Hacking Download Play

Discussion in 'NDS - ROM Hacking and Translations' started by playallday, Aug 27, 2008.

  1. playallday

    playallday Group: GBAtemp Ghost

    May 23, 2008
    I and many people want to do Download Play with homebrews but for it doesn't work and we don't know how to hack it.

    * Why did you post this?
    Because we (or me) want to hack it!

    * How?
    Inject it [​IMG] . Thats what I'm thinking. If we can inject a homebrew into arm9.bin it may work. I know its not just a copy & paste job but hey its a start!

    * So we inject it into rom that we can't send? Whats the point????
    No, no! We will try to inject into main_sgn.srl files (they are .nds files) that are sent from many roms.

    * Run over it all now for the hackers!
    Try to inject homebrews (NOT EASY!!) into arm9.bin test it out. I think the arm9.bin needs to be the sames bits that it was. Make a homebrew that will run after and then you can send the homebrews (so we don't do it for every one)(nice but not neeed). Test and test?

    This may be pointless buy hey I tried!

    If you have anything to add tell me!
  2. FAST6191

    FAST6191 Techromancer

    pip Reporter
    Nov 21, 2005
    United States
    As I understand it.
    The DS is able to store small packages transmitted wirelessly using a pseudo proprietary protocol (it is proprietary but very close to existing 802.11 specs. GBAtek is down right now but there are loads of mirrors:
    Another wifi doc from sgstair (author of the most commonly used wifi libraries for DS homebrew).

    This is naturally a really nice way to transmit code so it is signed. Signing is RSA based (decent implementation+key length) and we lack the key. Sidenote if you search you may see an app for signing, this is not the nintendo key but a tool with a key for you to use (ostensibly for file checking).
    The reason some roms fail is because of issues with the header being changed with messes up the authentication.
    The wifi part is stored in srl files as you note within the DS rom distinct to the rest of it (technically it is a rom within a rom and the normal methods (ndstool/ndsts/crystaltile2...) should be able to deal with it.
    Some messing around though (Zelda d-pad hack: rom had the hack, sent file did not) says the sending DS uses a different file.

    Also homebrew with wifi packages. That was one of the first methods although it was killed at the same time as the first passme unless you install flashme, I suggest you look at the other half of wifime.

    Your options. Flashme, personally I still run flashme on nearly ever DS I come into contact with but others are not like me in this regard.
    You beat RSA. Some of best and brightest in cryptography (not a simple field of study) have been at this for quite a while. Unless you happen to have a quantum computer this one is not going to happen any time soon, not to mention if you do I would suggest learning the sound of black helicopters.

    You find an implementation error (similar to the trucha bug for the wii). The wifi hardware is fairly well understood and most of the people who do these sort of things pay attention to the various consoles (including the DS).

    You find an implementation error in a game. This one is the most likely (see action replay based hacks, xbox softmods, twilight hack) but development of it when emulators and flash carts are so good, prolific and blindingly cheap.
    More on this here under "Future generations?": http://www.pineight.com/ds/pass/
  3. arctic_flame

    arctic_flame GBAtemp ATMEGA8 Fan

    Nov 4, 2006
    England land
    Somebody, I believe it was masscat, ported wmbhost to the DS.
    You could use the code (It's GPL anyway) to send an NDS binary.
    However, you'll need flashme to bypass the RSA signature check.
  4. DanTheManMS

    DanTheManMS aka Ricochet Otter

    Jun 2, 2007
    United States
    You can use the wmb host arctic_flame mentioned (which I believe was updated by yellowstar to add DLDI support) to send a small *.nds file to a flashed DS via Download Play. You can also, I believe, somehow inject your homebrew app into a standard Nintendo Download Play image and send it using a different program that turns your DS into a Download Play host, but again this would require the receiving DS to be flashed.

    I don't know too many specifics, sorry.