Yeah, but still the only thing it's showing is 0000FE00, i tried bridging the R94 just for giggles and no luck. Bit offtopic now
So confusing! Could somebody give me a guide? I have a white DSi from the UK and a rasberry pi. Sorry for being a noob. I've only done Wii and Android.
Yes I am. I need to Brute Force the cid and console Id to decrypt the nand. I don't have any DSi ware to get the console Id. And I don't know how to get the cid with my rasberry pi.
We use this string as a template:
MY ss ss ss ss 03 4D 30 30 46 50 41 00 00 15 00; DSi CID KMAPF0000M-S998
MY ss ss ss ss 32 57 37 31 36 35 4D 00 01 15 00; DSi CID KLM5617EFW-B301
MY ss ss ss ss 03 47 31 30 43 4D 4D 00 01 11 00; 3DS CID
In order to determine the eMMC CID, you must first open your DSi and read the 3 characters to Samsung for the "MY" byte on the NAND chip.
For me that was, for example: 943 and that means:
943 means 43rd week in 2009, ie 43 weeks in 2009 -> December -> month code B, 2009 -> year code C. For the month code you need 43/4 = 10.75 -> 11 (either on or round off if necessary)
Convert this value to hex, so "B"
For the years code we take this scheme:
B - 2008
C - 2009
D - 2010
E - 2011
F - 2012
So BC for the MY byte (at my NAND) The "s" is replaced by "0"
It follows from me (Since I have a KMAPF ...... NAND chip): "BC00000000034D303046504100001500"
Now we have to search for the [src] key by opening your NAND dump with HxD and searching for the line "000001F0".
You now use the 16 couples as [src] in the command. If you have the console ID now, then we can get started:
bfcL emmc_cid [Console ID] [EMMC CID] [offset] [src] [verify]
That's what it looks like for me:
bfcl emmc_cid 0820154919126126 BC00000000034D303046504100001500 001f DB2D16975DACA90176014EB4CCCE87FB 000000000000000000000000000055aa
If there is got hit then everything fits and you have your eMMC CID
You only need your NAND.img for the hex part to bruteforce the CID
Just like how you did for DubMonster, could you get my cid & Console id for me. I don't understand it one bit. I still need to solder my DSi but that might be done tomorrow. I will give you the NAND dump and the numbers on the chip.
Ok I will try to do it soonSorry, i forgot, i need the NAND Dump for the CID
Sorry, i forgot, i need the NAND Dump for the CID
Oh yeah, I have a rasberry pi if you know how I can get the cid with the rasberry pi.
Last edited by Ocelot124286,
No, i don't know, but i can bruteforce the CID and Console ID with the dump.
But you can also get those keys with a "The Biggest Loser" cart, a flashcard and one dsi app on the NAND, but you also need a exploitable DSi game.
I think the best option is to do a hardmod.
It is not that hard, only 4 solder points.
Don't solder with too much heat and use flux, so it should no problem
Ok thanks. On the diagram for the soldering. It's a bit confusing. Do you know which exact points I should do?
https://puu.sh/jePkp/79bb5b1008.png
This is for the normal DSi (not XL)
you only need DAT0 (you can use the alternative point if you want), CMD, CLK and GND from the cartridge slot.
Solder those points to a Micro SD Card Adapter and dump it with win32 disk imager (DONT KLICK AT THE FORMAT PROMPT FROM WINDOWS, BECAUSE YOU WILL BRICK)
Where is GND? And also, does wires from old earbuds work? There seems two be a red and a blue copper wire in each silicone wrapped wire.
maaaan. im trying to get my CID a console id ... the command line i got should be
bfcl console_id_bcd 0820100000000100 001f B1F43D7963FC7B89A040E21A87085483 000000000000000000000000000055aa 0000 A10C0D2499F29404D28426A92005FE9F 00000000000000000000000000000000
but im getting an error i believe due to my gpu's old age. Could anyone help me with that?
bfcl console_id_bcd 0820100000000100 001f B1F43D7963FC7B89A040E21A87085483 000000000000000000000000000055aa 0000 A10C0D2499F29404D28426A92005FE9F 00000000000000000000000000000000
but im getting an error i believe due to my gpu's old age. Could anyone help me with that?
thanks man. let me know if you're missing anything.
...man you know what .. im pretty sure i messed that up.
i have the chip info and the NAND though
samsung 846 so: BB
kmapf000m which I believe would make it: 03 4D 30 30 46 50 41 00 00 15 00
S998
0000001f0: B1F43D7963FC7B89A040E21A87085483
00000000: A10C0D2499F29404D28426A92005FE9F
so if my calculations are correct i should runthis in CMD: bfcl console_id_bcd 08A1900000000000 001f B1F43D7963FC7B89A040E21A87085483 000000000000000000000000000055aa 0000 A10C0D2499F29404D28426A92005FE9F 00000000000000000000000000000000
but yeah... still not working for me.
Last edited by Matrice666,
You boot a copy of Linux that boots from a ramdisk like TinyCore so the boot SD card can be removed and replaced with the DSi. You can then use a command like this to get the CID:
sudo cat /sys/block/mmcblk0/device/cid
You can use the dd command to image the card, both to get your dump and flash your modified nand.
You boot a copy of Linux that boots from a ramdisk like TinyCore so the boot SD card can be removed and replaced with the DSi. You can then use a command like this to get the CID:
sudo cat /sys/block/mmcblk0/device/cid
You can use the dd command to image the card, both to get your dump and flash your modified nand.
