Homebrew TWLbf - a tool to brute force DSi Console ID or EMMC CID

[catalin]

Seems to be working, i don't have that error. now i have this one:
ocl_assert: ocl_brute.c, function ocl_brute_console_id, line 176
clEnqueueReadBuffer(command_queue, mem_out, CL_TRUE, 0, sizeof(cl_ulong), &out, 0, NULL, NULL)
error: out of resources

I suppose is nvidia related, since is crashing my display driver when throwing this. Maybe cuda is acting strange for this

Will try to install windows 7 (i have 10 now) and try there. if not will try with a laptop with intel video.

Will post back here once i have something.

 

[JimmyZ]

Will try to install windows 7 (i have 10 now) and try there.

No need to do that, even if it works, it's too much trouble.

 

[catalin]

will try with an old gt220 ( i think) to see what's happenig.
I cannot get hands on an amd card and don't have no one around with one.
Will try with what i have

Is a way to force this to use the cpu instead? I have a xeon 4650, think could handle a bit of work.

Since i cannot find a flash cart for my DSi, i want to try those until i lose hope

LE: Seems that i have a gt440. will see what it can do

 

[catalin]

No help. I even tried hooking up both, use gt440 for display and 980 for processing, but still same error.

Will try with my laptop now. Need to install it and test.

 

[JimmyZ]

Try this one, I lowered queue length from ~100,000,000 to ~1,000,000 in console_id_bcd mode, again this is a blind fix and I don't know if it will work.

 

[catalin]

Nice, thanks.
Is runnning, no errors so far.
started with 08a20, now is around 08a20190000....
Will keep you posted.

--------------------- MERGED ---------------------------

just to check if i do it right, this is the command:
bfcl console_id_bcd 08A2010000000100 001f 5FDF4BEE42B69EDD10815B4CC4AD65EF 000000000000000000000000000055aa 0000 9B085A5BDFF0A6B99DBAFB3006E83451 00000000000000000000000000000000

5FDF4BEE42B69EDD10815B4CC4AD65EF is what i found in my nand dump at offset 000001F0

9B085A5BDFF0A6B99DBAFB3006E83451 is what i have in my nand dump at offset 00000000

I've opened my dump with HxD

 

[JimmyZ]

just to check if i do it right, this is the command:
bfcl console_id_bcd 08A2010000000100 001f 5FDF4BEE42B69EDD10815B4CC4AD65EF 000000000000000000000000000055aa 0000 9B085A5BDFF0A6B99DBAFB3006E83451 00000000000000000000000000000000

5FDF4BEE42B69EDD10815B4CC4AD65EF is what i found in my nand dump at offset 000001F0

9B085A5BDFF0A6B99DBAFB3006E83451 is what i have in my nand dump at offset 00000000

I've opened my dump with HxD

Looks alright to me.

 

[catalin]

Thanks.
Will try the combinations from first thread, and hopefully will have a hit.

Let me know if you need any help from me here.

 

[catalin]

I tried all those 11 combination for console id, had no hit.
Should i try with others? Does that mind about the date of the console? The emmc date is july 2009.

 

[JimmyZ]

I tried all those 11 combination for console id, had no hit.
Should i try with others? Does that mind about the date of the console? The emmc date is july 2009.

Yes you should, we've gathered some samples, but that's really not a very large collection, I suggest you start with the missing hole 08a17, then expand out on the edges 08a14, 08a22, 08200, 08205...

As for the connection between date of the console/emmc, this is really a good point but I haven't looked into it yet.

 

[catalin]

Ok, so, after a lot of help from JimmyZ i succeeded getting my console id and emmc cid from my nand dump.

My console id first 5 chars are 08a23.
The emmc cid MY are 8C for chip with code 931 (2009, july).

I was also able to decrypt my nand using obtained cids, now i'm just about to write them back.

Thanks for help and hard work you put into this.

 

[pix31]

Time to add a couple new constants to that list. My DSi XL USA console has this ConsoleID:

0820310105092122

Note the first 5 digits. My console ends in 3 not 1 or 2: 08203

Also this is the first 5 digits of the USA region Pink non XL DSi I used to own:

08204

I won't reveal the full ID to that one as I have sold that to someone else now.

PLEASE HELP ME GET MY CONSOLE ID

 

[voice2000]

Is there a tutorial on how to use the commands for extracting the eMMc cid and ConsoleID ?
I can't figure it out sorry.
i have the nand dump.Maybe someone can help me extract the emmc cid from the nand dump i have?
Thank you

 

[martinm90]

I have the same problem
I have an Black DSi, a NAND dump and my ConsoleID and need the eMMC CID.

my nand chip says

Samsumg 901
KMAPF0000M-S998
N1HW8NA3

Anyone can help out?

thanks

EDIT

got it, no help needed anymore =)

ConsoleID
08A21 DSi Black EUR

 

[marine5422]

Main article

Hi Jimmy, I got totally different, exceptional sample report in here.

Korean Version(Region K), DSi Cyan, 1.4.1K

NAND Print: SAMSUNG 001 KMAPF0000M-S998

By define the NAND print, it's should be 2010' (D...?) first week (0 or 1) I guess.

So, It should be: D1 xx xx xx xx 03 4D 30 30 46 50 41 00 00 15 00

But the problem is, there is no pre-installed title or way to download DSiWare in this region.
So the only way that I can get console-id is Brute force manually.
I got hardmod-ed and dumped eMMC NAND sample, had been check 'well known' range (08A15-08A22 / 08201-08204), but no result.
So I expanded value between 08A10~08A39 / 08200-08229 range, but still no luck.

It looks like a this one has a totally different console id.
I'm still brute forcing the console id, but I'm not sure how long it will takes.



* p.s: It's will takes 2200 second to get 1 sample by using a twlbf_mbedtls (openssl is much slower). and I dunno why but the bfcl doesn't work for me.
(CPU: Core2Duo 2.4ghz, GPU: GeForce 8500)
Is there any minimum requirement for bcfl? I've already installed 2015 VC redistribute, .Net Framework 4.0. Did I missed it something?


* p.s 2 If i get some another info, i'll update/notify it later.

 

[marine5422]

.

 

[nocash123]

1D not D1

 

[marine5422]

1D not D1

Alright, I think I miss the order about the month and year.
But, I just wonder that is that really affect the bruth forcing the Console_ID?
If not, well not necessary for now.

 

[chronoss]

Someone can help me to get my ConsoleID of my dump please (dump bay hardmode) ?
There is no tutorial and no command line to bruteforce my nand

I'm on Windows, please

 

[marine5422]

Merged.