Unlaunch DSi | First public bootcode exploit for DSi

Discussion in 'NDS - Emulation and Homebrew' started by Mnecraft368, Apr 23, 2018.

  1. Mnecraft368
    OP

    Mnecraft368 I hate my name.

    Member
    6
    Aug 8, 2015
    United Kingdom
    It is recommended to install Unlaunch 0.8 or higher as these releases are more stable than previous versions.

    Along with the "drama" in the Switch hacking scene, the DSi finally sees a Public Bootcode Exploit. The exploit is called Unlaunch and is currently in very early stages. It is recommended that if you try this exploit that you have a hard mod in case you brick.
    To install this exploit, all you need is a DSi, a DSiWare exploit (with sd/mmc access) and the installer. you need to dump and decrypt your nand. Append the Unlaunch.dsi file to the end of the Launcher tmd file, and make sure its read only along with the .app file, encrypt, then re-flash. Detailed instructions can be found when booting the unlaunch.dsi file (use no$gba for ease)

    For more information, refer to the link below.
    https://problemkaputt.de/gba.htm
     
    Last edited by Mnecraft368, Sep 3, 2018
  2. Lia

    Lia GBAtemp Advanced Maniac

    Member
    10
    GBAtemp Patron
    Lia is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 29, 2016
    United Kingdom
    Using this tool is thoroughly unrecommended and has a very serious chance of rendering your system permanently unusable!

    Do not use any bootcode exploits until RocketLauncher is released!

    nvm it's all good now
    follow dsi.cfw.guide
     
    Last edited by Lia, Apr 30, 2018
    Mnecraft368 likes this.
  3. Mnecraft368
    OP

    Mnecraft368 I hate my name.

    Member
    6
    Aug 8, 2015
    United Kingdom
    ^ Added to op
     
    Last edited by Mnecraft368, Apr 23, 2018
  4. Garblant

    Garblant GBAtemp Advanced Fan

    Member
    3
    Apr 1, 2016
    United States
    Alola
    ...and when is that?
     
    pandavova likes this.
  5. goldensun87

    goldensun87 GBAtemp Regular

    Member
    3
    Jan 24, 2017
    United States
    All right, but what will this exploit ultimately accomplish?
     
  6. Lia

    Lia GBAtemp Advanced Maniac

    Member
    10
    GBAtemp Patron
    Lia is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 29, 2016
    United Kingdom
    thanks :thumbsup:
    soon:tm:
    similar to rocketlauncher but with added bricks
     
    Last edited by Lia, Apr 23, 2018
    Zense, uyjulian, SCOTT0852 and 2 others like this.
  7. Mnecraft368
    OP

    Mnecraft368 I hate my name.

    Member
    6
    Aug 8, 2015
    United Kingdom
    Just for notice: This exploit may be public but is a PoC and should only be used with a hard mod (if at all)
    This thread is only here because it is not often we see something like this (especially in the DSi scene)
     
  8. ChampionLeake

    ChampionLeake NTR/TWL Exploiter

    Member
    3
    Jan 19, 2016
    United States
    Anyone who will use this exploit or already has it installed, please do not open data management or the DSi Shop or 3DS Transfer Tool. Doing this will brick your DSi. The reason why it bricks is because this exploit involves the TMD of the NAND.

    EDIT: I strongly suggest waiting for RocketLauncher or HiyaCFW to release. Maybe wait for a stable build of unlaunch.
     
    Mnecraft368 likes this.
  9. Mnecraft368
    OP

    Mnecraft368 I hate my name.

    Member
    6
    Aug 8, 2015
    United Kingdom
    More notices onto the op, cant be getting lots of bricks :/
     
  10. Lia

    Lia GBAtemp Advanced Maniac

    Member
    10
    GBAtemp Patron
    Lia is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 29, 2016
    United Kingdom
    just put in big bold letters to not use it
     
  11. Some1CP

    Some1CP GBAtemp Advanced Fan

    Member
    4
    Sep 12, 2009
    United States
    Thank you for the heads up. I installed the exploit and it's been fine so far, didn't know about this data management issue.
     
  12. Mnecraft368
    OP

    Mnecraft368 I hate my name.

    Member
    6
    Aug 8, 2015
    United Kingdom
    I tried to but I got stuck at "Loading FAT"

    Probably good that I didnt. Might play around with this in no$gba where there is no risk of bricking.
     
  13. LukeHasAWii

    LukeHasAWii GBAtemp Advanced Fan

    Member
    6
    Apr 24, 2016
    United States
    Iowa
    Nice development in the scene, but this is just too unsafe as it is. Going to put up a warning NOT to use it just yet on http://dsiguide.me later this week
     
  14. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    15
    Oct 7, 2007
    United States
    Levelland, Texas
    Yeah right now due to there not being a SD redirect patch in his code, you could brick by attempting to use Data Management in System Settings or by booting DSi Shop or 3DS Transfer Tool. Due to how the exploit works (installs modified oversized TMD file for Launcher to cause overflow in stage2 bootloader) this means that those 3 apps see the malformed TMD file as invalid and removes it (and probably deletes Launcher along with it) causing stage2 to show the error for missing Launcher the next time you boot the console.
     
  15. bennyman123abc

    bennyman123abc GBAtemp Advanced Fan

    Member
    6
    Mar 21, 2013
    United States
    Some City
    Could there be an SD redirect patch, however? Or any other way to prevent this from bricking one's DSi?
     
  16. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    15
    Oct 7, 2007
    United States
    Levelland, Texas
    Yeah. SD redirect patch from HiyaCFW can be used. I believe I made NoCash aware of this patch awhile back while talking with him on early RocketLauncher issues/testing. So not sure why he didn't attempt to implement it yet...The change to make it work is super simple and isn't any where near as complicated as 3DS Emunand...
     
  17. bennyman123abc

    bennyman123abc GBAtemp Advanced Fan

    Member
    6
    Mar 21, 2013
    United States
    Some City
    Perhaps this is just an early build then? I'm sure he has his reasons for not implementing this or something similar yet.
     
  18. nocash123

    nocash123 GBAtemp Regular

    Member
    4
    Aug 4, 2015
    Afghanistan
    Updated v0.6 also official forum is at 4dsdev not gbatemp
     
  19. bennyman123abc

    bennyman123abc GBAtemp Advanced Fan

    Member
    6
    Mar 21, 2013
    United States
    Some City
    DOes this update prevent DSi Shop and other applications from deleting the TMD file too? Or just Data Management?
     
  20. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    15
    Oct 7, 2007
    United States
    Levelland, Texas
    I checked his forum thread. It appears his mitigation for the issue was to write protect flag the tmd file. (which appearently Nintendo's apps will obey?). Would still like to see him open source this at some point though....

    Would like to choose which patches are applied, ability to disable the program from displaying anything on screen during the boot process (during the exploit and not during the install process obviously). Maybe he already plans this but was just pushing out an early build for now. I hope he still considers the SD redirect patch. I've been using it for well over a year now and have not encountered any issues with it. So it should work with his setup too.
     
    Last edited by Apache Thunder, Apr 24, 2018
    bennyman123abc likes this.
Loading...