Yo, here's a quick 'n dirty libusb tool to read/write firmware. Adjust as needed, keep in mind the SST flash is 2MB.
(gcc -Wall -o ardsi ardsi.c -lusb)
Code:
#include <stdio.h>
#include <string.h>
#include <usb.h>
#define READ_ENDPT 0x81
#define WRITE_ENDPT 0x01
#define PAGE_SIZE 0x1000
#define ADAPTER_VID 0x1c1a
#define ADAPTER_PID 0x0100
#define USB_TIMEOUT 5000
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
static struct usb_device *find_adapter(u16 vendor, u16 product) {
struct usb_bus *bus;
struct usb_device *dev;
struct usb_bus *busses;
usb_init();
usb_find_busses();
usb_find_devices();
busses = usb_get_busses();
for (bus = busses; bus; bus = bus->next)
for (dev = bus->devices; dev; dev = dev->next)
if ((dev->descriptor.idVendor == vendor) && (dev->descriptor.idProduct == product))
return dev;
return NULL;
}
int flash_write_page(usb_dev_handle *usb_handle, u32 offset, u8 *buf) {
char cmd[]={ 0x00, 0x00, 0x00, 0x00, 0x00 };
int ret;
cmd[0] = 0x65;
cmd[1] = (offset & 0xff);
cmd[2] = (offset >> 8) & 0xff;
cmd[3] = (offset >> 16) & 0xff;
cmd[4] = (offset >> 24) & 0xff;
ret = usb_bulk_write(usb_handle, WRITE_ENDPT, cmd, 5, USB_TIMEOUT);
if (ret != 5) return -1;
cmd[0] = 0x70;
ret = usb_bulk_write(usb_handle, WRITE_ENDPT, cmd, 5, USB_TIMEOUT);
if (ret != 5) return -1;
ret = usb_bulk_write(usb_handle, WRITE_ENDPT, (char*)buf, PAGE_SIZE, USB_TIMEOUT);
return ret;
}
int flash_read_page(usb_dev_handle *usb_handle, u32 offset, u8 *out) {
char cmd[]={ 0x72, 0x00, 0x00, 0x00, 0x00 };
int ret;
cmd[1] = (offset & 0xff);
cmd[2] = (offset >> 8) & 0xff;
cmd[3] = (offset >> 16) & 0xff;
cmd[4] = (offset >> 24) & 0xff;
memset(out, 0, PAGE_SIZE);
ret = usb_bulk_write(usb_handle, WRITE_ENDPT, cmd, 5, USB_TIMEOUT);
if (ret != 5) return -1;
ret = usb_bulk_read(usb_handle, READ_ENDPT, (char*)out, PAGE_SIZE, USB_TIMEOUT);
if (ret <= 0) return -1;
return ret;
}
int main (int argc,char *argv[]) {
FILE *fp;
struct usb_device *dev;
usb_dev_handle *devh;
u32 i;
u8 page_buf[PAGE_SIZE];
printf("\nARDSi Tool by blasty\n\n");
printf("Trying to locate the Action Replay DSi...\n");
dev = find_adapter(ADAPTER_VID, ADAPTER_PID);
if (dev == NULL) {
fprintf(stderr, "Not found!\n");
return 1;
}
devh = usb_open(dev);
printf("Found it!\n");
memset(page_buf, 0x00, PAGE_SIZE);
fp = fopen("ardsi_dump.bin", "wb");
for (i = 0; i < (1024 * 1024 *2); i += 0x1000) {
printf("flash_read_page[%08x/%08x]: %X\n", i, (1024*1024*2), flash_read_page(devh, i, page_buf));
fwrite(page_buf, 0x1000, 1, fp);
}
fclose(fp);
usb_close(devh);
return 0;
}
Use at your own risk .. should be fairly safe though write_page requires an unlock command (0x65) for every flash page.
And don't mock me about this code .. it was written in a hurry on a boring sunday