13 years.

The original DS was released in 2004, and to this day, no hax for Download Play had been made.

Until now.

Gericom found an exploit in DS Download Station, allowing us to run any homebrew we'd like over DS download play.

Source code for dspatch: https://github.com/Gericom/dspatch

Enjoy!

Credits:
Exploit: shutterbug2000, Gericom, and Apache Thunder
Graphics: Jaames, Robz8

And if you want to load unsupported flashcarts on a DSi:

Yes.
Here's Apache Thunder's flashcard launchers edited for HaxxStation. @shutterbug2000 should put this in the first post.
https://www.odrive.com/s/23b9f39c-ae15-4c1b-8ff7-64344fa6f2d2-5939fc7f

 

[Ermelber]

Mmmm... I'm a little bit confused. It works over wifi and I need an emulator on my computer with the DS Download station rom (usa) and a physical ds. Right?
Sorry for dumb questions.

No, you need another (2/3)DS(L/i) that runs that DS Download Station ROM on a Flashcard and then on your other (2/3)DS(L/i) you download it. The nice thing is that this second (2/3)DS(L/i) is unmodified and thus you can run unsigned DL Play on any (2/3)DS(L/i) without Flashcards.

Another nice thing you can do:
There is a modified DS Firmware that is able to run unsigned DL Play Multiplayer ROMS such as Ermii Kart's or other (modified) games that couldn't work beforehands.
You can just send this modified DS Firmware ROM with HaxxStation to the unmodified DS and then use this one to download the modified DL Play ROM.

Hope I cleared things up.

 

[chaos blast]

using r4i launcher tried to run this card http://www.r4i.ndsi.in/ on my dsi version 1.4.5, didn't work. after downloading the hax white screen and nothing.

 

[Gericom]

No, you need another (2/3)DS(L/i) that runs that DS Download Station ROM on a Flashcard and then on your other (2/3)DS(L/i) you download it. The nice thing is that this second (2/3)DS(L/i) is unmodified and thus you can run unsigned DL Play on any (2/3)DS(L/i) without Flashcards.

Another nice thing you can do:
There is a modified DS Firmware that is able to run unsigned DL Play Multiplayer ROMS such as Ermii Kart's or other (modified) games that couldn't work beforehands.
You can just send this modified DS Firmware ROM with HaxxStation to the unmodified DS and then use this one to download the modified DL Play ROM.

Hope I cleared things up.

Sidenote: Not all firmware roms seem to be working. The TWL unsigned downloader srl from the nitro sdk has been tested and works alright at least.

 

[MacGab]

Tried booting my original R4DS on a DSi with "wood_r4_m3.nds", but it doesn't seem to work properly.



Anyway, great job guys! It was the final nail to the coffin for NDS

 

[Thunder Hawk]

Tried booting my original R4DS on a DSi with "wood_r4_m3.nds", but it doesn't seem to work properly.

View attachment 89471

Anyway, great job guys! It was the final nail to the coffin for NDS

For the NDS, maybe. But for the DSi? Maybe not.

 

[SoslanVanWieren]

im having trouble getting it to work with 0.2.0 bootstrap and shutterbug said it works on that

 

[migles]

For the NDS, maybe.

what's left to exploit on the NDS?
the only thing left would be customizable firmware or something, we have flashme which is a kinda custom firmware...

 

[SoslanVanWieren]

what's left to exploit on the NDS?
the only thing left would be customizable firmware or something, we have flashme which is a kinda custom firmware...

But we still need cfw for the dsi

 

[migles]

But we still need cfw for the dsi

talking about the NDS

 

[Gericom]

Tried booting my original R4DS on a DSi with "wood_r4_m3.nds", but it doesn't seem to work properly.

View attachment 89471

Anyway, great job guys! It was the final nail to the coffin for NDS

IIRC there was a problem were the dsi shut off the slot, because an r4 has an invalid banner or something. Apache Thunder has a physical card switcher

 

[SoslanVanWieren]

having trouble getting it to work in Bootstrap 0.2.0 it stays on black screen

 

[Maschell]

Wasn't wifi-me doing something similar?

 

[ChampionLeake]

Is there going to be a source code soon or a write-up o this exploit soon? It would be interesting to see how the vuln was discovered.

 

[FAST6191]

Nice.
I shall await a writeup on how this works for a thought things were RSA signed and only flashme would bypass it.

Other than chain loading I am not sure what use this will be for most, at least pending some means of launching from a PC, but still very cool to see.

 

[tozevleal]

Its possible to inject multiple homebrew apps? Would be awesome!
----------------------
Status: Homebrew works ok on my DSi XL but doesn't boot on my R4i-Gold (www.R4i-gold.eu) :/
----------------------
How we can get Grand Dad NDS ?
----------------------
UPDATE: the R4i boot hack with this works on my 3ds (with luma CFW using the Download play thing has a client)
BUT! It doesn't work on the DSi with 1.4.5 FW using the Download play thing
----------------------
UPDATE2: If you use a very bighomebrew file such has BadApple.nds (its over 120mb +-) the download play app client loads and you can see the bad apple homebrew logo... but when you try to launch it, automaticaly freezes with the loading sound! (probably trys to allocate 120mb on ram and freezes)

 

[CTurt]

what's left to exploit on the NDS?
the only thing left would be customizable firmware or something, we have flashme which is a kinda custom firmware...

DS CFW is possible. I did it for fun a couple of years ago.

http://cturt.github.io/ds-cfw.html

 

[SoslanVanWieren]

anyone got it working with twl loader im using 0.2.0 bootstrap but i can't get it to work does it take long to load?

 

[migles]

DS CFW is possible. I did it for fun a couple of years ago.

http://cturt.github.io/ds-cfw.html

is there a version ready to flash like flashme, with custom themes?
i'd like to inject a theme into my ds lite menu

 

[CTurt]

is there a version ready to flash like flashme, with custom themes?
i'd like to inject a theme into my ds lite menu

My project was mainly for developers and isn't really suitable for end users, however if you are willing to do a bit of reverse engineering or experimentation, it isn't too hard to change the text and colours in a firmware image.

 

[einhuman197]

Can I launch the final nds with Twloader? If yes, how? I can't see it in Twloader. Installed the Twloader cia and the twlnand cia and copied the nds to the path in the settings