#95075 - Lick - Thu Jul 27, 2006 6:44 pm
I've got this crazy idea while I was sending a demo to a cart-less DSL-owner. Is it possible that we code our apps to send them to other DSes?
This will definitely allow non-flashers to test our games, which means more publicity of the DS scene!
Comments? =/
-edit- Should've posted this in the Dev forum, perhaps..
_________________
http://licklick.wordpress.com
#95077 - thundrestrike - Thu Jul 27, 2006 7:14 pm
its been discussed before,
Non-Flashed DS's check for an "RSA" signature before accepting downloadables. Homebrew does not contain that RSA signature yet. I'm not sure if it will ever be supported, but who knows? Someone might crack it.
But as of now, that wont work :(
_________________
popcorn
#95078 - Nushio - Thu Jul 27, 2006 7:14 pm
If we could, then we could send Flashme, and allow people who want to flash, flash DSs easily and without passmes and wifime.
What you want cannot currently be done (sending apps) because of the RSA signature.
It has been rumored that there could be a flaw with a second stage loader that could cause the creation of Wifime2, but noone has yet looked into this since there's no need.
DS 2 DS transfer with homebrew isnt possible yet btw, there needs to be an access point in between.
And the official DS Demos sent from a Ralink card dont work on DSLites because of some header they check or something. So it wouldnt work as well. Not with DSLites anyway.
#95081 - jester - Thu Jul 27, 2006 7:20 pm
would a nintendo wifi connection like feature work for someone who has a .nds or what of the game and wishes to face someone from the other side of the globe also with that homebrew game??
_________________
If anyone needs a dragonball online email me @ aaronthejester@hotmail.com
#95087 - Lick - Thu Jul 27, 2006 7:58 pm
Too bad about the RSA Signature thing. Really sucks.
How does it work? Is it possible to use the existing key of a real game? I'm going to do research on this, but I'm asking in advance.
_________________
http://licklick.wordpress.com
#95090 - dualscreenman - Thu Jul 27, 2006 8:16 pm
| Nushio wrote: |
And the official DS Demos sent from a Ralink card dont work on DSLites because of some header they check or something. So it wouldnt work as well. Not with DSLites anyway. |
Actually, the real cause is that the timing for sending the data packets on the Windows version of the Wireless Multiboot Client is slightly off.
_________________
| dualscreenman wrote: |
| What about Gaim DS? Gaim pretty much has support for all IM programs. |
| tepples wrote: |
| "Goshdammit, the DS is not a Gaim-boy! It's a third pillar!" |
#95093 - Devil_Spawn - Thu Jul 27, 2006 8:43 pm
i really cant believe the 'rsa' troubles, because some people say that some real games dont have rsa implemented, so why cant our homebrew 'not have rsa implemented' its bs
dualscreenmans reason sounds far more likely
#95097 - Dan2552 - Thu Jul 27, 2006 9:02 pm
| Devil_Spawn wrote: |
| i really cant believe the 'rsa' troubles, because some people say that some real games dont have rsa implemented, so why cant our homebrew 'not have rsa implemented' its bs |
no, what they're saying is just BS. Non-Flashed DSs CANNOT recieve any non-RSA
#95102 - Devil_Spawn - Thu Jul 27, 2006 9:24 pm
thats what i meant ^^
#95105 - Snowy? - Thu Jul 27, 2006 9:48 pm
I wonder why no one has ever tried modding WifiMe to run small lots of GBA code from download play or does the DL memory area inexcessable to the ARM7?
#95106 - Mighty Max - Thu Jul 27, 2006 10:12 pm
The gba mode is different from the nds mode (access to display, memory locations, etc).
When switching to GBA mode, the accessable ram is cleared and code in the gba slot gets executed.
_________________
GBAMP Multiboot
#95107 - Sausage Boy - Thu Jul 27, 2006 10:13 pm
| Snowy? wrote: |
| I wonder why no one has ever tried modding WifiMe to run small lots of GBA code from download play or does the DL memory area inexcessable to the ARM7? |
When you go from DS mode to GBA mode, the GBA tries to run code from the GBA cart. AFAIK, there is no way to make it start code from anywhere else.
Edit: darn, Mighty Max was quicker... Better explanation too :P
_________________
"no offense, but this is the gayest game ever"
Last edited by Sausage Boy on Thu Jul 27, 2006 10:27 pm; edited 1 time in total
#95108 - Lick - Thu Jul 27, 2006 10:13 pm
Snowy: I think it's not even possible to run GBA code, because RSA is 'ruining' everything.
_________________
http://licklick.wordpress.com
#95112 - Snowy? - Thu Jul 27, 2006 10:41 pm
| Lick wrote: |
| Snowy: I think it's not even possible to run GBA code, because RSA is 'ruining' everything. |
Erm I think Wifime (Uses SMario 64 Headders/RSA) puts the ARM9 on a loop and tells the Arm7 to play from GBA slot so to speak (thanks pepsiman) so why can't the Arm7 be told to run some other code?
#95116 - Sausage Boy - Thu Jul 27, 2006 11:00 pm
| Snowy? wrote: |
| Lick wrote: | | Snowy: I think it's not even possible to run GBA code, because RSA is 'ruining' everything. |
Erm I think Wifime (Uses SMario 64 Headders/RSA) puts the ARM9 on a loop and tells the Arm7 to play from GBA slot so to speak (thanks pepsiman) so why can't the Arm7 be told to run some other code? |
That's NDS mode, not GBA mode. In older firmware versions, the starting addresses of the arm7 and arm9 were contained outside of the RSA checked area, which means that they could be changed and the RSA signature would still be valid. In newer firmware, this glitch has been corrected, that's why wifime doesn't work on new DS's.
Now WMB on the other hand, is a completely different thing. The reason you can't download homebrew to non-flashme'd DS's, is because they check the RSA signature of the file. Nintendo's files are signed, but homebrew is not and can't be, unless;
1. Someone breaks into the Nintendo headquarters and steals the private RSA key.
2. Someone has access to a supercomputer and lets it chew on the problem for a couple of weeks, or months, or years.
The reason no games work with the Windows WMB and the DS Lite is, as dualscreenman said, a minor timing error or protocol change.
_________________
"no offense, but this is the gayest game ever"
#95119 - josath - Thu Jul 27, 2006 11:27 pm
| Quote: |
| 2. Someone has access to a supercomputer and lets it chew on the problem for a couple of weeks, or months, or years. |
or (since it's a 1024-bit key) a couple of lifetimes of universes
#95120 - tepples - Thu Jul 27, 2006 11:28 pm
| Sausage Boy wrote: |
Nintendo's files are signed, but homebrew is not and can't be, unless;
1. Someone breaks into the Nintendo headquarters and steals the private RSA key.
2. Someone has access to a supercomputer and lets it chew on the problem for a couple of weeks, or months, or years. |
3. Someone finds the time to look for a bug in a multiplayer game's second-stage loader. This is the only way that we'll be able to use "another game's signature".
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95139 - Sausage Boy - Fri Jul 28, 2006 12:13 am
Gah, is it 1024bits?! Thought it was like, 256 :P
_________________
"no offense, but this is the gayest game ever"
#95155 - lambi1982 - Fri Jul 28, 2006 2:33 am
are peolpe not able to see the RSA in an NDS rom ( real nds cart )?
_________________
Who, Me?
#95158 - clone dad - Fri Jul 28, 2006 3:05 am
no.
_________________
I don't know anything.
#95160 - caitsith2 - Fri Jul 28, 2006 3:12 am
| tepples wrote: |
| Sausage Boy wrote: | Nintendo's files are signed, but homebrew is not and can't be, unless;
1. Someone breaks into the Nintendo headquarters and steals the private RSA key.
2. Someone has access to a supercomputer and lets it chew on the problem for a couple of weeks, or months, or years. (or 2 lifetimes of universe) |
3. Someone finds the time to look for a bug in a multiplayer game's second-stage loader. This is the only way that we'll be able to use "another game's signature". |
4. Have connections with somebody that makes games for the Nintendo DS officially, and have them sign your code, (and while at it, sign an unofficial second stage loader for homebrew use, and flashme to transmit to unmodified DS systems directly.)
In my opinion, The order from most likely to least, is 3, 4, 1, 2.
#95173 - Snowy? - Fri Jul 28, 2006 3:38 am
| tepples wrote: |
| Sausage Boy wrote: | Nintendo's files are signed, but homebrew is not and can't be, unless;
1. Someone breaks into the Nintendo headquarters and steals the private RSA key.
2. Someone has access to a supercomputer and lets it chew on the problem for a couple of weeks, or months, or years. |
3. Someone finds the time to look for a bug in a multiplayer game's second-stage loader. This is the only way that we'll be able to use "another game's signature". |
Wasn't there a mention months back somewhere on this forum about a bug with an image loader or something in S Mario 64 DS? I bet that person just disapeared lol
#95186 - tepples - Fri Jul 28, 2006 4:28 am
WiFiMe exploited a bug in Nintendo DS firmware versions 1 through 3, and it existed as a patched DS Download Play header for the Super Mario 64 DS loader, although it could have been made with any signed DS Download Play program.
Anything that sends the unmodified SM64DS loader and then exploits that would be WiFiMe2 (that is, option 3), and no practical results have been published about such a technique.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95247 - jester - Fri Jul 28, 2006 11:58 am
so it is possible to do a little bit of wifi like explosive gas but now we have to wait till someone unlocks the whole thing so that we can face people over the internet is that right?
#95250 - dualscreenman - Fri Jul 28, 2006 12:15 pm
No, we can play people over the internet, we just can't do DS->DS wifi.
_________________
| dualscreenman wrote: |
| What about Gaim DS? Gaim pretty much has support for all IM programs. |
| tepples wrote: |
| "Goshdammit, the DS is not a Gaim-boy! It's a third pillar!" |
#95254 - jester - Fri Jul 28, 2006 12:57 pm
oh so the explosive gas method is the only way we can play people we dont know
#95259 - Lick - Fri Jul 28, 2006 1:30 pm
Stephen (dswifi) said he will (might) be working on ds nifi features (you can see on his Checklist) so DS->DS (multi cartridge) will probably work. DS Download Play (single cartridge) probably won't.
Conclusion: NDS code will run on storage devices, in the past, present and future.
_________________
http://licklick.wordpress.com
#95281 - HyperHacker - Fri Jul 28, 2006 4:15 pm
FYI, an RSA signature is essentially a hash of the file, encrypted using RSA. The idea is that this hash will be a different number for every possible input. (Technically if you try enough different files you will get two with the same hash... but that's like quintillions of files.) This hash is sent along with the program itself. The firmware checks the program, calculates the hash itself, and only runs the program if it matches the one stored in the header.
Now here's the kicker - the hash is essentially encrypted with backwards RSA. Anybody can take the public key and use it to decrypt the message and read the hash - the firmware itself has to do this to verify it. But to encrypt a message that can be decrypted with this key, you need to use a different key (the 'private key'). Only Nintendo has this and the chances of someone cracking it are not good. That means unless you somehow obtain the private key (don't count on it), you can't modify the stored hash, which means you can't modify the program. Similarly, you can't make a whole new program because you won't be able to encrypt its hash.
Of course, FlashMe gets around this by just not checking the signature at all. WifiMe exploits a design flaw in that you could change parts of the header - including the start address - that aren't included in the hash, and thus the file would still be accepted; it adds some small code (there's only room for maybe 25 instructions) to put ARM9 in a loop and send ARM7 to the GBA slot. And the cards aren't signed, hence things like PassMe and NoPass.
_________________
I'm a PSP hacker now, but I still <3 DS.
#95296 - Turambar - Fri Jul 28, 2006 5:24 pm
| Lick wrote: |
so DS->DS (multi cartridge) will probably work. DS Download Play (single cartridge) probably won't.
Conclusion: NDS code will run on storage devices, in the past, present and future. |
That's not entirely right. DS Download Play should be easy to make (once the lib is done), it just won't be posible to do it to a non flashed DS.
#95316 - Lick - Fri Jul 28, 2006 6:25 pm
I stand corrected. But the initial idea of sending homebrew to nonbelievers (which is dumb anyway due to malware) will not be realized. I can live with being able to send to flashed systems.
_________________
http://licklick.wordpress.com
#95476 - Valmond - Sat Jul 29, 2006 6:49 pm
Stupid question; how does the hashing work ?
Would it be possible to add garbage to a file so it hashes up to the
same values as a commercial game and so be able to use the RSA
key from there ?
/Valmond
ps. so DS to DS will be working one day, how sweet it will be!
Are there a DS to DS bounty ?
_________________
N?fer & LudLib
#95483 - tepples - Sat Jul 29, 2006 7:05 pm
Forging an SHA-1 value requires brute force computation, and that can't happen in a million years. Perhaps in a million and one, but not in a million.
The most likely route of attack is WifiMe2. If you want to set up a bounty for WifiMe2 code, go ahead.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95610 - Valmond - Sun Jul 30, 2006 3:32 pm
Thanks, interresting read on the SHA-1 !
Doesn't know how these bountys works really, but I
defenitely would support a DS-wifi-DS one :)
/Valmond
_________________
N?fer & LudLib
#95623 - kevinc - Sun Jul 30, 2006 4:16 pm
| tepples wrote: |
| Forging an SHA-1 value requires brute force computation, and that can't happen in a million years. Perhaps in a million and one, but not in a million. |
The million year period is an upper bound. You might very well invent some random string and get it right the first time, if you're very lucky. Extremely unlikely, but it *can* happen.
#95681 - Devil_Spawn - Sun Jul 30, 2006 7:38 pm
so you couldnt use a modified version of flashme to capture the signature then or search through the ds firmware to find the decrypter and a way to trick it???
dont just say no i wanna know why!!!
Last edited by Devil_Spawn on Sun Jul 30, 2006 7:40 pm; edited 1 time in total
#95682 - tepples - Sun Jul 30, 2006 7:40 pm
There is a one-to-one mapping between extant programs and their correct signatures. If you try to use a given signature for a different program, there's a one out of a million million million million million million million million chance that it will work.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95684 - Devil_Spawn - Sun Jul 30, 2006 7:44 pm
what if we get lots of computers, like everybodys computers on gbadev and scdev and everyting else, we might get one within the next millenia? maybe? 7200 computers 24/7
Last edited by Devil_Spawn on Sun Jul 30, 2006 7:46 pm; edited 1 time in total
#95686 - tepples - Sun Jul 30, 2006 7:45 pm
It took four years for distributed.net, possibly the world's largest distributed computer, to crack a 64-bit RC5 message. Each DS Download Play digital signature is 160 bits (where each power of a million represents 20 bits), and the private signing key is 1024 bits, which still takes 2^90 steps of the sieve.
By then there will be the GP3X, hopefully with a touch screen, and nobody will need a DS anymore.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
Last edited by tepples on Sun Jul 30, 2006 7:51 pm; edited 1 time in total
#95687 - Devil_Spawn - Sun Jul 30, 2006 7:47 pm
it would need 2 screen for fps though, or a mouse, because ur big hand in the way of the screen would be a little crap
#95691 - spinal_cord - Sun Jul 30, 2006 7:52 pm
| tepples wrote: |
| By then there will be the GP3X, hopefully with a touch screen, and nobody will need a DS anymore. |
How can you say anything like that on a NDS/GBA board!!!!?!?!??!!??!!
about this million years thing, surely if someone with a spare pc starts brute forcing, they may figure the key before Big N (or official developer) gives it up?
_________________
I'm not a boring person, it's just that boring things keep happening to me.
Homepage
#95702 - tepples - Sun Jul 30, 2006 8:05 pm
Factoring RSA-640 took 5 months on 80 recent CPUs. The description of the general number field sieve gives its computational complexity of factoring a 640 bit number as 73.4 bits and that of factoring a 1024 bit number as 90 bits. Thus, it would take about 100,000 times as long (or 100,000 times as many CPUs) to factor a 1024 bit number.
Would it be easier to organize a distributed DS key factoring effort or to document the protocol used by the Super Mario 64 DS loader?
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95705 - spinal_cord - Sun Jul 30, 2006 8:07 pm
| tepples wrote: |
Would it be easier to organize a distributed DS key factoring effort |
like that seti screensaver, we could have loads of pc's around the world attempting this in their downtime?
_________________
I'm not a boring person, it's just that boring things keep happening to me.
Homepage
#95708 - tepples - Sun Jul 30, 2006 8:10 pm
How many people regularly post to forum.gbadev.org? I don't think it's 8 million. Would it be easier to gather 8 million people to devote their PCs' idle time to this cause, or would it be easier to disassemble the Super Mario 64 DS loader?
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95709 - Turambar - Sun Jul 30, 2006 8:10 pm
| spinal_cord wrote: |
| about this million years thing, surely if someone with a spare pc starts brute forcing, they may figure the key before Big N (or official developer) gives it up? |
I don't think you realize how many different combinations are. Seriously. The millions of years might me an exageration, but I wouldn't be surprised if it took thousands of years for an average pc to crack a 1024 bits key.
I'm not entirely sure about this, but the way I understand it, for every extra bit, it takes twice as long to crack it. So you need 2 years to crack a 64 bit key, then you need 4 to crack a 65 bit key. And 8 for 66 bits, etc... (well, if this is rigth, then i guess the million years thing wasn't an exageration)
#95715 - spinal_cord - Sun Jul 30, 2006 8:23 pm
pc's are getting monsterously fast these days, surely that has to account for something?
_________________
I'm not a boring person, it's just that boring things keep happening to me.
Homepage
#95716 - tepples - Sun Jul 30, 2006 8:24 pm
| spinal_cord wrote: |
| pc's are getting monsterously fast these days, surely that has to account for something? |
And I already took that into account. RSA-640 took 5 months and 8 units of 2.2 GHz Opteron.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95719 - kevinc - Sun Jul 30, 2006 8:26 pm
| spinal_cord wrote: |
| about this million years thing, surely if someone with a spare pc starts brute forcing, they may figure the key before Big N (or official developer) gives it up? |
I have an undeterministic Turing machine hanging in my room, I think it would be A LOT faster that way.
Last edited by kevinc on Sun Jul 30, 2006 8:27 pm; edited 1 time in total
#95720 - spinal_cord - Sun Jul 30, 2006 8:27 pm
WE could always set up a bribe-bounty to get a nintendo employee to give us the key...
_________________
I'm not a boring person, it's just that boring things keep happening to me.
Homepage
#95722 - tepples - Sun Jul 30, 2006 8:28 pm
Set up a bounty for a documentation of the protocol used by the Super Mario 64 DS loader; it's probably easier and more legal.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95724 - spinal_cord - Sun Jul 30, 2006 8:30 pm
| tepples wrote: |
| Set up a bounty for a documentation of the protocol used by the Super Mario 64 DS loader; it's probably easier and more legal. |
Whats so special about the mario64 loader?
_________________
I'm not a boring person, it's just that boring things keep happening to me.
Homepage
#95725 - tepples - Sun Jul 30, 2006 8:33 pm
Any loader will do, but SM64DS is worth investigating even if only for historical reasons, as it was the basis for the original WiFiMe. It was also released long before Nintendo learned of any break in the DS lockout.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#95891 - pepsiman - Mon Jul 31, 2006 12:51 pm
| HyperHacker wrote: |
| WifiMe exploits a design flaw in that you could change parts of the header - including the start address - that aren't included in the hash, and thus the file would still be accepted; it adds some small code (there's only room for maybe 25 instructions) to put ARM9 in a loop and send ARM7 to the GBA slot. |
The start address in the header is included in the hash, which is why WifiMe doesn't work with recent firmware.
The WMB protocol sends the header twice, and the DS only performs the signature check on one copy of the header.
WifiMe modifies the header which is not signature checked.
The original DS firmware had a bug where the start address was taken from the unchecked header. This was fixed in later firmwares.
#95897 - chishm - Mon Jul 31, 2006 1:23 pm
There is a fast way to crack the hash -- invent a time machine. Spend millions of years simultaneously developing a time machine and cracking the key, then use the time machine to send the key back to our present.
_________________
http://chishm.drunkencoders.com
http://dldi.drunkencoders.com
#95898 - wintermute - Mon Jul 31, 2006 1:28 pm
| chishm wrote: |
| There is a fast way to crack the hash -- invent a time machine. Spend millions of years simultaneously developing a time machine and cracking the key, then use the time machine to send the key back to our present. |
good idea I just received the key from the future, thanks :P
_________________
devkitPro - professional toolchains at amateur prices
devkitPro IRC support
Personal Blog
#95900 - jester - Mon Jul 31, 2006 2:05 pm
lets be real is it possible to set up a high bounty for this till a coder can crack it i am willing to chip in to the bounty for whoever can crack the ds download play function so that people can use it in homebrew
#96071 - CubeGuy - Tue Aug 01, 2006 5:56 am
Or we could all just sit back and wait for those handy quantum computers...
_________________
It's 'CubeGuy.' One word. No space.
#96094 - MaHe - Tue Aug 01, 2006 10:28 am
Or, we can get some handy ski-masks and break into the Nintendo development studios :P
_________________
[ Crimson and Black Nintendo DS Lite | CycloDS Evolution | EZ-Flash 3-in-1 | 1 GB Transcend microSD ]
#96111 - jester - Tue Aug 01, 2006 12:32 pm
its a shame nobody can crack it for homebrew
#96125 - Linkiboy - Tue Aug 01, 2006 3:49 pm
I'll have to do with.. MaHe's idea.
#96128 - tepples - Tue Aug 01, 2006 3:53 pm
A bunch of people sitting around saying it's a shame won't help anything. If you think it's a shame, then put your money where your mouth is and head to Fundable to start the WiFiMe2 bounty.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#96590 - jester - Fri Aug 04, 2006 12:18 am
any other ds bounties that could be started i wouldnt mind helping on wifime2 but any other types of bounties that could be started???
#96599 - dualscreenman - Fri Aug 04, 2006 2:10 am
.How about a bounty for the first person to put up another bounty related to DS homebrew. :p
_________________
| dualscreenman wrote: |
| What about Gaim DS? Gaim pretty much has support for all IM programs. |
| tepples wrote: |
| "Goshdammit, the DS is not a Gaim-boy! It's a third pillar!" |
#96645 - kevinc - Fri Aug 04, 2006 12:09 pm
I'll donate a cookie to dualscreenman's bounty.
#96659 - dualscreenman - Fri Aug 04, 2006 3:46 pm
:D
_________________
| dualscreenman wrote: |
| What about Gaim DS? Gaim pretty much has support for all IM programs. |
| tepples wrote: |
| "Goshdammit, the DS is not a Gaim-boy! It's a third pillar!" |
#96660 - Mighty Max - Fri Aug 04, 2006 3:48 pm
who pays me a second DS to develop it?
j/k
_________________
GBAMP Multiboot
#96662 - thundrestrike - Fri Aug 04, 2006 4:18 pm
i'm not sure im following this thread?
_________________
popcorn
#96668 - kevinc - Fri Aug 04, 2006 4:51 pm
| thundrestrike wrote: |
| i'm not sure im following this thread? |
You're asking us? Well, we don't know, either...
(j/k)
#97047 - jester - Mon Aug 07, 2006 5:16 pm
well i am following it easily we need to (someone) to create a bounty enititled WIFIME 2 or download play hack or something like that and state that a coder for the ds can crack the ds download play feature and recieve a huge amount of money for it.
This money could be raised from donations of money and stuff this could happen this is just a suggestion though !
#97057 - omaremad - Mon Aug 07, 2006 7:01 pm
some times for the greater good we have to cross the line between "good" and "evil" if you know what i mean.
Well a very nice ds game is sonic rush, it seems thatit very unique compared to other ds games in its wireless routines, in single cart mode it streams the game from carted ds, maybe it has a first stage loader that then asks for another binary which is streamed?
i m thinking something like gamecubes phanasy star online hack where a "legit" game is used to boot another binary since the legit one has methods with getting data from the outside world
#97058 - omaremad - Mon Aug 07, 2006 7:03 pm
In other words wifi me 2 should be based on sonic rush rather than m64
btw i belive sonic rush is rumoured to have a unique arm7 binary rather than the stock nintendo one, ill investigate with dstool :)
#97062 - omaremad - Mon Aug 07, 2006 7:08 pm
ok sorry for the posts but here is how to hack it.
Extract the download play First stage rom from the full sonic rush rom.
Modify the first stage laoder to accept binaries from the PC
Run the first stage loader using 2 method:
reinsert it into a sonic rush rom:might cause corruption but m64 beta levels have been hacked that way.
run the first stage loader on its own from a deving device
turn on custom pc server and dl
#97070 - Mighty Max - Mon Aug 07, 2006 7:59 pm
Your post is beyond me.
What does that method archieve other then a very obscure way to run code on an allready passme'd or flashed DS?
_________________
GBAMP Multiboot
#97072 - omaremad - Mon Aug 07, 2006 8:04 pm
well it allows home brew distribution using the coders's ds to non coders/non flashed ds's or the pc can broadcast the modified firststage loader of the sonic rush download play(ripped from sonic rush)
#97073 - Mighty Max - Mon Aug 07, 2006 8:11 pm
No it won't. The modified loader wouldnt pass the RSA check when beeing broadcasted.
_________________
GBAMP Multiboot
#97078 - tepples - Mon Aug 07, 2006 9:08 pm
That's why you do this: - Document the loader's protocol. This is the hard part, as it requires analyses of ARM7/ARM9 code and packet captures.
- Send the unmodified loader using existing WMB tools.
- Send homebrew as the second stage using the loader's protocol.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#97079 - omaremad - Mon Aug 07, 2006 9:11 pm
yep thats what i meant a
dual stage loader
#97083 - Mighty Max - Mon Aug 07, 2006 9:19 pm
That's a complete other approach to the one you mentioned:
| Quote: |
| Modify the first stage laoder to accept binaries from the PC |
I'm currently doing the second-stage protocol investigations on sm64ds, which indeed does the same as sonic rush. (And important, a game i own, so i can do researches)
I'm running 3 different ways to get to a result:
- checking how the arm7 handles incoming packages
- checking how the arm7<->arm9 communication works and if there are some non-checked attributes
- checking the protocol captured via the ralink
_________________
GBAMP Multiboot
#97101 - Lick - Mon Aug 07, 2006 11:36 pm
Do you guys think that the loaders are somewhat the same for each game, or do they really differ in galaxies?
_________________
http://licklick.wordpress.com
#97139 - tepples - Tue Aug 08, 2006 4:37 am
You'd only need to crack one loader's protocol. Then FireFly could include it with WMB 1.6 to replace WiFiMe.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#97175 - Lick - Tue Aug 08, 2006 11:03 am
http://dsrobot.homelinux.com/
If you check out the video at the bottom, you'll see that he uses DS Download Play. WTF?!
_________________
http://licklick.wordpress.com
#97182 - Mighty Max - Tue Aug 08, 2006 11:49 am
FlashMe removes the RSA Check for Download&Play.
_________________
GBAMP Multiboot
#97327 - Magitek - Wed Aug 09, 2006 5:55 am
So did anyone start a bounty yet?
#97331 - Wuschmaster - Wed Aug 09, 2006 7:46 am
#97332 - jester - Wed Aug 09, 2006 8:08 am
the question is would it take long to crack one of the loader's protocol if not then a bounty would be quite inappropriate but adding a bounty would make the project interesting.
#97374 - tepples - Wed Aug 09, 2006 2:21 pm
| jester wrote: |
| the question is would it take long to crack one of the loader's protocol |
How long has it been since the worldwide release of Super Mario 64 DS? That's how long it takes.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#97395 - JaJa - Wed Aug 09, 2006 3:52 pm
But has anyone been doing it since the launch?
_________________
LAWL HOOGE
My Blog