Homebrew [RELEASE] TWLTool - DSi downgrading, save injection, etc multitool

[Shicky256]

Just put together the world's shittiest hardmod (except maybe mid-kid's). I don't have the Transcend SD adapter yet, but hopefully it works long enough to install Fieldrunners and the save exploit (apparently you can do everything with Fwtool after that point).

 

[tozevleal]

Just put together the world's shittiest hardmod (except maybe mid-kid's). I don't have the Transcend SD adapter yet, but hopefully it works long enough to install Fieldrunners and the save exploit (apparently you can do everything with Fwtool after that point).

Why you solder there? http://prntscr.com/eru1sw

 

[Shicky256]

Why you solder there? http://prntscr.com/eru1sw

That's just the grounding connector for the game card slot. It was like that from the factory. If you want to know why I DIDN'T solder there, the CPU shielding was closer and is also an acceptable grounding point.

 

[Flashed]

Just put together the world's shittiest hardmod (except maybe mid-kid's). I don't have the Transcend SD adapter yet, but hopefully it works long enough to install Fieldrunners and the save exploit (apparently you can do everything with Fwtool after that point).

But are you injecting the title or you have Fieldrunners already installed? I'm asking because I don't know if the first one is possible

 

[tozevleal]

https://pbs.twimg.com/media/C8hKb7kXsAA8vwW.jpg

Well... The end of DSi Shop?

 

[ahezard]

But are you injecting the title or you have Fieldrunners already installed? I'm asking because I don't know if the first one is possible

Yes you can inject any dsiware title if you have a way to write to your nand. Look at the video in this thread.

 

[Flashed]

Yes you can inject any dsiware title if you have a way to write to your nand. Look at the video in this thread.

Yeah I see. But now that DSi Shop has closed. Where could I find titles? Maybe there's something like NUSD for 3DS? And then preparing it for DSi? Because I think that 3DS titles (from DSiWare) can't be written directly to NAND.

 

[Shicky256]

Yeah I see. But now that DSi Shop has closed. Where could I find titles? Maybe there's something like NUSD for 3DS? And then preparing it for DSi? Because I think that 3DS titles (from DSiWare) can't be written directly to NAND.

The best way I've found is to buy them off the 3DS eShop and copy them to your SD with FBI.

 

[Teun1]

Mine console id starts with 08a2, is this ok?

Nvm, got the correct one using the "A little Bit of Brain Training" savefile.

 

[Flashed]

The best way I've found is to buy them off the 3DS eShop and copy them to your SD with FBI.

And why can't we use NUSD to download it? So we don't need to spend money on SUDOKU

 

[Shicky256]

And why can't we use NUSD to download it? So we don't need to spend money on SUDOKU

Because discussion of piracy is banned on this forum.

 

[Flashed]

Because discussion of piracy is banned on this forum.

But DSi Shop is closed... now should be legit?

 

[I pwned U!]

I have been too busy to post for the past few days, but I tested some other injects and ran into some problems.



Every injected title is unable to save and be copied to the SD card (except for Mario Calculator, probably because of how it does not use save data). Here was my procedure:

• In each title's folder on the NAND, I created content and data folders, and put an .app file and a title.tmd in each content folder
• I used the TMDs from the archive that was recently posted (and removed the certs from them in a hex editor).
• The .app files were downloaded from freeShop and copied to an SD card with FBI.
• The tickets had the correct Title IDs, but I changed a few bytes of the Ticket ID for each new ticket (1338, 1339, 1340, etc.).
  • The title keys were replaced with

    13371337133713371337133713371337

  • The signatures were replaced with

    13371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337133713371337

What could be causing these problems?

Because discussion of piracy is banned on this forum.

Piracy can be discussed here, but we are not allowed to ask for or link to copyrighted material.

 

[Shicky256]

What could be causing these problems?

If the initial experiments you did had functional saves (meaning the titles you injected a few pages back with the 13/37 sigs) I'd guess that the DSi menu isn't seeing the tmd files properly, maybe because you edited them (looks like you just found the reason those "pointless files" exist). In any case, if tmd files can't be modified and they work on any console, I'd really appreciate it if you'd PM me the TMD file for whatever exploit game you're using.
Anyway, I'd try using an unmodified tmd file with the certs still at the end and see if that gives you any different results.

But DSi Shop is closed... now should be legit?

Less dickish answer: You can't download paid DSi titles unencrypted from NUS, they need to be decrypted with a ticket file that you can only get by purchasing the game on a DSi. That option isn't around anymore, hence the need to download the game on a 3DS and transfer it over.

 

[Flashed]

If the initial experiments you did had functional saves (meaning the titles you injected a few pages back with the 13/37 sigs) I'd guess that the DSi menu isn't seeing the tmd files properly, maybe because you edited them (looks like you just found the reason those "pointless files" exist). In any case, if tmd files can't be modified and they work on any console, I'd really appreciate it if you'd PM me the TMD file for whatever exploit game you're using.
Anyway, I'd try using an unmodified tmd file with the certs still at the end and see if that gives you any different results.


Less dickish answer: You can't download paid DSi titles unencrypted from NUS, they need to be decrypted with a ticket file that you can only get by purchasing the game on a DSi. That option isn't around anymore, hence the need to download the game on a 3DS and transfer it over.

And that ticket is universal or every copy needs a different ticket itselfs?

 

[Shicky256]

My SD adapter arrived and I was able to install Fieldrunners and the exploit save to the DSi without bricking it. A couple things I did differently than "I pwned u!":
Instead of hex editing off the certs at the end of the tmd file, I used NUS downloader to get it
Instead of adding 13/37 as the ID in the ticket, I just changed the title ID and re-encrypted
My copy of Fieldrunners was purchased from the eShop, not downloaded off Freeshop (IDK if there's a difference, but I figured I'd mention it)
Whatever the case, I'm glad I can join the lucky 100 or so people with DSiwarehax installed.

EDIT: It seems nocash123 was correct in his guess. When you download a DSi game legitimately or not, it creates a blank public.sav file. Here's my process for injecting stuff:
1. Copy the "4xxxxxx" folder from the 3DS TWL nand to the DSi nand (in the 300004 folder, i could be off a couple zeroes), delete the 0000000.tmd file and cmd folder. Make sure you copy over both the "content" and "data" folders
2. Look up the title ID in that giant TMD archive, cut off the end so HxD says the length is 208, save and rename to title.tmd
3. Look at offset 1E7 on the tmd, rename the .app's last digit to the last digit listed.
4. Decrypt any ticket in the ticket/300004 folder, change title ID to your injected app's title id, encrypt ticket and save. Note that I was able to install a few games that were never preloaded on a DSi by modifying the DSi Browser ticket, so it doesn't seem that there's a lot of verification going on there.

Somewhat humorously, this fools the DSi shop into thinking that you have the title installed, so it may be possible to just make the ticket change and download your game from there rather than going through all the effort.

Edit 2: I tried deleting Cave Story and redownloading it from the shop, but got a 201022 error. It doesn't seem like it revoked my ticket or anything, as I was able to copy the game back onto the console afterwards.

 

[ahezard]

Congratulations! I am considering buying a dsi in order to have the possibility to port to it nds-bootstrap : http://gbatemp.net/threads/nds-bootstrap-loader-run-commercial-nds-backups-from-an-sd-card.454323/

 

[nocash123]

Every injected title is unable to save and be copied to the SD card (except for Mario Calculator, probably because of how it does not use save data).
What could be causing these problems?

Well, that sound as if... games with save data need the public.sav (and/or private.sav) to be present? The filesize for that .sav files is found in .tmd and in the header of the .app file. And the .sav should contain a FAT12 filesystem, but maybe you could get away with an empty (zerofilled) file, and, if you are lucky, the games might then do the FAT12 formatting on their own.

 

[Flashed]

Congratulations! I am considering buying a dsi in order to have the possibility to port to it nds-bootstrap : http://gbatemp.net/threads/nds-bootstrap-loader-run-commercial-nds-backups-from-an-sd-card.454323/

Same here. I will consider repairing mine or buying another
The difficult part is soldering. I don't know who would be able to do it for me, or if I could do it. I think my solder is not small enough

 

[souler92]

can i use this to get my r4 card working?