DSi unlaunch (bootcode exploit)

Discussion of development of software for any "obsolete" computer or video game system.
nocash
Posts: 1199
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Mon Aug 06, 2018 1:13 pm

I've tried loading unlaunch.dsi as bootthis.dsi a few more times. It doesn't completely hang for me. But there's something murky: Sometimes loading takes about 2-4 seconds longer than it should, and the installer is then randomly complaining about camera ID's being all FFh's, or the console being running in NDS mode, and/or the power-button-auto-reset not being working.

The problem seems to occur mostly when trying to install a different version than already installed (even if there are only a few bytes of code changed, but it works as soon as those same changes are applied to both the installer & already installed version). So it looks as if the loaded data is ignored, or as if cache isn't updated - ending up with newly loaded code mixed with old code in memory.

I haven't yet figured out what is wrong there. But unlaunch v1.2 seems to be quite unstable.
I've added a "don't use!" warning for that version on the webpage.
Apache Thunder wrote:As for my DS-X. I did post the rom image for it in a previous reply. You must have missed it.
Ah, the "_SD_TF_NDS_ASMA00.zip" file. Yup, I tried that... in no$gba it says something like "Loading..."
I guess that means that it tries to load data from the flashcart's (unemulated) internal sd-card storage.
edo9300 wrote:Yeah, i too was suspecting it was an hardware issue, now i'm asking myself if it's because of damaged components or some different chips of the ds. As for the firmware, i didn't do nothing of those things, i only installed unlaunch via flipnote and that's all, i didn't modify my nand in other ways. I could send pics of my console if needed
At the moment I suspect that I've screwed up something - so better wait before you try to desolder/repair your chips, they are probably all fine.

nocash
Posts: 1199
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Tue Aug 07, 2018 12:57 pm

Ugh, I think I've tracked down the unstable part: nds/dsi titles are started with cache disabled, and unlaunch is also doing that before starting other titles - the problem is that the disabled cache does still seem to hold old data even when in disabled state, and that old data will 'mysteriously' reappear once when the loaded title (re-)enables the cache. Instead of just disabling the cache, correct way to disable+kill the cache content should be:

Code: Select all

- clean data cache (writeback any write-buffered data from cache to actual memory)
- disable cache (while doing this, a few more bytes might get newly loaded into code+data caches)
- invalidate data+code caches (forget all cached data+code)
Without that, any kind of weird and not-so-funny effects can happen. One of the weirdest was arm9 hanging for about 10 minutes in a small memfill function (and then resuming normal execution after that 10 minutes). And the nastiest effects were those cases where everything seemed to work fine (making me think to have solved the issue a bunch of times - only to see the problem to reappear after making a few more unrelated code changes).

So, well, I hope I've now really fixed it. Will do a few more tests, and (if it keeps working), upload next version soon.
Last edited by nocash on Wed Aug 08, 2018 5:35 pm, edited 1 time in total.

Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 » Tue Aug 07, 2018 4:07 pm

nocash wrote:
Robz8 wrote:Found a bug when having homebrew named as "bootcode.dsi".
The power button doesn't work, if set to IRQ. It only works when setting it to Auto-Reset.
I don't recall the issue occurring in previous Unlaunch versions.
The last change to power button was in unlaunch v1.0 (switching it power-button-IRQ-mode) (the older versions had it set to power-button-auto-reset mode).
If IRQ mode doesn't work... maybe it does still have an old IRQ pending and refuses to issue a new IRQ until acknowledging the old one... by reading BPTWL register 10h? Or maybe the IRQ and pin-direction isn't configured in GPIO registers? Or something in IE2/IF2 registers?
Do you have a link to some homebrew title that shows the effect?
I believe all homebrew have this issue, including HiyaCFW (settings menu), DSiMenu++, and nesDS, which we're tested.

nocash
Posts: 1199
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Wed Aug 08, 2018 3:28 pm

New version: Unlaunch v1.3 - http://problemkaputt.de/unlaunch.htm
I hope I've got everything stable this time.

Code: Select all

v1.3 09 Aug 2018
 - forces disabled cache to be MADE EMPTY before starting loaded title
 - rearranged init sequence for loaded titles and added more cache flushes
 - moved scfg state from 380FFCX to 3FFFFCX, passes final state to loaded title
 - bugfix: skip wifi init by button Y (not button B, which is ROM cart loading)
 - checks for unknown cid/csd AFTER manually reading cid/csd from hardware

User avatar
Apache Thunder
Posts: 24
Joined: Tue Jul 24, 2018 6:28 pm

Re: DSi unlaunch (bootcode exploit)

Post by Apache Thunder » Wed Aug 08, 2018 3:58 pm

Looks like the wifi issue for carts is fixed. Still couldn't run installer from Unlaunch. Blackscreens. But maybe just due to 1.2's issues. Was able to install it from sudokuhax as boot.nds.


Tried to boot Launcher as bootcode.dsi. Still white screens. Though if I hold Y to prevent wifi init I can see Launcher gets far enough to init wifi (wifi led still comes on, but a bit later). Maybe hanging due to device table being at wrong place since Launcher is a bit different then other DSiWare.

nocash
Posts: 1199
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Wed Aug 08, 2018 5:33 pm

Apache Thunder wrote:Still couldn't run installer from Unlaunch. Blackscreens. But maybe just due to 1.2's issues. Was able to install it from sudokuhax as boot.nds.
Yes, that should be caused by the old v1.2 version, and the problem should be gone once when having v1.3 installed.
To get rid of v1.2:
Boot to normal firmware (via button A) and then use sudokuhax or flipnote to load the v1.3 installer (as you did).
Or, rename hbmenu or wifiboot or the like to bootcode.dsi, and then use that to load the v1.3 installer.
I guess at least one of that methods should work on all consoles.
Apache Thunder wrote:Tried to boot Launcher as bootcode.dsi. Still white screens. Though if I hold Y to prevent wifi init I can see Launcher gets far enough to init wifi (wifi led still comes on, but a bit later). Maybe hanging due to device table being at wrong place since Launcher is a bit different then other DSiWare.
Is the launcher using the incoming device list at all? I thought it would ignore the incoming list and instead create a device list on its own.
If v1.3 is working stable, then plans for next version would be adding some bootmenu to select different titles, without manually needing to rename titles to bootthis.dsi and then storing them on SD card (or SD-card image) in order to test them. That will make it easier to test/fix issues with launcher (or other titles).
Robz8 wrote:I believe all homebrew have this issue, including HiyaCFW (settings menu), DSiMenu++, and nesDS, which we're tested.
Hmmm, that seem to be all available only from those open source sites that are available only via https. I could try downloading them on another PC and then transfer them to my own computer... or is the power-button problem already fixed in v1.3?

User avatar
Apache Thunder
Posts: 24
Joined: Tue Jul 24, 2018 6:28 pm

Re: DSi unlaunch (bootcode exploit)

Post by Apache Thunder » Wed Aug 08, 2018 6:20 pm

Seems to maybe use the device list from stage2 initially. I tried to boot unmodified Launcher as well and it still white screens.

tepples
Posts: 21935
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by tepples » Wed Aug 08, 2018 7:39 pm

nocash wrote:Hmmm, that seem to be all available only from those open source sites that are available only via https. I could try downloading them on another PC and then transfer them to my own computer
What web browser are you using that can't browse HTTPS?

User avatar
Apache Thunder
Posts: 24
Joined: Tue Jul 24, 2018 6:28 pm

Re: DSi unlaunch (bootcode exploit)

Post by Apache Thunder » Wed Aug 08, 2018 7:56 pm

tepples wrote:What web browser are you using that can't browse HTTPS?

I believe his main computer is still on Windows 98. Browsers that still run on that OS don't support HTTPS anymore I think.

tepples
Posts: 21935
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by tepples » Wed Aug 08, 2018 9:25 pm

IE in Windows 98 reportedly has an experimental (at the time) option to enable TLS 1.0, though that won't help with shopping and financial sites that don't fall back to old TLS anymore.

User avatar
TmEE
Posts: 744
Joined: Wed Feb 13, 2008 9:10 am
Location: Estonia, Rapla city (50 and 60Hz compatible :P)
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by TmEE » Thu Aug 09, 2018 1:24 am

On my 9x machines I use RetroZilla for the sites that Opera can no longer open due to some security protocols related issue.

edo9300
Posts: 33
Joined: Wed Jul 25, 2018 6:34 am

Re: DSi unlaunch (bootcode exploit)

Post by edo9300 » Thu Aug 09, 2018 4:32 am

Weirdly enough... The 1,3 stil doesn't work :( at this point i think it's my ds

nocash
Posts: 1199
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Thu Aug 09, 2018 11:25 am

TmEE wrote:On my 9x machines I use RetroZilla for the sites that Opera can no longer open due to some security protocols related issue.
Thanks! I didn't knew that program. I thought Opera 10.53 was the newest browser working on win9x, but that's about 8-10 years old. Hmmm, downloading RetroZilla without https seems to be impossible ; ) okay, downloaded it on a laptop, and moved the installer to my PC...
It can access https gbatemp, but with the gbatemp java script adverts, it's endless slow, and the browser seems to have no option for disabling java script for certain webpages (it can only disable it for all webpages).
As for other https sites: Sourceforge bugs saying that the webpage is empty. And github uses a "not enabled" https security protocol (I am using the latest RetroZilla version from 2017, which is itself being hosted on github - meaning that RetroZilla is unable to browse to its own homepage).
RetroZilla doesn't seem to be of too much use at the moment : / but thanks for mentioning it! Maybe it'll be useful for some other webpage someday (or maybe it gets updated and works better in next version).
edo9300 wrote:Weirdly enough... The 1,3 stil doesn't work :( at this point i think it's my ds
The only thing not working for you is booting without sd-card inserted (or button A pressed), and then it hangs while displaying the unlaunch version number and attempting to load the original launcher, right?

I would assume that you have somehow lost your launcher ".app" file, or some other important system files. My guess would be about the issue from unlaunch v0.6, which could cause launcher to get deleted when accessing data managment, or dsi shop, or 3ds transfer tool - did you did that back then when v0.6 was out? Or did you try to upgrade/downgrade the firmware at some point after installing unlaunch?

If it's for one of the above reasons, then it could be repaired, and the same issue should also occur when testing in no$gba. Did you really test that, using a backup of your CURRENT emmc/nand, and renaming it to dsi-1.mmc, and using that in no$gba, with dsi mode enabled, and with the entrypoint set to BIOS mode, and then start some random dsi title? If yes, then you should see the unlaunch v1.3 screen, and then see the launcher (or it should hang in the unlaunch screen if the problem occurs in no$gba, too). If you just see the loaded game (without preceeding unlaunch and launcher screens), then you didn't test it properly.

Well, that are quite some steps, I am not sure if you really did all that stuff when testing - or if you had just tested a random game in no$gba, and then figured that "working game" is same as "working firmware image" (which isn't so).

For some general checks, you also dump your emmc, decrypt it with twltool, mount it, and then use scandisk to check for obvious errors, and check the launcher's content folder to see if it still has the .app and .tmd files, and the hwinfo files in other folders (gbatek has a list of files/folders that should be present, see the SD/MMC filesystem chapters).

XAYAH
Posts: 4
Joined: Thu Aug 09, 2018 12:57 pm

Re: DSi unlaunch (bootcode exploit)

Post by XAYAH » Thu Aug 09, 2018 1:02 pm

I've got an issue where the installer always says I've "discovered unknown camera chip IDs" when I go to install unlaunch. It says to check for a newer version, but I am already using 1.3. Does anyone know what is going on?
Attachments
image.jpg

edo9300
Posts: 33
Joined: Wed Jul 25, 2018 6:34 am

Re: DSi unlaunch (bootcode exploit)

Post by edo9300 » Thu Aug 09, 2018 1:42 pm

The only thing not working for you is booting without sd-card inserted (or button A pressed), and then it hangs while displaying the unlaunch version number and attempting to load the original launcher, right?

I would assume that you have somehow lost your launcher ".app" file, or some other important system files. My guess would be about the issue from unlaunch v0.6, which could cause launcher to get deleted when accessing data managment, or dsi shop, or 3ds transfer tool - did you did that back then when v0.6 was out? Or did you try to upgrade/downgrade the firmware at some point after installing unlaunch?

If it's for one of the above reasons, then it could be repaired, and the same issue should also occur when testing in no$gba. Did you really test that, using a backup of your CURRENT emmc/nand, and renaming it to dsi-1.mmc, and using that in no$gba, with dsi mode enabled, and with the entrypoint set to BIOS mode, and then start some random dsi title? If yes, then you should see the unlaunch v1.3 screen, and then see the launcher (or it should hang in the unlaunch screen if the problem occurs in no$gba, too). If you just see the loaded game (without preceeding unlaunch and launcher screens), then you didn't test it properly.

Well, that are quite some steps, I am not sure if you really did all that stuff when testing - or if you had just tested a random game in no$gba, and then figured that "working game" is same as "working firmware image" (which isn't so).

For some general checks, you also dump your emmc, decrypt it with twltool, mount it, and then use scandisk to check for obvious errors, and check the launcher's content folder to see if it still has the .app and .tmd files, and the hwinfo files in other folders (gbatek has a list of files/folders that should be present, see the SD/MMC filesystem chapters).
I first modded the dsi when the 0.9 version was out, even if i didn't install it because of the various issues and used the 0.8, later i tried installing the 0.9 and noticed it wasn't booting, after that i tried installing some older versions of unlaunch and i installed the 0.7 and the 0.6, and checked if they were working or not, the 0.6 did, but i then returned to the 0.8, i have 2 nand backups i'm testing with no$gba. The first from when i reported the issue in this forum and you told me to check (that backup had unlaunch 0.8 installed), the second when the 1.2 came out after it didn't boot (that had unlaunch 1.2 installed) on both the backups, both the 1.2 and 1.3 works. I installed the 1.3 on both the backups from no$gba. As for the files in the backup, they're there, both the app and title tmd, with the correct size.
Attachments
No$gba nand
No$gba nand

Post Reply