Although I never jumped on the 3DS flash card bandwagon (I only have a black Cyclo DS Evo), I've been thinking about this for a while, and have even started looking into it. I would have liked to be advanced enough to do this all on my own, but it looks like I'm disappointingly not smart enough. Anyway, onto the main point. As we all know, Nintendo recently nuked the compatibility of a large number of flash cards on 3DS consoles in a supposedly permanent fashion. When they did this, a thought occurred to me: they probably only blocked these cards from being booted by the home menu. If that's the case then, in theory, a flash card may be bootable by another method.
Cyclo DS iEvolution used WinterMute's CookHack exploit to pretty much do this thing here that what I'm talking about. The card appears as the Cooking Coach game with a hacked save, it even boots into the game before the exploit works its magic and boots up the iEvo menu. Unfortunately, the exploit was fixed in newer system updates on the DSi, and never worked on the 3DS. Even though the CookHack exploit has been fixed, we don't need to be able to boot our cards in DSi mode. We actually only need a DS mode exploit. There's an untapped potential for those on the DS, because we've never really needed to look for them, and most saves are too small to really do anything worthwhile.
Blasty released a video of an exploit for FIFA 08 (found by Warmup) that demonstrates running custom code when the player views their profile. This is, potentially, a great game to start with since the save size is 64kB (as opposed to Cooking Coach's 8kB) and it can be found very cheaply on sites like eBay. Blasty hasn't released the source for the exploit, which is where I'm hitting a brick wall. The exploit most likely lies in the profile name, but I'm too inexperienced to work out the checksum locations and how to fix them. Aside from that, I've compiled small homebrew apps for the DS before, but I'm not really sure how I would write a loader, let alone one that will compile to a small enough size to be stuffed into a 64kB save file. I fear this is beyond my technical abilities, and learning looks like it would take too long.
The theory of the loader is this:
So, what do you guys think?
Cyclo DS iEvolution used WinterMute's CookHack exploit to pretty much do this thing here that what I'm talking about. The card appears as the Cooking Coach game with a hacked save, it even boots into the game before the exploit works its magic and boots up the iEvo menu. Unfortunately, the exploit was fixed in newer system updates on the DSi, and never worked on the 3DS. Even though the CookHack exploit has been fixed, we don't need to be able to boot our cards in DSi mode. We actually only need a DS mode exploit. There's an untapped potential for those on the DS, because we've never really needed to look for them, and most saves are too small to really do anything worthwhile.
Blasty released a video of an exploit for FIFA 08 (found by Warmup) that demonstrates running custom code when the player views their profile. This is, potentially, a great game to start with since the save size is 64kB (as opposed to Cooking Coach's 8kB) and it can be found very cheaply on sites like eBay. Blasty hasn't released the source for the exploit, which is where I'm hitting a brick wall. The exploit most likely lies in the profile name, but I'm too inexperienced to work out the checksum locations and how to fix them. Aside from that, I've compiled small homebrew apps for the DS before, but I'm not really sure how I would write a loader, let alone one that will compile to a small enough size to be stuffed into a 64kB save file. I fear this is beyond my technical abilities, and learning looks like it would take too long.
The theory of the loader is this:
- Exploit runs the loader code.
- The loader checks the card header, then waits/loops.
- When it detects a different header (ie, card swap like savsender), it boots the card.
- The 3DS and DSi allow you to eject a DS game without exiting DS mode (unlike with 3DS games)
- Nintendo have had no reason to patch DS mode exploits, and have been too busy patching cards
- Not a permanent solution, once the 3DS/DSi powers down or DS mode is exited, the method would need to be repeated. This means roaming around with your 3DS/DSi in sleep mode all the time. Kind of makes me think of how annoying tethered jailbreaks are.
- Requires an exploitable game, so people would have to be actively looking for more exploits in case the original exploit is patched. The good news here is that there's a vast library of DS games to search through. The bad news is that a lot of them will have very small save sizes, barely any room for executable code, so knowledge of assembly language may be required.
- Requires a method to overwrite saves on an original game card. There are lots of different methods, though, like savsender, eepinator, R4i Save Dongle, NDS Adapter Plus, etc. For people with no access to any of these, it's probably easier just to get a DSTwo.
So, what do you guys think?