I see, now I just need to figure out how to use this tool...
Alright, I guess I'm starting to understand how this tool works, but the thing is when I open bfCL.exe, Windows says OpenCL.dll is missing, where do I can get the missing DLL?I see, now I just need to figure out how to use this tool...
Last edited by Antonio2311,
After a little search I managed to find the missing DLL, but now I got this, what I'm doing wrong?
it seems that your pc is not compatible with opencl, try to udpdate the driver of your GPU. You can also try the CPU implementation of opencl if you have an intel CPU, but it will be much slower: https://software.intel.com/en-us/articles/opencl-drivers#latest_CPU_runtime
Thanks for the info. There's no new drivers for my GPU, but I have an Intel Atom so it should work...
Last edited by Antonio2311,
I doubt it and even if it works this is going to be extremely slow like at least 100 times slower than on a decent gpu. If you post or pm your nand hexadecimal extracted bytes ( bytes between 1F0 and 200 and bytes between 000 and 010) I can do it for you.
I'm having troubles finding EMMC CID for a samsung KMAPF0000M with date code 901. It should start with 1c am I right?
EDIT: I just found out i'm reading the date from the wrong motherboard lol
EDIT: I just found out i'm reading the date from the wrong motherboard lol
Last edited by MrPresident,
Could someone tell me what im doing wrong?
EDIT: Used https://github.com/Jimmy-Z/bfCL/files/1861986/bfCL-test-reduced-work-size-msky-lfcs-20.zip from https://github.com/Jimmy-Z/bfCL/issues/3, worked for me.
EDIT: Used https://github.com/Jimmy-Z/bfCL/files/1861986/bfCL-test-reduced-work-size-msky-lfcs-20.zip from https://github.com/Jimmy-Z/bfCL/issues/3, worked for me.
Last edited by pandavova,
D
Deleted_444986
Guest
i dont understand those instructions, is their a video or some other instructions elsewhere?
Hello,
I have a DSI console on version 1.4.5E (europe)
I already did a hardmod and get my NAND.img file
I'm stucked to get my CID with TWLbf & bfCL methods.
I'm really lost
with this CID brute forcing, there is no way to find a detailed tutorial to use TWLbf neither bfCL to get the DSi Console ID (CID).
Is there a beautiful soul to explain me (us) ? by considering me (us) as a beginner like that:
To get Console ID:
1) You need to dump your NAND by hardmod. once you have your original NAND file rename it to OrgiginalNAND.img, put it in a "working folder" in your computer
2) you need to download bfCL, and extract it to the same "working folder" in your computer
3) run a cmd windows command line, and go the the "working folder"
4) to get your CID, type the command line: bfcl.exe OrgiginalNAND.img bla bla bla
5) wait and read your CID at bla bla bla
Could you please reply by correcting the points above ? (especially the poaints 4 and 5 )
for information,when I run the bfCL I got this:
D:\MyConsoleCID\BFCL>bfcl
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
I have a DSI console on version 1.4.5E (europe)
I already did a hardmod and get my NAND.img file
I'm stucked to get my CID with TWLbf & bfCL methods.
I'm really lost
with this CID brute forcing, there is no way to find a detailed tutorial to use TWLbf neither bfCL to get the DSi Console ID (CID).Is there a beautiful soul to explain me (us) ? by considering me (us) as a beginner like that:
To get Console ID:
1) You need to dump your NAND by hardmod. once you have your original NAND file rename it to OrgiginalNAND.img, put it in a "working folder" in your computer
2) you need to download bfCL, and extract it to the same "working folder" in your computer
3) run a cmd windows command line, and go the the "working folder"
4) to get your CID, type the command line: bfcl.exe OrgiginalNAND.img bla bla bla
5) wait and read your CID at bla bla bla
Could you please reply by correcting the points above ? (especially the poaints 4 and 5
)for information,when I run the bfCL I got this:
D:\MyConsoleCID\BFCL>bfcl
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
Last edited by nouvelle_adr,
Hello,
I have a DSI console on version 1.4.5E (europe)
I already did a hardmod and get my NAND.img file
I'm stucked to get my CID with TWLbf & bfCL methods.
I'm really lost
Is there a beautiful soul to explain me (us) ? by considering me (us) as a beginner like that:
To get Console ID:
1) You need to dump your NAND by hardmod. once you have your original NAND file rename it to OrgiginalNAND.img, put it in a "working folder" in your computer
2) you need to download bfCL, and extract it to the same "working folder" in your computer
3) run a cmd windows command line, and go the the "working folder"
4) to get your CID, type the command line: bfcl.exe OrgiginalNAND.img bla bla bla
5) wait and read your CID at bla bla bla
Could you please reply by correcting the points above ? (especially the poaints 4 and 5
for information,when I run the bfCL I got this:
D:\MyConsoleCID\BFCL>bfcl
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
We use this string as a template:
MY ss ss ss ss 03 4D 30 30 46 50 41 00 00 15 00; DSi CID KMAPF0000M-S998
MY ss ss ss ss 32 57 37 31 36 35 4D 00 01 15 00; DSi CID KLM5617EFW-B301
MY ss ss ss ss 03 47 31 30 43 4D 4D 00 01 11 00; 3DS CID
In order to determine the eMMC CID, you must first open your DSi and read the 3 characters to Samsung for the "MY" byte on the NAND chip.
For me that was, for example: 943 and that means:
943 means 43rd week in 2009, ie 43 weeks in 2009 -> December -> month code B, 2009 -> year code C. For the month code you need 43/4 = 10.75 -> 11 (either on or round off if necessary)
Convert this value to hex, so "B"
For the years code we take this scheme:
B - 2008
C - 2009
D - 2010
E - 2011
F - 2012
So BC for the MY byte (at my NAND) The "s" is replaced by "0"
It follows from me (Since I have a KMAPF ...... NAND chip): "BC00000000034D303046504100001500"
Now we have to search for the [src] key by opening your NAND dump with HxD and searching for the line "000001F0".
You now use the 16 couples as [src] in the command. If you have the console ID now, then we can get started:
bfcL emmc_cid [Console ID] [EMMC CID] [offset] [src] [verify]
That's what it looks like for me:
bfcl emmc_cid 0820154919126126 BC00000000034D303046504100001500 001f DB2D16975DACA90176014EB4CCCE87FB 000000000000000000000000000055aa
If there is got hit then everything fits and you have your eMMC CID
You only need your NAND.img for the hex part to bruteforce the CID
Last edited by Koksi__,
Thak you very much Koksi__
Thaks to you I just started to understood
And now I have more revant questions:
1)
In your explaination, I understand the year code scheme, but not the month (I think that you devided 43 on 4 "43/4" to get the month, but I noticed that week 43 on 2009 is on october 2009 (month number 10, so A in hex in this case and not november, so you MY code will be AC and not BC)
From my side, I reopened my DSi (I have a KMAPF ...... NAND chip like you), and my 3 numbers are 901 (2009 "C", and week 1 => January if I follow you it will be "1", so my MY code is 1C is it right ? )
2)
when you have edited your NAND.img in a hex editor, in you picture at the line 000001F0 you have : D8 AA 63 9F 1F D1 7F C1 B0 24 0C 30 5E 02 D6 21, you haven't use that in your line command, did I miss something ?
3)
in your typed bfcL command lline, I haven't understand from where you got the [Console ID] 0820154919126126, the [offset] 001f, the [src] DB2D16975DACA90176014EB4CCCE87FB and the [verify] 000000000000000000000000000055aa
I only understood the [EMMC CID] BC00000000034D303046504100001500 that you obtained from the MonthYear code and the the codes of the KMAPF0000M template string above.
For me, my dumped DAND file gives me at the address 000001f0h: F1 D6 26 05 5F AD B6 D8 DC 3E 79 82 D0 2F 52 F3, so I dont know what to write in my command line
Could you please continue helping me ?
thank you in advance
Last edited by nouvelle_adr,
Thak you very much Koksi__
Thaks to you I just started to understood
And now I have more revant questions:
1)
In your explaination, I understand the year code scheme, but not the month (I think that you devided 43 on 4 "43/4" to get the month, but I noticed that week 43 on 2009 is on october 2009 (month number 10, so A in hex in this case and not november)
I reopened my DSi (I have a KMAPF ...... NAND chip like you), and my 3 numbers are 901 (2009 "C", and week 1 => January if I follow you it will be "1", so my MY code is 1C is it right ? )
2)
when you have edited your NAND.img in a hex editor, in you picture at the line 000001F0 you have : D8 AA 63 9F 1F D1 7F C1 B0 24 0C 30 5E 02 D6 21, you haven't use that in your line command, did I miss something ?
3)
in your typed bfcL command lline, I haven't understand from where you got the [Console ID] 0820154919126126, the [offset] 001f, the [src] DB2D16975DACA90176014EB4CCCE87FB and the [verify] 000000000000000000000000000055aa
I only understood the [EMMC CID] BC00000000034D303046504100001500 that you obtained from the MonthYear code and the the codes of the KMAPF0000M template string above.
For me, my dumped DAND file gives me at the address 000001f0h: F1 D6 26 05 5F AD B6 D8 DC 3E 79 82 D0 2F 52 F3, so I dont know what to write in my command line
Could you please continue helping me ?
thank you in advance
As a template serves us:
08A2000000000100 for DSi
08A1900000000000 for some other DSi
08A1500000000000 for some other DSi
0820100000000100 for DSi XL
XL6B27D20002000000 for n3DS
bfcl console_id_bcd [Console ID] [offset0] [src0] [verify0] [offset1] [src1] [verify1]
Since I have a DSi XL I take here:
0820100000000100
[offset0] = 001f
[src0] = 16 characters from NAND below 1F0 with HxD (see eMMC CID)
[verify0] = 00000000000000000000000000005555a
[offset1] = 0000
[src1] = 16 characters from the NAND at the beginning:
[verify1] = 00000000000000000000000000000000
So with me it looks like this:
bfcl console_id_bcd 0820100000000100 001f DB2D16975DACA90176014EB4CCCE87FB0000000000000000000000000055aa 0000 98C486C82527322A237EDCE90DE43E7E 00000000000000000000000000000000
If "got hit" is there everything went well:
this is for the Console ID
sorry, but I just have only one hand free because I'm just putting my son to bed
Last edited by Koksi__,
Thank you for your reply :-)
the verify1 that you gave me is :00000000000000000000000000005555a it is different from Koksi_90 in psxtools forum (which is 000000000000000000000000000055aa)
- my dumped NAND is renamed NAND.img, should I rename it with a .bin extension ?, should I put it in the same folder as bfcl.exe ?
- here is my datas on offset 0000 and 001F (NAND.img opened with a hex editor):
00000000h: DBA820FD71C21F83F0C4E5E9C5BE7B66
000001f0h: F1D626055FADB6D8DC3E7982D02F52F3
When I execute the command:
bfcl console_id_bcd 082010000000010008A2000000000100 001F F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa 0000 DBA820FD71C21F83F0C4E5E9C5BE7B66 00000000000000000000000000000000
I got the error:
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
When I execute the command:
bfcl console_id_bcd 08A1900000000000 001F F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa 0000 DBA820FD71C21F83F0C4E5E9C5BE7B66 00000000000000000000000000000000
I got an error:
File: utils.c, Line 31
Expression: !critical
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
And when I execute the command:
bfcl emmc_cid 0820154919126126 1C00000000034D303046504100001500 001f F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa
I got the error:
mbed TLS 2.6.0, AES-NI not supported
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
Could you please help me ?
the verify1 that you gave me is :00000000000000000000000000005555a it is different from Koksi_90 in psxtools forum (which is 000000000000000000000000000055aa)
- my dumped NAND is renamed NAND.img, should I rename it with a .bin extension ?, should I put it in the same folder as bfcl.exe ?
- here is my datas on offset 0000 and 001F (NAND.img opened with a hex editor):
00000000h: DBA820FD71C21F83F0C4E5E9C5BE7B66
000001f0h: F1D626055FADB6D8DC3E7982D02F52F3
When I execute the command:
bfcl console_id_bcd 082010000000010008A2000000000100 001F F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa 0000 DBA820FD71C21F83F0C4E5E9C5BE7B66 00000000000000000000000000000000
I got the error:
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
When I execute the command:
bfcl console_id_bcd 08A1900000000000 001F F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa 0000 DBA820FD71C21F83F0C4E5E9C5BE7B66 00000000000000000000000000000000
I got an error:
File: utils.c, Line 31
Expression: !critical
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
And when I execute the command:
bfcl emmc_cid 0820154919126126 1C00000000034D303046504100001500 001f F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa
I got the error:
mbed TLS 2.6.0, AES-NI not supported
ocl_assert: ocl_util.c, function ocl_get_device_info, line 78
clGetDeviceInfo(device_id, param_name, 0, NULL, &size)
error: invalid value
Could you please help me ?
Yeah, i am Koksi_90 from psxtools.de
i will try to bruteforce that for you
EDIT:
Try this:
bfcl console_id_bcd 08A2000000000100 001f F1D626055FADB6D8DC3E7982D02F52F3 000000000000000000000000000055aa 0000 DBA820FD71C21F83F0C4E5E9C5BE7B66 00000000000000000000000000000000
Last edited by Koksi__,
