Homebrew [RELEASE] TWLTool - DSi downgrading, save injection, etc multitool

[Duo8]

Tried cleaning up my DSi a bit. The R button (and the whole backplate) seems fine, however I found a scratch (deep enough to expose copper below) near the backplate port, which might be causing the problems. If this is the case I wonder if there's any way to fix this?

 

[mb2010]

Can anyone confirm raspi 3dsunbricker dumps the cid correctly. I just can't seem to decrypt my nand and want to eliminiate that as a possible reason.

 

[WulfyStylez]

Can anyone confirm raspi 3dsunbricker dumps the cid correctly. I just can't seem to decrypt my nand and want to eliminiate that as a possible reason.

http://problemkaputt.de/gbatek.htm#dsiconsoleids Check out the format for CIDs given here. If you have the raw CID, you'll have to flip it and throw out the CRC byte (I believe.)

 

[mb2010]

http://problemkaputt.de/gbatek.htm#dsiconsoleids Check out the format for CIDs given here. If you have the raw CID, you'll have to flip it and throw out the CRC byte (I believe.)

Thanks i'll have a look when i get home from work.

 

[WhoAmI?]

I doubt that White/Black/White 2/Black 2 can be exploited anyway. Game Freak writes very clean and tidy code, and their save data has checksums out the ass.

Haha xD That's a nice way of putting it

 

[Gadorach]

Tried cleaning up my DSi a bit. The R button (and the whole backplate) seems fine, however I found a scratch (deep enough to expose copper below) near the backplate port, which might be causing the problems. If this is the case I wonder if there's any way to fix this?

You would have to clean the area, and remove the local solder mask for starters. The easiest way is with a fiberglass pen. Then, you would need to check to see if this scratch caused the trace(s) that were damaged to get connected to GND, either visually, or with a probe. Ideally, you would check with both. Then, you would have the best luck with an x-acto knife, by separating any traces from GND, and then using a bit of solder with flux to reconnect any traces that were disconnected by the damage.

You will want a magnifying glass, or microscope, to see the traces though, as they are very small, and thus hard to confirm continuity with just your eyes. Else, good luck, and remember to cover the area you removed the solder mask from with either new solder mask, or electrical tape. I would personally use Kapton tape though, as it is non-conductive, and also low adhesive density. It sticks well, but won't leave residue when you take it off.

 

[mb2010]

http://problemkaputt.de/gbatek.htm#dsiconsoleids Check out the format for CIDs given here. If you have the raw CID, you'll have to flip it and throw out the CRC byte (I believe.)

Problem solved compared my raw cid to the one on that page and all i had to do was reverse the order of the pairs e.g 12 34 56 78 would be 78 56 34 12. The correct CID should look like
xx xx xx xx xx 03 4D 30 30 46 50 41 00 00 15 00 with the xx xx xx xx xx being unique to the console.

 

[Gadorach]

Guide is up, enjoy!

https://gbatemp.net/threads/dsi-downgrading-the-complete-guide.393682/

 

[Plstic]

Is it possible to dump my nand if I already have Sudohax without soldering? Because I'd like to transfer sudohax to a dsi xl.

 

[Gadorach]

Is it possible to dump my nand if I already have Sudohax without soldering? Because I'd like to transfer sudohax to a dsi xl.

It can't be transferred between consoles, but if this leads to the ability to re-initialize the NAND keyslots properly, you should be able to modify your installed titles on your Sudokuhax'd DSi. That would let you change it to being on the latest firmware, but without losing Sudokuhax or the ability to copy exploit saves into the NAND as you see fit. You could also re-enable older flashcarts, among other things. Still, that's a future goal. For the moment, you HAVE to solder to the mainboard.

 

[Gadorach]

Oh, for anyone struggling to read their NAND correctly, here's my solution for overcoming interference.

Spoiler: NAND Reader

That's three ground wires, each wrapped around a signal wire, and all connected together. The signal wire gets soldered to the mainboard signal points, and the extra length of the ground wire goes to any ground points on the board within reach. I haven't had a bad read or write yet with this.

Edit: And to clarify, this wouldn't be customer quality, just a mock-up design I made for testing. Customer units will be clean and fully covered.

 

[atkfromabove]

A cheaper one: http://www.dx.com/p/sd-to-microsd-transflash-card-converter-module-27001#.VbXPzpNEH0o

Oh and I was able to read the CID without root. You don't even need an app for this.

May I ask how you did that? I don't have a ds/lite for my Biggest Loser save and I couldn't get the ReadCID to work with my laptop

 

[Vipera]

Could this lead up to a rom loader right from the SD card? That would be badass.

 

[Gadorach]

Could this lead up to a rom loader right from the SD card? That would be badass.

Building the DLDI driver would be a bigger pain in the ass than most of us want to think about. It's possible though, just not being looked into at this time.

 

[Duo8]

May I ask how you did that? I don't have a ds/lite for my Biggest Loser save and I couldn't get the ReadCID to work with my laptop

Oh I didn't actually read my DSi's CID. I was referring to my phone's memory.

You need a device like the one I linked. Plug the DSi NAND mod in and run this from your phone.

cat /sys/block/mmcblk1/device/cid

Alternatively, browse to the above location with a file manager.

Could this lead up to a rom loader right from the SD card? That would be badass.

It doesn't seem like making one will be trivial.

 

[WulfyStylez]

There's just about nothing to gain from sitting on this possible (but doubtful) exploit since I'm not personally going to try it any time soon - can someone inject a different title and its TMD over the home menu and see what happens? If you get a boot2 error, feel free to post that as well.

 

[Gadorach]

There's just about nothing to gain from sitting on this possible (but doubtful) exploit since I'm not personally going to try it any time soon - can someone inject a different title and its TMD over the home menu and see what happens? If you get a boot2 error, feel free to post that as well.

I'll try it out later today, if no one else does.

 

[WateredFire19]

Can we do anything with this without hard modding?

 

[Gadorach]

There's just about nothing to gain from sitting on this possible (but doubtful) exploit since I'm not personally going to try it any time soon - can someone inject a different title and its TMD over the home menu and see what happens? If you get a boot2 error, feel free to post that as well.

Replacing the launcher with SUDOKU results in a black-screen boot. No other activity, screens do not initialize, console is dormant. Any other titles you want me to test replacing?

Also, we need a DSi-mode FTP server. Using WPA access points is far superior for FTP. Plus, none of the DS-mode FTP homebrew actually work under Sudokuhax. They start, try to init Wifi (likely with DS-mode-only commands), and instantly freeze. If anyone knows of one that doesn't, they should share it. Else, I'll take a look and see what I can do, if no one else jumps on it.

 

[WulfyStylez]

Replacing the launcher with SUDOKU results in a black-screen boot. No other activity, screens do not initialize, console is dormant. Any other titles you want me to test replacing?

Also, we need a DSi-mode FTP server. Using WPA access points is far superior for FTP. Plus, none of the DS-mode FTP homebrew actually work under Sudokuhax. They start, try to init Wifi (likely with DS-mode-only commands), and instantly freeze. If anyone knows of one that doesn't, they should share it. Else, I'll take a look and see what I can do, if no one else jumps on it.

Nah, that tells me enough. Most DS-mode homebrew can (supposedly) just be recompiled with the newest libnds to add DSi support. Very few projects were open source back then, though.