1. Koksi__

    Koksi__ Advanced Member
    Newcomer

    Joined:
    Jun 27, 2016
    Messages:
    82
    Country:
    Austria

    08a1893016106107
    bbaa7124be034d303046504100001500
     
    mightywii and Matrice666 like this.
  2. Matrice666

    Matrice666 Member
    Newcomer

    Joined:
    Jan 31, 2019
    Messages:
    14
    Country:
    Canada
    i would have thought you needed a copy of my nand to check things!

    you are my hero !
     
  3. Matrice666

    Matrice666 Member
    Newcomer

    Joined:
    Jan 31, 2019
    Messages:
    14
    Country:
    Canada
    JUst my luck HiaCFW tells me my codes are wrong.

    seriously at this point im almost giving up. nothing did go right with this mod.

    i would like to share my nand but im not sure how.
     
  4. mondul

    mondul GBAtemp Regular
    Member

    Joined:
    Aug 8, 2018
    Messages:
    113
    Country:
    Colombia
    You can compress it, upload it to your Google drive and share the link.

    @Koksi__ I got a DSi XL today but the NAND chip is ST. Which template should I use?
     
  5. mightywii

    mightywii Member
    Newcomer

    Joined:
    Feb 26, 2013
    Messages:
    20
    Country:
    United States
    Check the post on page 11 by t3rminus
     
  6. Koksi__

    Koksi__ Advanced Member
    Newcomer

    Joined:
    Jun 27, 2016
    Messages:
    82
    Country:
    Austria
    Don't give it up. upload your NAND and send me the link with PM.
    So i can check what's the problem
     
    Matrice666 and mightywii like this.
  7. Can someone give me a guide on how to use this or something? I have the NAND Dump and the CID but not the Console ID
     
  8. gorgyrip

    gorgyrip Member
    Newcomer

    Joined:
    Aug 28, 2018
    Messages:
    27
    Country:
    Romania
    Here's an exemple for console id:
    bfcl console_id_bcd 08A2000000000100 001f A7EE8F9548FF6F270B8DDF1311935160 000000000000000000000000000055aa 0000 9BCE6F029370131A2A00DCE49F8F141E 00000000000000000000000000000000

    You need to change the following:
    1) 08A2000000000100 change it like this:
    08A2000000000100 for DSi
    08A1900000000000 for some other DSi
    08A1500000000000 for some other DSi
    0820100000000100 for DSi XL

    more from gbatemp:
    Console ID first 5 digits, so far the rest are always in BCD range, and the 14th digit is always "1".
    08A15: DSi, from GBATEK
    08A16: DSi, J, report from windwakr
    08A18: DSi, U, Black, report from leratrad
    08A19: DSi, U, Black, report dark_samus3(also noted in GBATEK)
    08A20: DSi, from GBATEK
    08A21: DSi, U, Cyan + DSi, U, Light Blue
    08201
    DSi XL, from GBATEK
    DSi, U, Metallic Blue, report from friendsxix
    DSi, U, White, report from friendsxix
    DSi XL, U, Burgundy, report from friendsxix
    DSi XL, U, Burgundy, report from kittensauce
    DSi, E, Metallic Blue, report from Oleboy555
    DSi XL, E, Dark Brown, report from FFT
    DSi XL, U, Burgundy, report from Abequinn
    08202
    DSi XL, E, Blue and Black?, mine
    DSi XL, U, Red, report from enderghast13
    DSi XL, U, Burgundy, report from hutiu
    08203
    DSi XL, U, report from Apache Thunder
    08204
    DSi, U, Pink, report from Apache Thunder
    DSi XL, U, Blue, report from enderghast13
    DSi, U, Light Blue, report from MassExplosion213

    2) A7EE8F9548FF6F270B8DDF1311935160 - open the nand in HxD (or another hex editor) and copy 16 bits strting from address 1F0
    3) BCE6F029370131A2A00DCE49F8F141E - open the nand in HxD (or another hex editor) and copy 16 bits strting from address 00
    I hope bfcl will work for you. On my pc it doesn't work.
     
    Koksi__ likes this.
  9. Yeah, bfcl doesn't seem to work for me. RIP
     
  10. gorgyrip

    gorgyrip Member
    Newcomer

    Joined:
    Aug 28, 2018
    Messages:
    27
    Country:
    Romania
    You can ask someone here that has a compatible PC with bfcl.
    PS: I'm assuming you got the CID with the biggest loser cart and not confusing cid with console id.
     
  11. Yes, I'm not confusing it with Console ID. I mean CID (kinda annoying they both look like the same thing lol). But yeah that's the case
     
  12. Koksi__

    Koksi__ Advanced Member
    Newcomer

    Joined:
    Jun 27, 2016
    Messages:
    82
    Country:
    Austria
    We use this string as a template:
    MY ss ss ss ss 03 4D 30 30 46 50 41 00 00 15 00; DSi CID KMAPF0000M-S998
    MY ss ss ss ss 32 57 37 31 36 35 4D 00 01 15 00; DSi CID KLM5617EFW-B301
    MY ss ss ss ss 03 47 31 30 43 4D 4D 00 01 11 00; 3DS CID

    In order to be able to determine the eMMC CID you must first open your DSi and read the 3 characters to Samsung for the "MY" byte on the NAND chip.
    For me that was for example: 943 and that means:
    943 means 2009 43rd week, ie 43 weeks in 2009 -> December -> month code B, 2009 -> year code C. For the month code you need 43/4 = 10.75 -> 11 (either on or round off if necessary)
    Convert this value to hex, so "B"
    For the years code we take this scheme:
    B - 2008
    C - 2009
    D - 2010
    E - 2011
    F - 2012
    So BC for the MY byte (at my NAND) The "s" is replaced by "0"
    It follows from me (Since I have a KMAPF ...... NAND chip): "BC00000000034D303046504100001500"

    Now we have to search for the [src] key by opening your NAND Dump with HxD and looking for the line "000001F0".
    You now use the 16 couples as [src] in the command. If you have the console ID now, then we can get started:

    bfcL emmc_cid [Console ID] [EMMC CID] [offset] [src] [verify]

    That's what it looks like for me:
    bfcl emmc_cid 0820154919126126 BC00000000034D303046504100001500 001f DB2D16975DACA90176014EB4CCCE87FB 000000000000000000000000000055aa

    If then got hit stands everything fits and you have your eMMC CID
    Please secure the key in a safe place

    Here is the Guide in German:
    https://psxtools.de/index.php/Thread/76539-Tutorial-DSI-Hardmod-mit-Unlaunch-Hiya-CFW-und-SR-Loader/
     
  13. This doesn't help me as I need to brute force the Console ID as I already said. I have the eMMC CID. Unless this is the way to do it for the Console ID as well
     
  14. Koksi__

    Koksi__ Advanced Member
    Newcomer

    Joined:
    Jun 27, 2016
    Messages:
    82
    Country:
    Austria
    Sorry, i read something wrong, but you can send me your nand dump, so i can get the Console ID for you
     
  15. Koksi__

    Koksi__ Advanced Member
    Newcomer

    Joined:
    Jun 27, 2016
    Messages:
    82
    Country:
    Austria
    0820122405103103
     
    Deleted-376337 likes this.
  16. Thank you!
     
  17. Ocelot124286

    Ocelot124286 Member
    Newcomer

    Joined:
    Jan 22, 2019
    Messages:
    22
    Country:
    United States
    So I bought a 3ds instead and everything worked out fine. Thanks for your help!
     
  18. AWal

    AWal Newbie
    Newcomer

    Joined:
    Mar 4, 2010
    Messages:
    9
    Country:
    United States
    This thread is a bit of a mess, but I was able to get (both versions of) the software working, and I'll provide the details for my console.

    I recently got a DSi on the super-cheap (like $10) because it was untested and had a "busted" L button (it was dropped and stuck in). It had no DSiWare installed so I ended up here. The real pain was finding an SD card reader supporting 1-bit mode in 2019: I ended up soldering a USB cable to an old (2006) multi-reader that was originally designed for the 3.5" drive slot in a PC.

    Anyways, the console was described to me as a "US Launch" White DSi. It had system software 1.3, and some photos from the previous owner circa 2009/2010...Talk about a time capsule...Yeah, this is gonna need to be wiped...

    eMMC dumped with Hex Workshop (It works very similar to HxD, but it's commercial software); Made two matching eMMC dumps...Great success.

    bfCL worked for me and my GeForce GTX 1070, but I had to use bfCL-test-reduced-work-size-msky-lfcs-20.zip instead of bfCL-v0.4-windows-x86_64.7z.

    While troubleshooting I discovered emmc_id discovery was about 80x faster than one thread of TWLbf_openssl on my i7-7700HQ....Very nice.

    Photo of the victim chip (angled to get a good shot of all the print at once):
    [​IMG]

    Code:
    Secrets:
    console_id: 0820104304096116
    emmc_cid: 8cd676533d034d303046504100001500
    
    eMMC dumps:
    0x001F: 540ba7ef1088fd77b75d265912c6a413
    0x0000: 39b428b70dd3e10253e4b85c9bfb664e
    
    Command lines:
    >bfcl console_id_bcd 0820100000000100 001f 540ba7ef1088fd77b75d265912c6a413 000000000000000000000000000055aa 0000 39b428b70dd3e10253e4b85c9bfb664e 00000000000000000000000000000000
    >bfcl emmc_cid 0820104304096116 8C00000000034d303046504100001500 001f 540ba7ef1088fd77b75d265912c6a413 000000000000000000000000000055aa
    Huge thank you to everyone involved. I actually logged into an account I haven't used in years (2010?) just to show my gratitude and contribute my numbers. Much love.
     
    JimmyZ likes this.
  19. nanova

    nanova Newbie
    Newcomer

    Joined:
    Aug 31, 2016
    Messages:
    9
    Country:
    Italy
    Hello, I bought a DSi a few days ago on 1.4.1E firmware, but it doesn't have flipnote or anything, so I need to hardmod it if I want to hack it.

    I've read a few guides and ended up here. I'm pretty confident that I can handle the soldering etc, my issue is that my PC is a potato: it's an AMD A8-3870k without a dedicated graphic card.
    It's very unlikely that it can handle bfcl.

    I have my soldering equipment ready, but I still haven't bought the Biggest Loser (to retrieve the CID) nor a compatible card reader to dump the NAND and, before committing to the purchase, I wanted to ask if some kind soul would be willing to run bfcl for me. I'd upload my NAND on gdrive.

    :toot:
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Console, TWLbf, brute