#77816 - swimgod - Mon Apr 03, 2006 8:10 am
ok i think i have finnaly thought of something that will work :P.
for those of you who have not followed me in what i have been trying to do,
i want to flash my ds...(title)
and i have these,
-a v4 fw ds
-GBAMP v2
-IBM 1GB microdrive
-superpass 2
-e-reader
and the problem i have is i need sram to run the new firmware pass through,
which the gbamp does NOT have.
------------------------
SO here is my NEW IDEA :P
from what i understand,
sram uses the same power and diffrent contacts (on the gba slot)
so what if i connect the e-readers sram and power to the GBAMP's
contacts,
can it use the e-readers sram,
and use GBAMP's data?
if this is posible,
then i will have finnaly found a solution to my cheap bugget :P
please someone dig me up a gba pinout chart :P
and please give me your predictions on this idea :P
.....................................
as my quest never ends with out the support of ds fans ^.^'
-
(qoute me on that ;) )
_________________
1x WII 2x remotes
2x NDS/L(FMv7-ORG:v4,FMv7-org:DSL)
1x GBAMP
2x 1gb (MicroDrive{typeII}&SanDisk{typeI})
1x SuperPass2
1x Supercard-CF
MoonShell skins
#77915 - tepples - Tue Apr 04, 2006 2:01 am
GBA pinout is here.
But plugging an e-reader and a GBAMP into SLOT-2 simultaneously would need a T-connector that can direct SRAM reads to the e-reader and ROM reads to the GBAMP. It would be more expensive for an individual hobbyist to build such a T-connector than to buy a SuperCard.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#77933 - HyperHacker - Tue Apr 04, 2006 2:59 am
I think you're better off hacking in some sort of delay in the SRAM code; make it run a delay loop in RAM so you can swap carts.
#77941 - quadomatic - Tue Apr 04, 2006 3:48 am
If i were you, I'd sell your gbamp and e-reader on ebay. You could probably get at least $20 for the GBAMP
#77948 - swimgod - Tue Apr 04, 2006 5:00 am
| HyperHacker wrote: |
| I think you're better off hacking in some sort of delay in the SRAM code; make it run a delay loop in RAM so you can swap carts. |
i have NO experince on c or any other programming laungage (besides php)
so if someone could Kindly make one for me,
or show me how the sram code is created and the workings of it :P
or just basicly give me 10 seconds to swap :P
this would be the solution too :P
(P.s.: can you show me an example of a T connector in use?)
_________________
1x WII 2x remotes
2x NDS/L(FMv7-ORG:v4,FMv7-org:DSL)
1x GBAMP
2x 1gb (MicroDrive{typeII}&SanDisk{typeI})
1x SuperPass2
1x Supercard-CF
MoonShell skins
#78081 - HyperHacker - Wed Apr 05, 2006 1:20 am
I don't think any such connector exists.
#78092 - tepples - Wed Apr 05, 2006 2:52 am
It would look like a Game Genie, with two GBA cart connectors on the cart side instead of one.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#78327 - Dan2552 - Thu Apr 06, 2006 9:51 pm
dammit :( when reading the 1st part of your post I thought you had solved our problems.
___
I don't know how the wifi RSA check thing works exactly, but what happens when you upload a demo, then when you start downloading it, quickly switch to the wifi flashme thing
#78329 - swimgod - Thu Apr 06, 2006 10:08 pm
(sorry to confuse you :P)
from what i understand,
RSA goes back and forth from host to client to check file size and integrety,
and if you say,
sent the RSA's of another file,
the ds would not execute the file sent.
and if im wrong,
then that could be the solution :D
(BTW, i doubt it will be :( )
_________________
1x WII 2x remotes
2x NDS/L(FMv7-ORG:v4,FMv7-org:DSL)
1x GBAMP
2x 1gb (MicroDrive{typeII}&SanDisk{typeI})
1x SuperPass2
1x Supercard-CF
MoonShell skins
#78330 - Dan2552 - Thu Apr 06, 2006 10:12 pm
no, it just seems too simple.
If its to do with filesize couldn't we fill the flashme with blank bits to fake the filesize...
or does it work like an md5 ?
#78335 - swimgod - Thu Apr 06, 2006 10:47 pm
whoops i ment that :P,
sorry :D
..................
it creates a RSA signiture of the file's contents and sends it to the ds,
then the ds sends back a confirm code,
its well documented on a few ds hardware documention sites :D
_________________
1x WII 2x remotes
2x NDS/L(FMv7-ORG:v4,FMv7-org:DSL)
1x GBAMP
2x 1gb (MicroDrive{typeII}&SanDisk{typeI})
1x SuperPass2
1x Supercard-CF
MoonShell skins
#78556 - HyperHacker - Sat Apr 08, 2006 2:25 am
The idea behind RSA signing is that you take a hash of the file (MD5 or SHA1 or whatever method you want) and encrypt it using the private key. The result is included in the file's header. The DS decrypts the hash and only runs the program if it matches the file's actual hash. The idea is anybody can decrypt the hash, but this only means they can see if the file is corrupted; to do anything useful, they'd need to encrypt a new hash which can only be done with the private key, and only Nintendo has that. (I might have mixed up public/private key though. >_>) The only ways to get around this are:
1) Hack a signed demo so that it contains the FlashMe installer (or at least something that can run unsigned code), but still has the same hash as the original file. I'm not sure what hash method Nintendo uses, but unless it's something weak like CRC16, it'd be near impossible to generate any file that has the same hash, let alone one with the code you want in it.
2) Hack a signed demo, but only modify parts that aren't included in the hash calculation. This is what PassMe (1 and 2) and WifiMe do - the header contains the start address and isn't in the hash, so you can modify whatever you want there; it just points the start address to within the header and puts some code in an empty header field.
3) Find a hole in a signed demo; anywhere that it doesn't check buffer sizes or runs code without checking if it's signed. Run the demo unmodified, then send malformed packets to exploit this hole. So far nobody's found such a hole, and it's not likely because Nintendo knows people are looking for one.
#78565 - tepples - Sat Apr 08, 2006 3:02 am
| HyperHacker wrote: |
| Find a hole in a signed demo; anywhere that it doesn't check buffer sizes or runs code without checking if it's signed. Run the demo unmodified, then send malformed packets to exploit this hole. So far nobody's found such a hole |
Only because nobody has been disassembling actual games' protocols, or nobody has been reporting such negative results.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.