Homebrew DSi Downgrading - The Complete Guide

[Diego788]

I have a question. Is there a way to decrypt a NAND using Hardmod without any DSiWare game installed!? Because as I can see to get the ConsoleID we need it...

i was about to say Nintendo 3DS Transfer Tool, but it can't be transferred to SD Card...

 

[Billy Acuña]

So, you are into it too, @Diego788 (? :^)

 

[Diego788]

So, you are into it too, @Diego788 (? :^)

yee, i'm very curious about all this xd
soon we'll be able to do a lot of thing with DSi lol

 

[smf]

I used twltool 1.6, not the 1.1 in the tools package. Firstly it allows you to use the cid.bin, which is easier and means you don't inadvertently post yours online.

twltool.exe nandcrypt --cid cid.bin --consoleid consoleid.bin --in nand_dsi.bin --out NAND_DEC.bin

Also it does some sanity checks and will give you an error if it can't decrypt the nand_dsi.bin with the supplied cid.bin & consoleid.bin. Which was helpful when I didn't realise that sudokuhax purposefully corrupted cid.bin

I have a question. Is there a way to decrypt a NAND using Hardmod without any DSiWare game installed!? Because as I can see to get the ConsoleID we need it...

Only if someone figures out another exploit, or where the consoleid is stored or what it's calculated from & finds out how to access it directly (if that is possible).

 

[Deleted member 424658]

Only if someone figures out another exploit, or where the consoleid is stored or what it's calculated from & finds out how to access it directly (if that is possible).

Supposedly you can bruteforce it if you have the cid already, but I don't know how true this is.

 

[smf]

Supposedly you can bruteforce it if you have the cid already, but I don't know how true this is.

Brute forcing even without the cid is possible, eventually. The console id is 64 bits, so you'll need to reduce the search space to make it practical on a single PC & I don't know if that is possible. If you're going to pay to crack it then buying a new DSi is probably cheaper right now.

Maybe the transfer tool can be sniffed to get the console id (or part of it). I assume people have looked at camera images to see if any jpeg tags identify the console they were taken with at all.

I finally bit the bullet and upgraded my DSi from 1.4.1 to 1.4.5 and downgraded the three titles so my "Pippa Funnell" cart worked again :-)

I just wish I'd spent my 800 DSi points on something before the shop closed.

 

[DinohScene]

Bruteforcing is possible but foolish.
Can take decades before you got the proper IDs.

 

[Flashed]

Supposedly you can bruteforce it if you have the cid already, but I don't know how true this is.

Brute forcing even without the cid is possible, eventually. The console id is 64 bits, so you'll need to reduce the search space to make it practical on a single PC & I don't know if that is possible. If you're going to pay to crack it then buying a new DSi is probably cheaper right now.

Maybe the transfer tool can be sniffed to get the console id (or part of it). I assume people have looked at camera images to see if any jpeg tags identify the console they were taken with at all.

I finally bit the bullet and upgraded my DSi from 1.4.1 to 1.4.5 and downgraded the three titles so my "Pippa Funnell" cart worked again :-)

So it's not as easy as I see. Cracking a Console ID could be as hard as crack a WPA password, so yes, better buying another DSi

 

[smf]

So it's not as easy as I see. Cracking a Console ID could be as hard as crack a WPA password, so yes, better buying another DSi

WPA is at least 256 bits, so it's no where near as hard. WEP is 64 bits and that is easily crackable in seconds, but only because of weaknesses in the protocol. If you were brute forcing it then it takes much longer, modern routers that support WEP have had those weaknesses fixed and they seem to be reasonably secure.

--------------------- MERGED ---------------------------

Bruteforcing is possible but foolish.
Can take decades before you got the proper IDs.

The longer you wait, the faster brute forcing it will be. Although you could throw it at a cluster, or accelerate it with a gpu/fpga farm. There are companies offering things like triple des cracking using hardware farms.

My guess is that the demand for running rocketlauncher will be achievable using the DSi's hackable that contain DSiWare, which means there is little justification on finding other ways to find the console id. Although getting hold of a second hand DSi before it's wiped might be a problem.

Today (and if you don't have any interest in pumping time/money into another solution for finding the console id) then find another system.

 

[Flashed]

Another thing. How can I get the CID without The Biggest Loser or hardmod?

Enviado desde mi Xperia M2 Aqua mediante Tapatalk

 

[dpad_5678]

Another thing. How can I get the CID without The Biggest Loser or hardmod?

Enviado desde mi Xperia M2 Aqua mediante Tapatalk

FWtool will tell you.

 

[Flashed]

FWtool will tell you.

Oh great. Also ConsoleID?

 

[Billy Acuña]

Oh great. Also ConsoleID?

With a DSiWare transfered into your SD and extract with dsi_srl_extractor as TWLTool's thread states.

 

[Flashed]

With a DSiWare transfered into your SD and extract with dsi_srl_extractor as TWLTool's thread states.

Thanks

 

[smf]

FWtool will tell you.

Not if you run it with sudokuhax, it lies. So you need flip note and a copy of the leaked exploit (and it isn't available for all regions of consoles yet).

 

[Flashed]

Not if you run it with sudokuhax, it lies.

What about flipnotehax?

 

[smf]

What about flipnotehax?

That is what I said. If you have flip note and a copy of the leaked exploit and a supported console region then you can get the cid. I have the game but didnt bother trying to get the leaked exploit as I have a european DSi and the exploit doesn't work on those. Biggest loser is pretty cheap here anyway

 

[ToneCapone-RF]

I managed to downgrade my system following the guide have 4swordshax running great, but Sudokuhax doesn't work. I got the file sudoku_v0.app and the save from the downgrade package no clue why the hack doesn't work.

 

[Aletron9000]

Hi, i have followed the guide but instead of using a hardmod, i dump the nand with fwtool and when i go to test the new nand in no$gba, i get error code 1-2435-8325. I have tried many times and still get the same error code. Is there something i am doing wrong?

 

[ToneCapone-RF]

Hi, i have followed the guide but instead of using a hardmod, i dump the nand with fwtool and when i go to test the new nand in no$gba, i get error code 1-2435-8325. I have tried many times and still get the same error code. Is there something i am doing wrong?

Yeah you didn't paste your CID and ConsoleID to the Bottom of you nand. that's the error you get.