Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Thu Feb 20, 2020 3:42 pm

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 19 posts ] 
Author Message
 Post subject: Action Replay DSi
PostPosted: Sun Feb 07, 2010 11:10 pm 
Offline
Kommunist
Kommunist

Joined: Sun Oct 08, 2006 11:48 pm
Posts: 37
So while strolling through the electronics department at Wally World (Wal-Mart) tonight, I saw an AR for the DSi. I picked one up for 20 bucks. The packaging says it actually has codes for dsi enhanced games. Looking at the device, it uses the old pass through style from the GBA days. It also has a mini usb port on the top edge and comes with a usb cable to fit it. They also say it can be used to backup and restore saves from retail carts. Since I only have my flashcards with me (everything is in storage until we find a permanent place to live........long story) I am unable to try it out.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Tue Feb 09, 2010 4:29 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
I wonder if it supports DSi-only games, though?

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Tue Feb 09, 2010 5:09 pm 
Offline
Kommunist
Kommunist

Joined: Sun Oct 08, 2006 11:48 pm
Posts: 37
Unfortunately I do not have a DSi only game to try. I went to storage and dug out the DSi though. Maybe if I actually get more than a couple hours at a time off from work, I will maybe try to pick up a used game to test it with.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Wed Feb 10, 2010 4:54 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
Foto Showdown is the only DSi-only game I know of, and it won't be released until next month.

Edit: Found this and this. And here is a full list.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Wed Feb 17, 2010 12:01 am 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Hackmii wrote about this. They basically bypassed the signature checking on DSi by providing the DS with a verbatim copy of a commercial ROM, and used some logic trickery in the cartridge, so that during the boot sequence requests for a certain file return the original data, but during execution they return Datel's code. Already a world of copyright issues there, but what's even sillier is the way they did it - they send back a fixed reply sequence no matter what the DS is actually asking for, and pad the beginning of the code with infinite loops rather than NOPs, so that any slight change will break it all.

Fortunately, they did think far enough ahead to make it able to reflash from USB without being plugged into a DS, so when Nintendo inevitably complains about the copyright infringement, if they don't get it pulled entirely and Datel does find another way to boot the cart, they'll at least be able to issue a firmware update.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Wed Feb 17, 2010 9:39 am 
Offline
Kommunist
Kommunist

Joined: Wed Feb 17, 2010 9:28 am
Posts: 2
yo,

I've done some more ARDSi hax, can now rewrite the SST flash over USB. (reverse engineered their wintendo driver/software)
The upper half of flash is reserved for the fixed command-reply stream, unfortunately this portion has some additional ciphering/obfuscation
going on that has prevented me from replacing it with something different so far.

Since I *am* able to write to the portion of flash and dump the cart again on a normal DS, I can see what the outcome is, I already did some
quick tests (writing all zeroes to that region) to see if it's some fixed XOR pad or whatever, but it seems to be a bit more clever than *that*.

If there are any hardcore crypto nerds hanging around this place, I'm willing to post some bin blobs to stare at. ;-]


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Wed Feb 17, 2010 10:27 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Can you write to that flash from a DS? Perhaps it works both ways.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Fri Feb 19, 2010 6:28 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
blasty; I'll be in touch.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Sun Feb 28, 2010 1:56 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
AR DSi does not seem to be capable of booting System Flaw. Version information is "Version 1.0, Date Jul 14 2009 - 10:24:09"

I want to dump the firmware on it before I attempt to update. Not that it will help; this version only runs in the old DS mode. Firmware updates *might* make it possible to run in DSi mode ... if Datel RE's the new DSi blowfish IV. And a software exploit to get into DSi mode from DS mode is nigh impossible.

In other words, I was right; "AR DSi" is a farce.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Mon Mar 01, 2010 1:44 am 
Offline
Kommunist
Kommunist

Joined: Wed Feb 17, 2010 9:28 am
Posts: 2
Yo, here's a quick 'n dirty libusb tool to read/write firmware. Adjust as needed, keep in mind the SST flash is 2MB.
(gcc -Wall -o ardsi ardsi.c -lusb)
Code:
#include <stdio.h>
#include <string.h>
#include <usb.h>

#define READ_ENDPT 0x81
#define WRITE_ENDPT 0x01
#define PAGE_SIZE 0x1000

#define ADAPTER_VID 0x1c1a
#define ADAPTER_PID 0x0100

#define USB_TIMEOUT 5000

typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;

static struct usb_device *find_adapter(u16 vendor, u16 product) {
  struct usb_bus *bus;
  struct usb_device *dev;
  struct usb_bus *busses;

  usb_init();
  usb_find_busses();
  usb_find_devices();
  busses = usb_get_busses();

  for (bus = busses; bus; bus = bus->next)
    for (dev = bus->devices; dev; dev = dev->next)
      if ((dev->descriptor.idVendor == vendor) && (dev->descriptor.idProduct == product))
        return dev;

  return NULL;
}

int flash_write_page(usb_dev_handle *usb_handle, u32 offset, u8 *buf) {
   char cmd[]={ 0x00, 0x00, 0x00, 0x00, 0x00 };
   int  ret;

   cmd[0] = 0x65;
   cmd[1] = (offset & 0xff);
   cmd[2] = (offset >> 8) & 0xff;
   cmd[3] = (offset >> 16) & 0xff;
   cmd[4] = (offset >> 24) & 0xff;

   ret = usb_bulk_write(usb_handle, WRITE_ENDPT, cmd, 5, USB_TIMEOUT);
   if (ret != 5) return -1;

   cmd[0] = 0x70;
   ret = usb_bulk_write(usb_handle, WRITE_ENDPT, cmd, 5, USB_TIMEOUT);
   if (ret != 5) return -1;

   ret = usb_bulk_write(usb_handle, WRITE_ENDPT, (char*)buf, PAGE_SIZE, USB_TIMEOUT);

   return ret;
}

int flash_read_page(usb_dev_handle *usb_handle, u32 offset, u8 *out) {
   char cmd[]={ 0x72, 0x00, 0x00, 0x00, 0x00 };
   int  ret;

   cmd[1] = (offset & 0xff);
   cmd[2] = (offset >> 8) & 0xff;
   cmd[3] = (offset >> 16) & 0xff;
   cmd[4] = (offset >> 24) & 0xff;

   memset(out, 0, PAGE_SIZE);
   ret = usb_bulk_write(usb_handle, WRITE_ENDPT, cmd, 5, USB_TIMEOUT);

   if (ret != 5) return -1;

   ret = usb_bulk_read(usb_handle, READ_ENDPT, (char*)out, PAGE_SIZE, USB_TIMEOUT);

   if (ret <= 0) return -1;

   return ret;
}

int main (int argc,char *argv[]) {
   FILE *fp;
   struct usb_device *dev;
   usb_dev_handle *devh;
   u32 i;
   u8 page_buf[PAGE_SIZE];

   printf("\nARDSi Tool by blasty\n\n");

   printf("Trying to locate the Action Replay DSi...\n");
   dev = find_adapter(ADAPTER_VID, ADAPTER_PID);

   if (dev == NULL) {
      fprintf(stderr, "Not found!\n");
      return 1;
   }

   devh = usb_open(dev);
   printf("Found it!\n");

   memset(page_buf, 0x00, PAGE_SIZE);

   fp = fopen("ardsi_dump.bin", "wb");

   for (i = 0; i < (1024 * 1024 *2); i += 0x1000) {
      printf("flash_read_page[%08x/%08x]: %X\n", i, (1024*1024*2), flash_read_page(devh, i, page_buf));
      fwrite(page_buf, 0x1000, 1, fp);
   }
   fclose(fp);
   usb_close(devh);

   return 0;
}


Use at your own risk .. should be fairly safe though write_page requires an unlock command (0x65) for every flash page.
And don't mock me about this code .. it was written in a hurry on a boring sunday :)


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Mon Mar 01, 2010 2:23 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
Compiles cleanly on OS X with libusb and libusb-compat packages installed from MacPorts:
Code:
$ sudo port install libusb libusb-compat
Password:
$ gcc -Wall $(pkg-config --libs --cflags libusb) -o ardsi ardsi.c

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Wed Mar 03, 2010 11:48 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
I've been poking around with the AR DSi ROM, and made some good progress on the encryption. But it's really fruitless; the AR DSi hardware *cannot* boot into DSi mode. Ever. Even with a "firmware" update. On the other hand, an update to the FPGA might do it, but there are still some menacing roadblocks to overcome. The major one being the DSi Blowfish initialization vector (also known as the "key"). The IV is a 4168-byte string of purely random data. DSi contains at least two: The DS IV (known and available in the wild) and the DSi IV; the latter is still very well guarded.

Anyway, the best that cracking the encryption [on the commercial ROM data stored in AR DSi] will lead to is changing the game shown in the DSi system menu.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Sun May 02, 2010 4:40 pm 
Offline
Kommunist
Kommunist

Joined: Fri Nov 30, 2007 2:03 pm
Posts: 31
Location: ROFLcopter
Title: CWCheat Code Creator
Parasyte wrote:
I wonder if it supports DSi-only games, though?


I just bought Foto Showdown a couple of days ago, and my Action Replay DSi Recognized it. The game can't be dumped as of now, so I can't use a dumping tool to put it on my computer. (Putting it on my computer means that I can use Cheat Engine and No$GBA to find cheats to test with.)

_________________
Spell "I.H.O.P.", then say "Ness".
"Mr. ______, we measure in milliinches, right?" - Friend in my Engineering class
Image


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Mon May 03, 2010 12:36 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
Are you able to boot the game with AR DSi? I couldn't boot System Flaw with it. (AR crashes; oh what irony.)

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Mon May 03, 2010 1:11 pm 
Offline
Kommunist
Kommunist

Joined: Fri Nov 30, 2007 2:03 pm
Posts: 31
Location: ROFLcopter
Title: CWCheat Code Creator
Parasyte wrote:
Are you able to boot the game with AR DSi? I couldn't boot System Flaw with it. (AR crashes; oh what irony.)


I was not able to boot the game; as soon as I selected yes to "Boot game with codes?", it froze.

I didn't even get to the white screen (loading screen between the AR and the actual game beginning).

:(

_________________
Spell "I.H.O.P.", then say "Ness".
"Mr. ______, we measure in milliinches, right?" - Friend in my Engineering class
Image


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Mon May 03, 2010 6:55 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3765
Title: All in a day's work.
Well, just as I expected...

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Mon May 03, 2010 7:12 pm 
Offline
Kommunist
Kommunist

Joined: Fri Nov 30, 2007 2:03 pm
Posts: 31
Location: ROFLcopter
Title: CWCheat Code Creator
Think Datel, think; why would you call the product "Action Replay DSi" if your product can't run games made for the DSi??? :shock:
(Other than the fact that it is the only Action Replay compatable with the DSi)

_________________
Spell "I.H.O.P.", then say "Ness".
"Mr. ______, we measure in milliinches, right?" - Friend in my Engineering class
Image


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Sun Jun 06, 2010 10:30 am 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Datel isn't exactly known for being totally honest about the capabilities of their products. Or their products' ability to actually perform their jobs with any amount of reliability. Or for releasing products that even function at all.

They've always been one of those "how in fuck do these crooks stay in business and not get sued?" companies. :-/

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
 Post subject: Re: Action Replay DSi
PostPosted: Sun Jun 06, 2010 12:07 pm 
Offline
Kommunist
Kommunist

Joined: Fri Nov 30, 2007 2:03 pm
Posts: 31
Location: ROFLcopter
Title: CWCheat Code Creator
That is true; Datel is just one of those companies that is borderline for able to be sued.

_________________
Spell "I.H.O.P.", then say "Ness".
"Mr. ______, we measure in milliinches, right?" - Friend in my Engineering class
Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group