ROM Hack DS Download Play - Send nds file with Planet Puzzle League

[loco365]

Either way, we need to find a way to fake the signature, or to actually get the key (which we might be able to do from receiving the source of ds bricker).

What about the NITRO SDK? It might have a key we can utilize.

 

[Sicklyboy]

i couldn't even obtain the fake dragon quest ix that has the bricker

They aren't that easy to find. You have to be either very unlucky or search really hard.

I have a copy of it.

I found it when it first came out (knowing what it was) and am waiting for the day when somebody I loathe wants to play Dragon Quest IX.

I also have Taihen and the DSBricker program somewhere too. Wow, I am an asshole.

Gfdi. Everyone has the brickers but me. Only ever wanted them so I could pseudo-brick my Lite (since it is flashme'd). Want to see the brick wall on my device one time in its lifespan, lol.

 

[Kiaku]

What about the NITRO SDK? It might have a key we can utilize.

Quite possible. I found out that the official Nintendo software was leaked before: Link

It may help in signing homebrews.

 

[KazoWAR]

Games will never work with DS Download play, unless you can fine a game that has no data files and everything in embedded in to the arm9 then it will not boot. The games are programmed to load data files form the slot 1 cart at soon as the arm9 is booted.

you cant just bypass the signed code check but just using a header from another game its the arm9 that is signed. You also do not need the DS bricker or contact the DS bricker's programmer to know how to make a homebrew look like another game. you can rip the icons with many tools and use those and set the title with the libnds. you can all use dslazy to swap the banner.bin of a game and use it with another ROM. banner.bin contains the icon and game title.

 

[MG4M3R]

The nds file size limit is ~4mb!!

This means that if we had a normal retail rom with 4mb, we could send it?

 

[uriyasama]

How is this gonna help anyone in anyway??? To send the demo you need a flashcart and if you already own a flashcart you can easily download jump super stars and send a demo through it. but still nice find

 

[loco365]

How is this gonna help anyone in anyway??? To send the demo you need a flashcart and if you already own a flashcart you can easily download jump super stars and send a demo through it. but still nice find

We can make homebrew that utilizes Download Play?

 

[habababa]

According to this NSMB hacking thread from another site, Mario vs Luigi Level hacks playable in NSMB download play works on flashme'd and non-flashme'd DS's.

 

[loco365]

According to this NSMB hacking thread from another site, Mario vs Luigi Level hacks playable in NSMB download play works on flashme'd and non-flashme'd DS's.

That's because it sends the level data from the map files- but the game issues no checks on it, so it is used as valid.

 

[morphius]

from http://tobw.net/dswiki/index.php?title=How_to_run_code


WifiMe - The Wireless PassMe
The DS has the possibility to download game demos using the integrated WiFi capabilities. It uses a custom network protocol (NiFi) made by Nintendo that is incompatible to TCP/IP. Firefly has reverse engineered this protocol and figured out how to emulate a DS download station using a special kind of WLAN Adapter, a customized driver for it, and an application he called WMB (Wireless Multiboot). Using this, it is possible to send software to the DS, but still with one major problem: The software has to be digitally signed by Nintendo. Faking such a signature is close to impossible because a 1024 bit RSA signature is just not that easy to guess. But Firefly had another idea how to work around this problem which was similar to the idea of the PassMe: Like the hardware game cartridges, the game binaries that are sent via WiFi contain a pointer to the beginning of the code, two pointers to be precise. One of them is signed and thus cannot be changed as this would invalidate the binary, but the other pointer is not signed. So, Firefly modified a game dump that was signed by Nintendo (the Mario 64 DS multiplayer binary) and set the unsigned pointer to the address of the GBA slot. This modified binary, known as WifiMe, now accomplishes the same as PassMe. You download it to your DS using Firefly's WMB and it runs code that is stored on a GBA cartridge.
WifiMe does not work with a DS with new firmware.


so in summery there are TWO pointer files .. one signed...one not. Newer ds firmware ONLY look at the signed. So unless you can figure out how to sign binaries (public key/private key) , you are stuck with official demos

 

[Kiaku]

...So unless you can figure out how to sign binaries (public key/private key) , you are stuck with official demos

That is what we're trying to do. So far, I researched nds files and found this: Link

Apparently, it states that the RSA signature is located at the 0xF80 offset. Is there a program I can use that can specifically open up these offsets and reveal the RSA signature? If this is possible, we can finally sign our own homebrews and send them through download play.

 

[morphius]

a hex editor will allow for hex editing and opening the offset. not sure if it would be of any use as it probably encrypted(not sure , don't know too much about encryption)

 

[Kiaku]

I used a hex editor on the Mario Kart demo and searched up "RSA". It showed the RSA Security text, but I don't see the key anywhere. When I used the hex editor on the Tetris DS demo, it didn't have any RSA text on it, yet I can boot it fine through DS download play. I guess the key is encrypted.

 

[emmanu888]

if only we could get the key we could boot ds homebrew on the 3ds without a flashcart

 

[morphius]

But it would still be just DS not 3DS homebrew. Unless you could find an exploit that breaks out of the DS sandbox

 

[chyyran]

The private key is only seen by Nintendo officials.

It's almost never found, ever. It's not even contained on the system.
You have to bruteforce it, and that could take years


We never actually hacked the DS. We just found a way to bypass it's security.

The Wii we hacked, the PS3 we hacked. The DS was never actually hacked, in a sense

 

[Kiaku]

Ah crap. My DS lite has finally called it quits. Both fuses has blown on me. Won't charge nor turn on, so I can't send anything anymore.

 

[Krestent]

Ah crap. My DS lite has finally called it quits. Both fuses has blown on me. Won't charge nor turn on, so I can't send anything anymore.

I just had the idea of:
If you have a softmodded Wii, why not try doing this with one of the Wii games that exist that can send a demo of a DS game? IIRC, Geometry Wars can send a demo of a NDS game.

 

[emmanu888]

Ah crap. My DS lite has finally called it quits. Both fuses has blown on me. Won't charge nor turn on, so I can't send anything anymore.

I just had the idea of:
If you have a softmodded Wii, why not try doing this with one of the Wii games that exist that can send a demo of a DS game? IIRC, Geometry Wars can send a demo of a NDS game.

maybe that could work

 

[loco365]

Ah crap. My DS lite has finally called it quits. Both fuses has blown on me. Won't charge nor turn on, so I can't send anything anymore.

I just had the idea of:
If you have a softmodded Wii, why not try doing this with one of the Wii games that exist that can send a demo of a DS game? IIRC, Geometry Wars can send a demo of a NDS game.

I have a hacked Wii. Unfortunately, my USB Stick is really small so idk if any games that connect with the DS will work.