Toggle sidebar

Homebrew [RELEASE] TWLTool - DSi downgrading, save injection, etc multitool

  • Thread starter Thread starter WulfyStylez
  • Start date Start date
  • Views Views 211,447
  • Replies Replies 729
  • Likes Likes 51
Many thanks! Hmmm, no. Win98 still tells me it needs a newer windows version, and Win7 is now telling me that a MSVCR120.dll is missing (btw. that's one reason why I am developing under win98 - whatever I am doing, I can be quite sure that my programs will really work everywhere).
 
nocash123 said:
Many thanks! Hmmm, no. Win98 still tells me it needs a newer windows version, and Win7 is now telling me that a MSVCR120.dll is missing (btw. that's one reason why I am developing under win98 - whatever I am doing, I can be quite sure that my programs will really work everywhere).
Click to expand...
You should upgrade to ReactOS its an open source windows XP clone.
 
  • Like
Reactions: piratesephiroth
nocash123 said:
Many thanks! Hmmm, no. Win98 still tells me it needs a newer windows version, and Win7 is now telling me that a MSVCR120.dll is missing (btw. that's one reason why I am developing under win98 - whatever I am doing, I can be quite sure that my programs will really work everywhere).
Click to expand...
aw crap... I forgot about the dlls.

This one should not need them (but it still needs at least windows XP)
 

Attachments

  • Like
Reactions: nocash123
@nocash123 Just curious, but have you looked into the DSi XL/LL mainboard? I'm trying to fix a DSi XL I was researching but broke the RA that handles the DAT0-DAT3 connections to the NAND. Your DSi PCB partlist/pinout picture shows it as a quad isolated 14k, but replacing the RA with four 14k 0402 SMD resistors just got me the 0000FEFE bootloader error. Still, an improvement over black-screen coma booting. I managed to get a read from one of the sets of the RA after I took it off the board, but I used the solderblob method to remove it, so I don't know if it's accurate. It came up as 270 Ohms, but I can't be sure that's correct. I have the 0402s for 270 Ohms though, so I plan to try it, but if you could confirm, that would be sweet.
 
  • Like
Reactions: VinsCool
Many thanks for the new 32bit executable, this time it's working (with Win7). That's really helping me (I was about to downgrade to my old version without sudokuhax, or to write my own decryption tool, but with twltool it's a lot easier).

ReactOS sounds interesting, I wasn't aware of that project. Downside is that using a clone OS might be a bit dangerous when using it for compatibility tests (like ending up with an executable that work only with the clone, not with real winxp).

I don't have an DSi XL, but checked the resistors again on my normal DSi. Measured in one direction I am getting around 14.5Kohm, but when swapping the pins I am getting 17.7Kohm. Apparently there are some electrons flowing through the attached chips. 17.7K should be more accurate, but it might still have the same issue, so real value might be 20Kohm or even higher.
270 ohm sounds almost definitely wrong, that would give you lots of Watts for a pullup resistor (from my experiences pullup's are usually in 3.3K .. 33K range). Checking two Samsung datasheets: KMCEN0000M-S998000 recommends 50K .. 100K, and KLMXGXFEJA recommends 10K .. 100K, for the eMMC Data lines. With the big XL case, you could probably attach a small circuit board with some solderpads somewhere, wire it to the datalines, and then wire normal non-SMD resistors to the solderpads. I would try something like 20K, 33K, 50K (and check if you get 14K one-direction and 17K other-direction after connection, if so, then you've probably found the right resistor).
 
nocash123 said:
I don't have an DSi XL, but checked the resistors again on my normal DSi. Measured in one direction I am getting around 14.5Kohm, but when swapping the pins I am getting 17.7Kohm. Apparently there are some electrons flowing through the attached chips. 17.7K should be more accurate, but it might still have the same issue, so real value might be 20Kohm or even higher.
270 ohm sounds almost definitely wrong, that would give you lots of Watts for a pullup resistor (from my experiences pullup's are usually in 3.3K .. 33K range). Checking two Samsung datasheets: KMCEN0000M-S998000 recommends 50K .. 100K, and KLMXGXFEJA recommends 10K .. 100K, for the eMMC Data lines. With the big XL case, you could probably attach a small circuit board with some solderpads somewhere, wire it to the datalines, and then wire normal non-SMD resistors to the solderpads. I would try something like 20K, 33K, 50K (and check if you get 14K one-direction and 17K other-direction after connection, if so, then you've probably found the right resistor).
Click to expand...
Sounds good. I might just try lifting the RA from another console though, as that seems to be the only way to accurately measure it.
 
Wizardkoer said:
Wait so how do I downgrade my DSi XL 1.4.5 Aus then using this???
Click to expand...
You'll have to hardmod so you can dump your NAND which requires soldering, use one of three proven methods to get one of the keys, and get another key from your system (I'm not sure on how it's done since it's all being done for me essentially), then decrypt your NAND and inject older versions of some applications. It's not a task for the faint-of-heart.

There's a thread here if you'd like to give it a try: http://gbatemp.net/threads/dsi-downgrading-the-complete-guide.393682/
 
piratesephiroth said:
I wonder if gbaemu4ds would actually have been completed if nocash123 had joined the board years ago
Click to expand...

I can answer that partially.

gbaemu4ds triggers cpu exceptions like ive rarely seen before. For example, from what I remember, clearing the I and F bit on the CPSR at the same time and set this new CPSR causes to follow a forced IRQ exception (which is why it's saving context stack on swi right after a GBA BIOS SWI call is performed), MPU disabled at this point, so the IRQ handler takes all NDS IF&IE enabled so far, then MPU enabled resorts to GBA IRQ handler blindly, so all gbawrites are redirected to each mapped GBA IO map (assigned and used like VBA does). This is hard to emulate basically because the CPU must emulate the order of priority of each CPU exception for each executed opcode that must be profiled on cycles. Because the cycle count says when it's time to trigger SWI or IRQ, and how many cycles should be substracted while keeping USER mode cycle count queued.

MPU is a whole another world
 
  • Like
Reactions: piratesephiroth
zoogie said:
His intellectual growth would have been stunted and we would have received nothing more from him. :P
Click to expand...
Well, it could not have been finished because there was no NDS emulator acurate enough. Maybe @nocash123 could have found a way to implement the missing features.



Coto said:
I can answer that partially.

gbaemu4ds triggers cpu exceptions like ive rarely seen before. For example, from what I remember, clearing the I and F bit on the CPSR at the same time and set this new CPSR causes to follow a forced IRQ exception (which is why it's saving context stack on swi right after a GBA BIOS SWI call is performed), MPU disabled at this point, so the IRQ handler takes all NDS IF&IE enabled so far, then MPU enabled resorts to GBA IRQ handler blindly, so all gbawrites are redirected to each mapped GBA IO map (assigned and used like VBA does). This is hard to emulate basically because the CPU must emulate the order of priority of each CPU exception for each executed opcode that must be profiled on cycles. Because the cycle count says when it's time to trigger SWI or IRQ, and how many cycles should be substracted while keeping USER mode cycle count queued.

MPU is a whole another world
Click to expand...

Yeah, it was a very ambitious project, probably the greatest NDS homebrew.
I wish it could have been completed.
 
Last edited by piratesephiroth,
Team Fail said:
You'll have to hardmod so you can dump your NAND which requires soldering, use one of three proven methods to get one of the keys, and get another key from your system (I'm not sure on how it's done since it's all being done for me essentially), then decrypt your NAND and inject older versions of some applications. It's not a task for the faint-of-heart.

There's a thread here if you'd like to give it a try: http://gbatemp.net/threads/dsi-downgrading-the-complete-guide.393682/
Click to expand...


I've done soldering before and made quite a few PCB so yeah I should be able to solder. I'll have a look at that thread.
 
WulfyStylez said:
Has anyone played with the 3DS features at all yet? I haven't gotten any feedback about any of them yet.
Click to expand...
I've personally been so caught up in school and the DSi, I didn't even look into the 3DS part. I guess that's partly because TWL is already decrypted when Decrypt9 dumps it.
 
Gadorach said:
I've personally been so caught up in school and the DSi, I didn't even look into the 3DS part. I guess that's partly because TWL is already decrypted when Decrypt9 dumps it.
Click to expand...
i spose it's mostly neat b/c you can do sudokuhax/etc on any system up to 9.9 with just a raspi/equivalent to get your CID.
 
  • Like
Reactions: Gadorach
zoogie said:
wulfy, have you ever looked into this?
http://3dbrew.org/wiki/3DS_System_Flaws (search DSiWare_Exports)

This looks like it wouldn't be too hard if you could decrypt dsiware exports on 3ds.
Click to expand...
it's more of a neat technical note than something worth doing, especially since this tool lets you do basically the same thing.
 
  • Like
Reactions: VinsCool, Gadorach and zoogie

Site & Scene News

Go to forum More news

Popular threads in this forum

Tutorial  Build DSi NAND from scratch

Homebrew app  A-Pix DS 0.4 – Pixel art editor for Nintendo DS/DSi!

Hardware Misc  JIS or Phillips: What to use on a DSi?

If someone is interested in something, let me know :)

Hardware  After teardown nintendo dsi doesn't fit in its housing

Pokemon White

Hacking  Save File corruptes:(

using the ds's mic as a practical one?