Hacking Wood and YSMenu on R4i RTS

[Gaboros]

Hello!

Maybe some of you know me, but let me introduce myself.
I recently do activity on the M3 section of the forum. I have continued the porting of the Wood and YSMenu on the M3. But why is it important, why I'm writing here?
I think most of the R4(i) RTS/SDHC users don't know but this card was made by the M3 team. So it use the same dldi and parameters but totally different firmware. So that is why I'm writing here. I want to grab the attention of the R4i RTS users about my Wood and YSMenu port, because they can use my files on their card. To tell you the truth I don't have M3 card. I also have R4i RTS card.

I don't want to write a lot of thing about it because I have already written everything in an other topic.
So for further information take a look at here, you can also found my files there:

http://gbatemp.net/t268715-woodr4-for-m3

The basics about the two firmware:

Wood R4 for M3 is a Wood port for the M3/R4i RTS. It is currently at 1.20 like the original one. I try to keep updated but sometimes it is a hard job.
YSMenu on M3/R4i RTS is called YSM3. I have successfully ported Retro's dat files (it can run almost every games) in it and fixed the softreset. (it was bugged in the original version)

So dear R4i RTS users I was this informations and files are useful to you!
Cheers!

Also take a look at here if you have that card:
http://gbatemp.net/t272137-r4i-rts-quad-firmware

 

[Fireballo]

This is great news! Thanks so much for your hard work.

 

[.Chris]

This will be very useful to those that own an R4iRTS! Thanks gaboros!

 

[Gaboros]

You are welcome!

I live the loader of the original firmware because it can load almost every game and it has softreset but its menu is horrible. O.o
So ugly, cheat menu is bugged the text goes out of the frame, etc.

Btw if anybody want to autoboot ysm3 or wood just rename ysm3.nds or wood.nds to r4i.sys and put it into the _system_/_sys_data folder.

Cheers!

 

[urbon]

Hello!

Maybe some of you know me, but let me introduce myself.
I recently do activity on the M3 section of the forum. I have continued the porting of the Wood and YSMenu on the M3. But why is it important, why I'm writing here?
I think most of the R4(i) RTS/SDHC users don't know but this card was made by the M3 team. So it use the same dldi and parameters but totally different firmware. So that is why I'm writing here. I want to grab the attention of the R4i RTS users about my Wood and YSMenu port, because they can use my files on their card. To tell you the truth I don't have M3 card. I also have R4i RTS card.

I don't want to write a lot of thing about it because I have already written everything in an other topic.
So for further information take a look at here, you can also found my files there:

http://gbatemp.net/t268715-woodr4-for-m3

The basics about the two firmware:

Wood R4 for M3 is a Wood port for the M3/R4i RTS. It is currently at 1.20 like the original one. I try to keep updated but sometimes it is a hard job.
YSMenu on M3/R4i RTS is called YSM3. I have successfully ported Retro's dat files (it can run almost every games) in it and fixed the softreset. (it was bugged in the original version)

So dear R4i RTS users I was this informations and files are useful to you!
Cheers!

You should release your source code under UPL.

 

[Gaboros]

If anyone have or heard about an alternative menu just let me know about it please.

 

[amaro]

Hei! gaboros. Can you port R4iPt for R4iRTS and M3Real?

http://www.r4ipt.com/R4iPt/ENG/default.htm

I think it is possible! can you try?

 

[Gaboros]

Hei! gaboros. Can you port R4iPt for R4iRTS and M3Real?

http://www.r4ipt.com/R4iPt/ENG/default.htm

I think it is possible! can you try?

Hehe, you just found out my thought.

I'm currently working on it but you know I'm not sure about even it is possible.

You know you can port the firmware of the R4i RTS to M3 card but only if you use a loader.eng from the 2.6f, because in higher version it is blocked and can not be patched perfectly. So I'm thinking about maybe they have locked those files already in their first release. So I'm not sure about it is possible but I'm trying it.
Don't have any luck yet, only just two white screen.

 

[amaro]

Hei! gaboros. Can you port R4iPt for R4iRTS and M3Real?

http://www.r4ipt.com/R4iPt/ENG/default.htm

I think it is possible! can you try?

Hehe, you just found out my thought.

I'm currently working on it but you know I'm not sure about even it is possible.

You know you can port the firmware of the R4i RTS to M3 card but only if you use a loader.eng from the 2.6f, because in higher version it is blocked and can not be patched perfectly. So I'm not sure about it is possible but I'm trying it.
Don't have any luck yet, only just two white screen.

_ds_menu.sys ( just rename to LOADER.ENG ) supports the same patch they use in R4iRTS for M3Real. The problem is to modify two files: Flagrantia.okm and homebrew.okm

 

[Gaboros]

Hei! gaboros. Can you port R4iPt for R4iRTS and M3Real?

http://www.r4ipt.com/R4iPt/ENG/default.htm

I think it is possible! can you try?

Hehe, you just found out my thought.

I'm currently working on it but you know I'm not sure about even it is possible.

You know you can port the firmware of the R4i RTS to M3 card but only if you use a loader.eng from the 2.6f, because in higher version it is blocked and can not be patched perfectly. So I'm not sure about it is possible but I'm trying it.
Don't have any luck yet, only just two white screen.

_ds_menu supports the same patch they use in R4iRTS for M3Real. The problem is to modify two files: Flagrantia.okm and homebrew.okm

Yeah that is right! Basically if you take a closer look at it the _ds_menu.dat from the latest R4ipt and from the latest R4i rts just the same file. I think even the _ds_menu.sys could be used as loader.eng, maximum we have to decrypt it with the key 0x72 to match r4i rts. That is not problem.
You also say it totally right the Flagrantia.okm and homebrew.okm is the problem. Maybe they have found out a new hex key the lock out any other cards. If my theory is right we have to found those keys and modify it to do not do that check. I mean all of the m3 teams firmware check the card by sending SPI 0xCD command. But the hex key was also different in different card's firmware.
So if my theory is right we have to modify those to files (or maybe more) to do not send the SPI 0xCD command.
But even it is possible I'm totally wrong and other things do this error. It just a theory and writing because maybe someone can found out something to help us.

 

[Gaboros]

I have found an interesting thing when I wanted to decrypt the R4iPT's _ds_menu.sys to loader.eng to match the R4i RTS. If you god at this you know the key files to do this is 0x72 (M3 real eng files are using 0x12). So that interesting thing happened:

Looks like the R4iPT's file originally using the 0x72 decryption so we don't even have to decrypt it!

For M3 Real eng we have to do it with 0x12.
Ok then if my theory is right we have to found the SPI 0xCD command in the files. Unfortunately currently I don't know how to do it.
Here is what I now about this:

To remove from the R4i RTS's files you have to do the following:

check this: 08402DE90030A0E300308DE50020A0E3
check this: 04E02DE500C0A0E30CD04DE20C20A0E1
modify them to this: B300A0E31EFF2FE1

To remove from the M3 real eng files you have to do the following:

check this: 08402DE90030A0E300308DE5CD00A0E3
check this: 08402DE9B100A0E30010A0E3010080E2
check this: 08402DE90030A0E300308DE50020A0E3
check this: 08402DE90230A0E300308DE50130A0E1
check this: 08402DE9AA00A0E30010A0E3010080E2
check this: 00308DE5CD00A0E30020A0E30010A0E3
check this: 04402DE508D04DE20000A0E3CD10A0E3ÂÂÂÂ' Sakura
check this: 08402DE90330A0E300308DE50030A0E30020A0E30010A0E3CD00A0E3 #v2
check this: 08402DE91000A0E30010A0E3011081E2 #v2
modify them to this: A700A0E31EFF2FE1

I have tried both of them on the R4ipt's file but nothing was found. There is two options: if my theory is right, they using different keys.
Or if it isn't maybe they use different "protection" on this, or we just simply doesn't see something.

Edit: I'm almost sure about we have to found out something in connection with Flagrantia.okm because in the R4iPT 3.0 it given me two white screen but in the 3.1 it is give me two black screen. But they didn't modified the _ds_menu.sys at all!
And everything I found in this file was in connection with Flagrantia.okm.

Edit2: Looks like the r4_firends.ext from the R4ipt can be used in the R4iRTS by exchanging it. So I'm think if we can the menu working it could load games in R4i RTS. And the menu is the _system_/Fla folder, If I'm right we only have to modify the files inside it.

Edit3: I have tried to patch both the r4irts and r4ipt's r4_firends.ext with the method mentioned above. And again an interesting happened. It was done but in a different place. Then I wondering why isn't working the R4ipt's firmware on the r4i rts by simply renaming the files? It is a great misery for me currently. Or the Flagrantia.okm can not loaded by this card at all? Or it is protected in different way/key? I don't know.

Any idea here guys?

 

[Gaboros]

LoL, looks like iTouch firmware can be used on R4i RTS card without ANY modification just copy to ds card. I have never thought about that.

http://filetrip.net/f23257-iTouch-Firmware-3-9.html

 

[amaro]

LoL, looks like iTouch firmware can be used on R4i RTS card without ANY modification just copy to ds card. I have never thought about that.

and run roms?

 

[Gaboros]

LoL, looks like iTouch firmware can be used on R4i RTS card without ANY modification just copy to ds card. I have never thought about that.

and run roms?

Its fully working. You don't need every file, you don't need the boot files you only need the loader.eng.
Soft reset working, the games are loading, everything is working.

But its cheat menu is messed up. You don't have folder in it every cheat is in the main screen. Takes hours to found anything.

 

[amaro]

LoL, looks like iTouch firmware can be used on R4i RTS card without ANY modification just copy to ds card. I have never thought about that.

and run roms?

Its fully working. You don't need every file, you don't need the boot files you only need the loader.eng.
Soft reset working, the games are loading, everything is working.

But its cheat menu is messed up. You don't have folder in it every cheat is in the main screen. Takes hours to found anything.

why you not creating a topic to talk about it?

 

[AndroidDem0man]

Hey. Is it possible to run the R4i RTS firmware on M3 Real?
I dont even know why i want to do it. but just to play around with it.

So far is it a no? I really dont know what any of you are saying lol.

 

[amaro]

Hey. Is it possible to run the R4i RTS firmware on M3 Real?
I dont even know why i want to do it. but just to play around with it.

So far is it a no? I really dont know what any of you are saying lol.

http://gbatemp.net/t204665-how-to-turn-you...ro-into-r4i-rts

 

[AndroidDem0man]

Hey. Is it possible to run the R4i RTS firmware on M3 Real?
I dont even know why i want to do it. but just to play around with it.

So far is it a no? I really dont know what any of you are saying lol.

http://gbatemp.net/t204665-how-to-turn-you...ro-into-r4i-rts

Oh my, Thank you kind Sir.
My brother iwll be happy. as he uses my M3 and not my other cards. Which is pretty stupid.

 

[Gaboros]

Hey. Is it possible to run the R4i RTS firmware on M3 Real?
I dont even know why i want to do it. but just to play around with it.

So far is it a no? I really dont know what any of you are saying lol.
http://gbatemp.net/t204665-how-to-turn-you...ro-into-r4i-rts


Yeah, exactly. You were faster then me.

Currently I'm doing some researches on the iTouch. Very strange they have packed a loader.eng which is decrypted so the R4i RTS can load it and every thing working. Even slow motion... R4i RTS' original firmware doesn't have anything like this.

QUOTE(AndroidDem0man @ Dec 30 2010, 04:24 PM)

Hey. Is it possible to run the R4i RTS firmware on M3 Real?
I dont even know why i want to do it. but just to play around with it.

So far is it a no? I really dont know what any of you are saying lol.

http://gbatemp.net/t204665-how-to-turn-you...ro-into-r4i-rts

Oh my, Thank you kind Sir.
My brother iwll be happy. as he uses my M3 and not my other cards. Which is pretty stupid.

I don't recommend that firmware. It just sucks in every way. I know, because I only have R4i RTS.

I recommend Wood or YSM3 better but it is your decision.

 

[AndroidDem0man]

One question. Is it possible to have a boot screen when you load up the M3 and it asks to go into the iTouch firmware or R4i RTS firmware? (since itouchds is supported by m3 team too i believe it works on m3 too)