Get the 0x2000 bytes from O1 in boot.ievo : the first 16 bytes is a RC4 seed that can decrypt the other 0x1FF0 bytes. These bytes are in fact arm binary that can decrypt the boot.ievo file, and that is an implementation of a HC-128 cypher. The key is c15c09d26939def94b2c110d6ffed971.
* Now there is 3 decryption with HC-128 cypher. The first one is 0x200 bytes of boot.ievo starting from offset 0x80. The IV used is "\x38\x47\xD9\xEA" + "\xC5\xB9\x99\x45" + "\x71\x62\xC6\xE7" + "\x4F\x20\x42\x0A". It contains some part of nds header (arm9/7 offset and size) and the next IV.
* The 2nd part is the arm9 loaded at 02294000. It comes from offset 0x280, size 0x99F8C of boot.ievo with IV "\x6D\x78\xEB\xD0" + "\x82\x43\xDF\x63" + "\x80\x0B\xA2\xF0" + "\x05\x49\xA1\x8F"
* The 3rd part is the arm7 loaded at 02292000. It comes from offset 0x9A20C, size 0x784 of boot.ievo with IV "\xB2\xD7\x56\x36" + "\xE1\xF1\x1C\x13" + "\x15\xE0\x6C\xA5" + "\x90\xE9\xF1\x0F"

I hope I am clear enough...

 

[IcySon55]

Maybe we can change the DSL rom so that the DSL mode would run again...

This is exactly the second goal I had in mind when this thing started. First goal was to get DSi mode switching somehow. We've achieved that.
The second more difficult goal was to replace the DSL rom and have DSL mode working on DSi 1.4.3 and 3DS 2.1.0-4. That would require decrypting and editing the bootstrap file and successfully flashing the iEvo with it.
The third and most difficult goal would then be to either completely reverse engineer the iEvo firmware, allowing us to add more game compatibility etc, and/or to allow other firmwares to run on the iEvo.

The fact we even managed the first goal is already amazing.

Let's keep this up and we'll eventually hit the third goal, though, even the second goal is pretty damn good.

 

[Qtis]

Maybe we can change the DSL rom so that the DSL mode would run again...

This is exactly the second goal I had in mind when this thing started. First goal was to get DSi mode switching somehow. We've achieved that.
The second more difficult goal was to replace the DSL rom and have DSL mode working on DSi 1.4.3 and 3DS 2.1.0-4. That would require decrypting and editing the bootstrap file and successfully flashing the iEvo with it.
The third and most difficult goal would then be to either completely reverse engineer the iEvo firmware, allowing us to add more game compatibility etc, and/or to allow other firmwares to run on the iEvo.

The fact we even managed the first goal is already amazing.

Let's keep this up and we'll eventually hit the third goal, though, even the second goal is pretty damn good.

Not 100% sure, but if the iEvo DS mode exploit is anything like a few others around, but it may be "as simple as" change the parts the iEvo returns to the DSi/3DS when launching DS mode. It could help to ask TC about it (though I doubt they'd give anything)..

-Qtis

 

[avenir]

Here is the ressurected thread if someone want more details ( we keep it alive since TC never answered if we shall moderate/close/delete this sensitive and original work ):

Cached pages of Team Cyclops Forums > CycloDS Evolution Discussion > iEvolution General Discussion : Finding the Magic Switch

http://webcache.googleusercontent.com/sear...php%3Ft%3D11304

Page 2 :
http://webcache.googleusercontent.com/sear...1304%26page%3D2

Last page :
http://webcache.googleusercontent.com/sear...php%3Fp%3D93661

Here is what reset.mse do (there might be shorcuts if you want to implement it) :
* Get the last 4 byte of boot.ievo
* XOR them with 0x696D6520. The result is an offset (O1) in boot.ievo
* Get the 0x2000 bytes from O1 in boot.ievo : the first 16 bytes is a RC4 seed that can decrypt the other 0x1FF0 bytes. These bytes are in fact arm binary that can decrypt the boot.ievo file, and that is an implementation of a HC-128 cypher. The key is c15c09d26939def94b2c110d6ffed971.
* Now there is 3 decryption with HC-128 cypher. The first one is 0x200 bytes of boot.ievo starting from offset 0x80. The IV used is "\x38\x47\xD9\xEA" + "\xC5\xB9\x99\x45" + "\x71\x62\xC6\xE7" + "\x4F\x20\x42\x0A". It contains some part of nds header (arm9/7 offset and size) and the next IV.
* The 2nd part is the arm9 loaded at 02294000. It comes from offset 0x280, size 0x99F8C of boot.ievo with IV "\x6D\x78\xEB\xD0" + "\x82\x43\xDF\x63" + "\x80\x0B\xA2\xF0" + "\x05\x49\xA1\x8F"
* The 3rd part is the arm7 loaded at 02292000. It comes from offset 0x9A20C, size 0x784 of boot.ievo with IV "\xB2\xD7\x56\x36" + "\xE1\xF1\x1C\x13" + "\x15\xE0\x6C\xA5" + "\x90\xE9\xF1\x0F"

I hope I am clear enough...

That code is implemented in xenobox.7z/applet/decievo.c (and lib/hc128.c)
http://sourceforge.net/projects/lactlib/files/nds/xenobox.7z

 

[IcySon55]

avenir, what does your xenobox do?

 

[jurassicplayer]

avenir, what does your xenobox do?
QUOTE[Utilities]
* 16bitbmp - convert bmps into 16bit.
* akextract - makes akloader.nds from akmenu4.nds / _DS_MENU.DAT / WoodR4(decrypted). source isn't available.
Reviced "akextract in YSMenu".
* akaio_fontcnv_rev2 - AKAIO Font Converter which doesn't require Cygwin.
* akaiodec - Decrypts AKAIO 1.5-1.6RC2 loader and encrypts into 1.5.1 format.
* breaksplash - splash.ani disassember/assembler written in C.
* cmdini - commandline ini reader/writer
* disarm - ARM disassembler
* disr - MIPS disassembler(this is a PSP thing, not NDS's, but...)
* dldipatch - DLDI patcher with better performance
* dldirename - Rename DLDIs like DLDI_friendlyname.dldi
* fileapplet (Uses scheme like BusyBox. The desired command names are linked (using hard or symbolic links) to "fileapplet")
fileapplet create - creates dummy file
fileapplet truncate - lessen file size
fileapplet binreplace - replaces binary file
fileapplet msleep - simple sleep
* m3dec
m3dec - change M3 kernel(DSBooter) header encrytion key
m3patch - patch M3 kernel to use on other carts (ex: R4iRTS on M3iZero)
Reviced "M3R_iTDS_PP2 by Rudolph".
* m3sakura_make
m3make - change DSBooter header into normal NDS header so that it can be launched from normal homebrew.
dsbize - makes normal NDS into M3 kernel.
Reviced "m3sakura_make by Rudolph".
m3Sakura 1.12+a DLDI with fatpatch included. This uses "startnds.eng". Also iSakuReal for GMP-Z003 is included.
* modifybanner - modify NDS banner text
* ndstool.exe - ndstool latest
* patchers
fatpatch - Fix final cluster bug in DSO / MoonShell

 

[macrox]

I find it amusing that some of my associates over at TC forums keep thinking TC is going to fix this any day now. It has been what, over 4 months now? While I agree with QTIS that this is not a fix for wifi compatibility, we must focus on what it was intended to fix...that is, get the DSi to work at all on said devices in DS mode.

 

[Another World]

there will never be a fix for wifi in dsi-mode, its a limitation of the exploit they chose to use. the dsi inherits the hardware profile of the rom which has been booted. my healthy cooking coach does not have wifi.

-another world

 

[Bowser-jr]

I'm pretty sure they'll be able to fix the problem of wi-fi and other such features in DSi-mode. That is, if they ever decided to release an update for it.

Also, if they cooking mama thing was the issue for wi-fi; then wouldn't the regular DS-mode have no wi-fi too?

 

[Qtis]

I'm pretty sure they'll be able to fix the problem of wi-fi and other such features in DSi-mode. That is, if they ever decided to release an update for it.

Also, if they cooking mama thing was the issue for wi-fi; then wouldn't the regular DS-mode have no wi-fi too?

It would still have it since DS-mode and DSi-mode are booted in a separate and different way. DS-mode uses a ROM header to become recognized while the DSi-mode exploit is a save game exploit. When the cart boots in DSi mode, it boots as if being My healthy cooking coach, which doesn't have WiFi. Thus it's disabled and can't be accessed since it has been shut down right after the game was ID'd. No way around that unless someone manages to change the DSi firmware disabling the WiFi + possibly other things too.. To be able to fix these issues, they would have to find another way of booting in DSi mode, a way without the hardware limits turned on.


-Qtis

 

[krisu50]

Hi guys, I just registered to the site, but I have been lurking for quite a while around theses parts, and before I start with my question/problem, I wanted to say that you have a pretty great community here! ok, on with my stuff!


So, I got my DSi XL in Japan like a year ago, and I got my CycloDS ievo in March. I did everything right, my card was loaded with an US bootstrap, never updated my dsi and everything was working perfectly fine, until last night. So I'm a big fan of zelda, and had forgotten that the four swords version was on the e shop for free starting last week, and last night I read that it was available and without thinking what I was doing I was on the e shop and updating the firmware of my Japanese dsi to 1.4.3 and getting the game. Of course, I later realized my cyclods wasn't working anymore. So this morning I found about this way right here to switch the card into dsi mode with a dsl, and followed every step to put my cyclo in dsi mode, but when I tried to load on the dsi, it just shows an empty cartridge. And I know it's now on dsi mode because on my dsl it now shows cooking mama and doesn't load on the dsl anymore.

So I don't know, is the fact that the bootstrap i used was US and not European the reason for it not to work? or did I do something wrong? Or is the fact that my dsi is japanese the reason? hope somebody can help clear this out. Should I restart my cyclo ds card? like a fresh reset and set it up again and trying with an european bootstrap?

 

[IcySon55]

krisu50: Yes. The problem is that DSi (Enhanced as well) games and the DSi system (unlike DS games and the DSL) are region locked. The US/EU bootstraps will not show up on a Japanese DSi. Sadly, there is no Japanese bootstrap. So you're kind of completely stuck. Your iEvo is now only playable on the DSL you used to run the switch.

That's why I still have my DSi at 1.4.2 (DSL mode works) and am downloading eShop stuff with my 3DS for free games.

 

[krisu50]

krisu50: Yes. The problem is that DSi (Enhanced as well) games and the DSi system (unlike DS games and the DSL) are region locked. The US/EU bootstraos will not show up on a Japanese DSi. Sadly, there is no Japanese bootstrap. So you're kind of completely stuck. Your iEvo is now only playable on the DSL you used to run the switch.

That's why I still have my DSi at 1.4.2 (DSL mode works) and am downloading eShop stuff with my 3DS for free games.

Well, shit! I was so happy to buy my dsi in japan, but now I'm really bummed, not only because i can't use my cyclo on it anymore, but also because it's completely in japanese, and although I'm fluent in japanes, it just bugs me now, I'm so used to seeing alphabet letters that reading in japanese is really annoying now, and I'm stuck with it, and to top it off the zelda game is also in japanese! so yeah, this is the nail on the coffin, I'm really regretting having bought this dsi

Thanks for your reply IcySon!

 

[misthero]

hello, I have just bought a 3ds and a cyclods ievo, but i'm totally noob with nintendo stuff and scene, I'm guessing, what happen if I put the cyclods ievo in "DSi mode" BEFORE updating the 3DS to the latest firmware?

Would it work?

will the cyclods stay in DSi mode after the console update and allow me to avoid the patch (since i have no other ds console)

or shuld i run this patch directly in the 3DS before updating it??

is that possible?

thanks for any hint!

 

[TheTanooki]

I realize that this is a very older topic by now, but if anyone can help it would be most appreciated.
I followed the steps to switching my CycloDS to DSi-mode, so that I could use it on the 3DS. However, I believe since the 3DS has been updated, it wasn't working. I decided to give up on getting it to work on the 3DS, but how do I go about switching it back to the DSL-mode if I cannot access the settings due to the system constantly trying to load up My Cooking?
In short, I did the steps listed here. Is there any way for me to revert them so I can once again use my CycloDS on my regular DS Lite?
Thanks.

 

[Technicmaster0]

I realize that this is a very older topic by now, but if anyone can help it would be most appreciated.
I followed the steps to switching my CycloDS to DSi-mode, so that I could use it on the 3DS. However, I believe since the 3DS has been updated, it wasn't working. I decided to give up on getting it to work on the 3DS, but how do I go about switching it back to the DSL-mode if I cannot access the settings due to the system constantly trying to load up My Cooking?
In short, I did the steps listed here. Is there any way for me to revert them so I can once again use my CycloDS on my regular DS Lite?
Thanks.

Just install the original bootstrap.