DSi mode homebrew, anyone?

It was about this time last year when I released open source save game hacks for two DSi hybrid games, Cooking Coach and Classic Word Games. I kind of expected somebody somewhere to pick these up and make them do something a little bit more useful than change the screen colors but it looks like I was a little optimistic on that front. Most people that have done anything at all seem to have been trying to do as much as possible in the 8KiB or so available in each save game. Interestingly not one single DSi hybrid game I’ve been able to find since appears to have a name entry – bit odd considering how easy it is to test for and correct buffer overflows for this specific situation. If anyone knows any different, please let me know.

Since last year I’ve spent a bit of time hunting around DSi hybrid games and playing around with a few ideas I had about how best to utilise the exploits for homebrew. Mostly I’ve been updating devkitARM & libnds with a few things needed to allow normally compiled homebrew to use the extra 12meg when run in DSi mode. I’m still a little undecided on how best to approach the hybrid model – Nintendo seem to be using a system where extra code is loaded in DSi mode from separate binaries in the .nds container format.

So anyway, lest I ramble on for several pages with background and random thoughts, on to the meat of this post. One of the first things that I did on getting into DSi mode was dump the DS mode firmware. As I expected this was identical to the dump made in DS mode – it contains only the wifi module settings and the user data at the end of a 128K flash chip. Most interesting of all was the large block of unwritten space between the two but unfortunately the first 64KiB is protected but that still leaves 61KiB writable – plenty for my nefarious purposes. After some further testing I confirmed that the wifi module flash chip could be written from DS mode and later read when we use the save game exploits to get into DSi mode. This gave me the motivation I needed to revisit a half finished project I had to upload homebrew to a DS over wifi. As an added bonus the wifi uploader also works with a standard DS, everything you need is in the archive.

Nintendo seem to have pre-empted an approach like this in more recent consoles, both the DSiXL and later model DSi units seem to deny write access to the wifi module chip. Even when using other methods to load code via the save exploits there seems to be no access to the wifi hardware at all – that’s probably dependent on a wifi enabled hybrid game. Whether Nintendo can or will update earlier units with similar security remains to be seen. Currently all early consoles I’ve tried this method with have been able to run code with wifi access regardless of updated firmware or not. I bought a DSiXL a few days ago to confirm this but I have another couple of methods which work on that – they’re not yet in a releasable state but hopefully that won’t be the case for long.

In order to use this method you’ll need three things, a DSi compatible flashcard,  one of the two exploited games and a means to write to the eeprom on your chosen game. Eepinator will work if you have a standard DS or there are a couple of devices which allow you to do this from a PC. If you’re one of the many homebrewers who likes to play with mcus then you can probably rig up something with a dev board. I have an arduino and a Fletchtronics Bumble-b sitting at the back of my desk, I might have a play around with those over the next few days and post a howto for those. If you’ve already done something like that then please do get in touch, no point in reinventing the wheel.

One word of warning before we get to the all important download link. Nintendo will probably declare your warranty void due to unauthorised software so proceed at your own risk. This method also won’t allow you to run rom dumps and it’s not something I plan to support at any point in the future. Obviously I can’t control what you do when you have the ability to run code but please consider not releasing anything that’s piracy related or has the potential to enable piracy. I believe homebrew can thrive as long as we distance ourselves from the people who want to get their games for free.

dslink 2.1.0
dslink 2.1.0
dslink.tar.bz2
View post
177.1 KiB
36561 Downloads
Details...

Please don’t mirror this file, I intend to update it as I add features. Pay attention to the  license in the README. It would also be nice if the various news sites that pick these things up would make a bit of an effort and not just copy this post verbatim.

If you’d like to help support devkitPro here are some amazon affiliate links for Cooking Coach

My Healthy Cooking Coach (US edition)

My Cooking Coach (UK edition)

Note for UK users, I ordered a couple of copies of Cooking Coach from the main amazon.co.uk listing from inet video. Unfortunately  no-one  told them that DSi hybrid games are region locked on the DSi, order from the Indigo Starfish listing instead.

If IRC is your thing then come join the rest of the homebrew gang in #dsdev on irc.blitzed.org.

58 thoughts on “DSi mode homebrew, anyone?”

  1. Pingback: DSi mode homebrew
  2. @Dave: Ah, on my DS “phat” with firmware v4, dslink.nds never connects, so I never see the ip. Works great on my DSi though!

  3. So, for someone who doesn’t have a DSi but enjoys reading about the technical stuff, just what does this do? Exploit something in the wifi settings, or store some binary there? I’m a bit lost on why you need to both use a DSi-mode save exploit and write to an unused region of firmware.

    1. Both games only have 8KiB eeproms, it’s not quite enough space to do anything useful with unless you open the game card and do a bit of soldering. The 60Kib of free space in the wifi flash chip is more than enough to get a wifi loader on there and make it much easier for the average person to play with DSi mode homebrew.

  4. I’m really enjoying DSLink; using it has become my preferred method of testing binaries on hardware. Emulators are bit slow on my machine, especially if I’m doing anything in 3D, so being able to shoot something straight to the ds is very convenient. Currently, i have dslink autobooting off of my GBAMP. Thanks to flashme and chisims GBAMP firmware, dslink is the very first thing I see when I turn on the DS. So yeah, just wanted to share that. 🙂

    Thanks!

  5. Quick question: Would it be possible to replace the DSiLink binary installed on the WiFi chip with a homebrew loader, such as HBMenu, patched for a particular flash card (as you require one for installation anyway), so you can then load DSi mode homebrew off the flash card, instead of having to send it via WiFi each time?

  6. No, there are no flash cards which run in DSi mode, if there were then we wouldn’t need this to run DSi mode homebrew. It’s not possible to hotswap game cards either.

  7. When running the install on my DSi, I get:

    DSiLink Installer.
    flash size & binary OK
    arm7: Failed verifying arm7

    Is this the error a newer DSi is supposed to output? It was bought a few months after launch, so I don’t believe this is the case.

  8. I honestly don’t know when Nintendo changed the hardware to deny wifi access, I know some DSi units fail like this and most DSiXLs – mine included. The failed verifying arm7 message is precisely what you get on units with upgraded protection, sorry.

  9. Ok, I’m making some test homebrew to test DSi speed,but I want to ask you, are you developing a enhanced devkitARM and libnds to support audio and touchscreen on DSi?

  10. devkitARM is only a cross compiler for ARM based machines, it’s intended to be completely hardware agnostic. libnds will support audio and touchscreen in DSi mode in the not too distant future.

  11. Not sure if this would help in any case for I know very little about hacking, but would a cheat device such as action replay help. I know it runs code through the game to apply the cheats…maybe you can load an exploit? I don’t know. Maybe I just sound dumb. Another thing I was thinking is could homebrew be injected into a rom. Sort of like a Wii virtual console. I’m just trying to state some ideas. Sorry if I sound like a complete douche. =D

    1. Action Replay DSi can be used to install dsilink and write the save files but only runs in DS mode so it’s not capable of DSi mode exploits.

  12. I went and looked at everything you posted this time. I got the DSLINK and the installer, but I’m assuming my dsi wont work. I tried to install it pressing the buttons, but I can an error. Something to do with “Failed to verify arm”. Am I doing something wrong or is it because I’m one of the unlucky. 🙁

  13. Ah well, I’m sure in time even my DSI will get the chance to run homebrew. BTW good job Dave on finding away to run homebrew on older systems. I didn’t think it could be done using a wifi connection, but you showed me!

  14. Hey Dave, im really happy you found a way to bigger binarys.
    Im just wondering what parts of the wifi-eeprom are copied using big N’s wifi-settings move-tool, cause that could be a way to “install” it without actually owning a dsi flashcard.

  15. Hello Dave.

    I have a little question:

    Is the exploit still working with firmware 1.4.1?

    I think it is but I want to be sure.

    Thanks in advance.

  16. I was wondering… With DSLink you have access to the whole hardware of the DSi? Could you, for example, flash to wifi chip something that access the SD card and then boot some kind of menu/loader/etc… from there?

    With your method there’s a way to flash a binary once and then load it from the DSi Menu?
    Thanks

  17. “One of the first things that I did on getting into DSi mode was dump the DS mode firmware. As I predicted this was identical to the dump made in DS mode”

    was any of that a typo?? i think u meant to say the dsi mode firmware dumb was identical to the ds mode dump.

    1. No, the DSi has specific DSi mode firmware which is stored on the NAND chip along with downloaded DSiWare games, obviously this is encrypted and may or may not be accessible via the save game exploits. The DSi still has the eeprom where the DS stores it’s firmware and this is what I dumped.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow Me