#85807 - arctic_flame - Fri Jun 02, 2006 1:09 pm
I was just browsing the codejunkies site for buying a Max Media Launcher and I came across http://us.codejunkies.com/mpds/binaries/MMPDS_101.zip. When I sent the .nds over wmb it appears to do exactly what wifime does for version 1-3 ds's. Can anyone with a new firmware try to use it to flash their DS? If it works, it would eliminate the need for passme2's!
#85808 - Dan2552 - Fri Jun 02, 2006 1:13 pm
I thought you cant upload unsigned things with WMB to firmware 4 and higher? Unless this is signed :p
edit--- just two white screens running from my GBAMP
Last edited by Dan2552 on Fri Jun 02, 2006 1:15 pm; edited 1 time in total
#85809 - arctic_flame - Fri Jun 02, 2006 1:15 pm
I believe it is signed. Try it.
#85810 - Dan2552 - Fri Jun 02, 2006 1:16 pm
I don't have a WMB compatable card, and it doesnt work on my GBAMP, two white screens
do i have to short my thingy to get past the white screens?
#85811 - arctic_flame - Fri Jun 02, 2006 1:18 pm
Ok, I haven't tried running it from a flashcard. Hopefully someone else with a compatible wireless card can try it!
#85814 - Dan2552 - Fri Jun 02, 2006 1:20 pm
are there any other files for the MML/MMPs? How did you find this?
#85816 - arctic_flame - Fri Jun 02, 2006 1:26 pm
Basically, you run this file, and the ds jumps to the gba slot, where if it finds a max media player, it updates it. if not, it just stays in nds mode and you can run homebrew nds files, but not roms, just like wifime. Yes, you can use it to install flashme, I already tried.
#85817 - arctic_flame - Fri Jun 02, 2006 1:31 pm
I stuck the file on my supercard sd, and got white screens. But if you attach ndsloader.bin to it, it does load, but seems to go into a loop (the Datel logo flashes up, followed by a black screen, followed by another datel logo. When the file is sent over wmb, I get a Datel logo followed by the supercard menu.)
#85818 - Dan2552 - Fri Jun 02, 2006 1:34 pm
so this could be the rom which lies on the MML itself?
#85819 - arctic_flame - Fri Jun 02, 2006 1:36 pm
Yes.
I just NEED someone with a new firmware ds and a compatible wifi card to test it!!!!!!!
#85820 - Dan2552 - Fri Jun 02, 2006 1:40 pm
if only the belkin 125mbps one was compatable
#85823 - arctic_flame - Fri Jun 02, 2006 1:54 pm
Next week (when school restarts in the UK) Ill nab a friends firmware 4 ds and try it. However, hopefully someone with a lite or new ds can try it before then!
#85846 - maxox - Fri Jun 02, 2006 4:45 pm
theorhetically this shouldn't work with newer firmware because of how wmb.exe works. the rom is fine the delivery method is what has been blocked in newer firmware.
for kicks i tried it with a ds lite. communication error every time.
#85848 - arctic_flame - Fri Jun 02, 2006 4:57 pm
Ok. Shame, but anyway, I have a Max Media Launcher.
Would it work with an old style DS with firmware 4? What firmware is you Lite?
I tried ages ago, and WMB works with version 4 ds's; WifiMe just gives you the SM64DS loading screen though.
Like I said earlier, I'll get that DS next week and try it.
#85868 - tepples - Fri Jun 02, 2006 7:49 pm
I remember reading somewhere that DS Download Play was changed in official firmware version 6 so that it depends on part of the protocol that wmb.exe does not implement, even for E3 demos.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#85872 - arctic_flame - Fri Jun 02, 2006 8:07 pm
Ok, so possibly this will work for firmware 1-5?
Are retail north american ds lites version 6?
Maybe Tim Schuerewegen could attempt to rewrite his wireless multiboot app to support the new firmwares? Then it really would be wifime2!
#85873 - HyperHacker - Fri Jun 02, 2006 8:14 pm
I don't think it's signed. On my brother's unmodified V1 DS it just freezes at the Nintendo logo like unsigned apps do. On mine, with FlashMe V7, it boots my GBAMP.
_________________
I'm a PSP hacker now, but I still <3 DS.
#85875 - arctic_flame - Fri Jun 02, 2006 8:19 pm
Can anyone interpret this?
This is the nds info that I got with ndstool. Does it tell you whether it is signed or not?
If it isn't then never mind. It would be cool if datel released a signed version though.
| Code: |
Header information:
0x00 Game title MEDIAPLAYER
0x0C Game code ASMA
0x10 Maker code 01 (Nintendo)
0x12 Unit code 0x00
0x13 Device type 0x00
0x14 Device capacity 0x07 (128 Mbit)
0x15 reserved 1 000000000000000000
0x1E ROM version 0x00
0x1F reserved 2 0x04
0x20 ARM9 ROM offset 0x4000
0x24 ARM9 entry address 0x2000800
0x28 ARM9 RAM address 0x2000000
0x2C ARM9 code size 0x516C8
0x30 ARM7 ROM offset 0x55800
0x34 ARM7 entry address 0x37F8000
0x38 ARM7 RAM address 0x37F8000
0x3C ARM7 code size 0x1C90
0x40 File name table offset 0x18BE00
0x44 File name table size 0xB1
0x48 FAT offset 0x18C000
0x4C FAT size 0x38
0x50 ARM9 overlay offset 0x0
0x54 ARM9 overlay size 0x0
0x58 ARM7 overlay offset 0x0
0x5C ARM7 overlay size 0x0
0x60 ROM control info 1 0x00586000
0x64 ROM control info 2 0x001808F8
0x68 Icon/title offset 0x57600
0x6C Secure area CRC 0x5466 (OK, mask ROM)
0x6E ROM control info 3 0x051E
0x70 ? 0x205FA58
0x74 ? 0x2380110
0x78 ? 0x00000000
0x7C ? 0x00000000
0x80 Application end offset 0x00FA84B4
0x84 ROM header size 0x00004000
0x15C Logo CRC 0xCF56 (OK)
0x15E Header CRC 0x3445 (OK)
Banner CRC 0xBC8A (OK)
English banner text, line 1 MAX MEDIA PLAYER
English banner text, line 2 Datel Electronics
English banner text, line 3 (c)2006
File CRC32: 9759B057
SMT dumper v1.0 curruption check: OK
ARM7 binary hash : AACBF8367353FDE6BD0B0491B74DF6B7F4215351
WARNING! ARM7 binary is NOT verified! |
#85876 - Dan2552 - Fri Jun 02, 2006 8:19 pm
I thought V1 didn't matter if it was unsigned or not?
#85877 - arctic_flame - Fri Jun 02, 2006 8:30 pm
No, they always had to be signed, its just that versions 1-3 didn't check whether the application pointer was signed or not. At least, I think thats how it works, I'm kind of a noob at ds hacking.
#85903 - maxox - Sat Jun 03, 2006 12:00 am
I have a DS Lite I purchased in the southern US on 6/1. Firmware is Magenta so I'm guessing it's v5? I'll let you know what FlashMe says about my firmware relatively soon.
#85909 - HyperHacker - Sat Jun 03, 2006 12:41 am
They always required signing, but V1-3 don't do any boundary checks on the start address which is stored outside of the signed area and can thus be modified as desired; you can just point it to GBA ROM space in a signed binary and away you go. V4+ does boundary checking to ensure it's within RAM, but many game binaries contain some piece of data that you can point it to, that will be interpreted as an invalid SWI call which jumps to GBA SRAM space. Unfortunately with WMB, V4+ uses an alternate header which is inside the signed area, so it can't be modified, but I think this header isn't present on DS cards, so PassMe2 is still possible.
| arctic_flame wrote: |
| Code: | | WARNING! ARM7 binary is NOT verified! |
|
Pretty sure this means it's not signed. It could just mean it's not Nintendo's binary though.
_________________
I'm a PSP hacker now, but I still <3 DS.
#86240 - maxox - Mon Jun 05, 2006 9:14 pm
the flashme didn't recognize the firmware version on my us ds lite.
one wifi related thing i noticed pre-flashing was that trying to send multiplayer download packs from a flashme ds to the unflashed ds lite wouldn't work with a couple of nintendo games. namely mario kart and new super mario bros. tetris and true swing golf worked fine.
this got me thinking ... could a modified true swing or tetris be used as a new wifime delivery tool? wasn't mario 64 the old delivery piggyback?
#86245 - swimgod - Mon Jun 05, 2006 9:26 pm
no you can't modify them,
the RSA signiture is sent with the demo and if the demo's code does that make the signiture it will not run it...
and no we can't make a new RSA signiture because we don't know the algorithm...
sorry >.<;
_________________
1x WII 2x remotes
2x NDS/L(FMv7-ORG:v4,FMv7-org:DSL)
1x GBAMP
2x 1gb (MicroDrive{typeII}&SanDisk{typeI})
1x SuperPass2
1x Supercard-CF
MoonShell skins
#86271 - tepples - Tue Jun 06, 2006 12:55 am
| maxox wrote: |
| one wifi related thing i noticed pre-flashing was that trying to send multiplayer download packs from a flashme ds to the unflashed ds lite wouldn't work with a couple of nintendo games. namely mario kart and new super mario bros. tetris and true swing golf worked fine. |
You are using authentic DS Game Cards, right?
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#86286 - thundrestrike - Tue Jun 06, 2006 3:51 am
naw, hes using a fake psp umd ;P
back on the point...
its obvious he's not, because sending the real deal to a dslite unflashed would work. The backup doesnt have the signature so when booted on a dslite it obviously wouldnt work, unlike the backups he named
i though you were smart enough to figure that out? :l
_________________
popcorn
#86290 - tepples - Tue Jun 06, 2006 3:58 am
I haven't played New SMB so I wouldn't know whether or not the new games check for FlashMe firmware on the host DS.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#86369 - Dan2552 - Tue Jun 06, 2006 6:00 pm
So is he using yarr or not? I hope he is, in this case.
I'm unflashing my DS if i can't send ds download to unflashed DSs
#87964 - maxox - Fri Jun 16, 2006 7:16 pm
No, I was not using authentic carts. I was running from a Supercard SD on a v1 DS with Flashme v7 trying to send DS download play games to the unflashed US DS Lite. Mario games (Mario Kart, NSMB) did not work, but other games like Tetris DS and True Swing Golf worked perfectly.
The failures happened about 1-2 minutes into the process.
And now for a possibly bad question ... In general, what do the wifi packets look like when doing DS download play? Is there some unencrypted handshaking and then some encrypted download packets?
#87981 - tepples - Fri Jun 16, 2006 8:23 pm
Do not discuss use of "backups" of DS games on this board.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#88641 - Pinesal - Tue Jun 20, 2006 7:14 pm
I don't know if anyone ended up trying this with a PCI wifi card and wifime but I did. There's what I found.
I tested with nothing in the NDS slot and with my M3 adapter in the GBA slot.
DSlite gets communications error like everything else
Unmodified launch DS locks up at Nintendo Logo like everything else
Flashme'd launch DS loads to Datel logo and then launches M3 adapter
#88667 - HyperHacker - Tue Jun 20, 2006 9:13 pm
Yeah, that's what I got.
| Pinesal wrote: |
Unmodified launch DS locks up at Nintendo Logo like everything else
Flashme'd launch DS loads to Datel logo and then launches M3 adapter |
This means the binary isn't signed.
_________________
I'm a PSP hacker now, but I still <3 DS.
#88668 - MaHe - Tue Jun 20, 2006 9:14 pm
Meh, doesn't work on my sisters pink DS (V4).
_________________
[ Crimson and Black Nintendo DS Lite | CycloDS Evolution | EZ-Flash 3-in-1 | 1 GB Transcend microSD ]
#94514 - ckudige - Tue Jul 25, 2006 3:22 am
Hi Guys,
I just got a new Nintendo DS Lite and I have managed to download the official E3 demos using the linux version of WMB (windows version doesnt work).
I downloaded the file from http://us.codejunkies.com/mpds/binaries/MMPDS_101.zip
which seems like a Mediaplayer, however when I tried downloading it to my DS Lite the linux WMB crashed.
The reason turns out to be that the file is smaller than what is indicated in the NDS header. I poked around with a hex editor and found that part of the file
was truncated (including the RSA signature).
So... sorry. If you have a proper file, let me know. I will surely try again.
/Chandan