DSi unlaunch (bootcode exploit)
Re: DSi unlaunch (bootcode exploit)
I have this error when trying to install unlaunch 1.8: "You have discovered unknown old firmware version"
My dsi xl was on 1.4E. I used flipnote to install unlaunch 1.8. I had some problems with hiyacfw and decided to start everything form scratch. So i uninstalled unlaunch using the uninstall option. After that I updated the console to 1.4.5E. Also I deleted 2 brain training games from it's memory. Also the internet browser and nintendo dsi+ internet. Now If i try to install unlaunch again, I get that error.
My dsi xl was on 1.4E. I used flipnote to install unlaunch 1.8. I had some problems with hiyacfw and decided to start everything form scratch. So i uninstalled unlaunch using the uninstall option. After that I updated the console to 1.4.5E. Also I deleted 2 brain training games from it's memory. Also the internet browser and nintendo dsi+ internet. Now If i try to install unlaunch again, I get that error.
Re: DSi unlaunch (bootcode exploit)
That is odd. I had added that warning in unlaunch v1.5, hoping to find with people who have old firmware from 2008 (ie. firmware v1.2 or older). Mostly because I want to ask them if they have the same system files as later consoles (eg. font and wifi firmware).
What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.
Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.
But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?
---
Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.
Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.
But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?
---
Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
Re: DSi unlaunch (bootcode exploit)
I've used version 1.8 for install and uninstall. The thing is that i never set the date and the clock. But I've adjusted it now and I get the same error.nocash wrote:That is odd. I had added that warning in unlaunch v1.5, hoping to find with people who have old firmware from 2008 (ie. firmware v1.2 or older). Mostly because I want to ask them if they have the same system files as later consoles (eg. font and wifi firmware).
What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.
Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.
But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?
---
Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
PS: Most likely when I updated the console the date was set to 2008.
EDIT: I downgraded the console to 1.4 and then I updated again to 1.4.5E, but this time i set the correct date. Now unlaunch works. But if I choose launcher i have no sound in the menu. This happened before too.
EDIT2: My dsi compatible R4 doesn't start from unlaunch (black screen). It isn't recognized in unlaunch (instead of the name it shows some scrambled tiles). I need to go to launcher and start it from there. My cart: wi-fi R4i v5.0 3ds www.r4i-sdhc.com
- Apache Thunder
- Posts: 24
- Joined: Tue Jul 24, 2018 6:28 pm
Re: DSi unlaunch (bootcode exploit)
Ok got my DSI back. Tested 1.8 myself now (the reports about HIyaCFW Launcher not working was based on reports I was getting from others so hadn't tested that myself yet).
It's able to boot my prepatched Launcher SRL off SDMC (it just shows up in your file browser with the rest of the apps so didn't have to move it)
It's applying your patches ontop of the existing ones though (so no bootsplash/system menu music). But it otherwise appears to work! But only if I booted it from menu. BUT it seems to take a considerable amount of time. Maybe a full 30+ seconds? If I set it as the default boot option it just blackscreens (waited in excess of a minute to be sure. It never goes any further).
Now if there was a flag I could set in the header to tell Unlaunch to not patch it but still boot it like Launcher then this would replace the need of using a prepatched stage2 SRL. Part of the issue may be due to the existing patches baked into the SRL which may be slowing Unlaunch's loader down. Oh of coarse maybe still good idea to at least patch Launcher so that it doesn't delete it's own TMD (as I recall certain versions of Launcher did this?) in the event someone does boot a custom Launcher that doesn't have SD redirection applied to it.
Oh also I moved it to SD:\\Launcher.dsi and SD:\\Launcher.prv respectively and from the menu it was able to boot it from there too. (but again with Unlaunches patches stacked ontop of the existing patches)
As before it took 30+ seconds to boot. Almost thought it just got stuck. but it did eventually boot it.
EDIT: Tested altering the title ID of Launcher. It would load it immediately after I did this. But Launcher then just white screens. Looks like you can't mess with title ID of Launcher. It doesn't like that. It's not a modcrypt issue. I disabled modcrypt in the header and left it decrypted so I had nothing besides the header CRC to fix after I altered the TID. (that too could be slowing the loader down. It sees that it's launcher and then wastes time trying to decrypt it?)
EDIT2: Re-modcrypted it. This didn't change anything so modcrypt not causing the problem.
It's able to boot my prepatched Launcher SRL off SDMC (it just shows up in your file browser with the rest of the apps so didn't have to move it)
It's applying your patches ontop of the existing ones though (so no bootsplash/system menu music). But it otherwise appears to work! But only if I booted it from menu. BUT it seems to take a considerable amount of time. Maybe a full 30+ seconds? If I set it as the default boot option it just blackscreens (waited in excess of a minute to be sure. It never goes any further).
Now if there was a flag I could set in the header to tell Unlaunch to not patch it but still boot it like Launcher then this would replace the need of using a prepatched stage2 SRL. Part of the issue may be due to the existing patches baked into the SRL which may be slowing Unlaunch's loader down. Oh of coarse maybe still good idea to at least patch Launcher so that it doesn't delete it's own TMD (as I recall certain versions of Launcher did this?) in the event someone does boot a custom Launcher that doesn't have SD redirection applied to it.
Oh also I moved it to SD:\\Launcher.dsi and SD:\\Launcher.prv respectively and from the menu it was able to boot it from there too. (but again with Unlaunches patches stacked ontop of the existing patches)
As before it took 30+ seconds to boot. Almost thought it just got stuck. but it did eventually boot it.
EDIT: Tested altering the title ID of Launcher. It would load it immediately after I did this. But Launcher then just white screens. Looks like you can't mess with title ID of Launcher. It doesn't like that. It's not a modcrypt issue. I disabled modcrypt in the header and left it decrypted so I had nothing besides the header CRC to fix after I altered the TID. (that too could be slowing the loader down. It sees that it's launcher and then wastes time trying to decrypt it?)
EDIT2: Re-modcrypted it. This didn't change anything so modcrypt not causing the problem.
Re: DSi unlaunch (bootcode exploit)
Then breakpoint on "[2FFE230]?" or whatever you had changed, and patch the launcher code that uses that address.Apache Thunder wrote:EDIT: Tested altering the title ID of Launcher. It would load it immediately after I did this. But Launcher then just white screens. Looks like you can't mess with title ID of Launcher. It doesn't like that.
- Apache Thunder
- Posts: 24
- Joined: Tue Jul 24, 2018 6:28 pm
Re: DSi unlaunch (bootcode exploit)
It's been awhile since I've done any serious hex editing stuff. Don't think I know how to do that anymore.
Re: DSi unlaunch (bootcode exploit)
So I tried launching Pictochat in the Unlaunch menu, and I got the "Communication error" message.
I also tried DS Download Play, and while it seems to be working fine, it doesn't seem to find my DS console that's acting as a server.
Both of these issues also happen when launched via a homebrew launcher on a flashcard, or TWiLight Menu++ (as .nds files).
If you found a fix for those issues, can you show me the fix, so I can implement it to TWiLight Menu++?
I also tried DS Download Play, and while it seems to be working fine, it doesn't seem to find my DS console that's acting as a server.
Both of these issues also happen when launched via a homebrew launcher on a flashcard, or TWiLight Menu++ (as .nds files).
If you found a fix for those issues, can you show me the fix, so I can implement it to TWiLight Menu++?
Re: DSi unlaunch (bootcode exploit)
Oops, thanks! I've somehow missed noticing that bug. But, yeah, happens here, too.Robz8 wrote:So I tried launching Pictochat in the Unlaunch menu, and I got the "Communication error" message.
I haven't tested if it does help, but it might be due missing channel flags in [2FFFCFA]. I don't have that initialized, and DS Download Play is actually reading from there (and Pictochat maybe, too). It should be usually set to 1041h (channel ch1+7+13). No idea if that's valid for all countries though.
Re: DSi unlaunch (bootcode exploit)
That worked! Thanks!nocash wrote:Oops, thanks! I've somehow missed noticing that bug. But, yeah, happens here, too.Robz8 wrote:So I tried launching Pictochat in the Unlaunch menu, and I got the "Communication error" message.
I haven't tested if it does help, but it might be due missing channel flags in [2FFFCFA]. I don't have that initialized, and DS Download Play is actually reading from there (and Pictochat maybe, too). It should be usually set to 1041h (channel ch1+7+13). No idea if that's valid for all countries though.
Weird that the apps themselves don't set it though...
Re: DSi unlaunch (bootcode exploit)
I think I have exactly the same problem because of wrong dates during that process: I had Unlaunch v1.8 in 1.4, then I uninstalled it, I updated to 1.4.5 and now I cannot install it because of that same error.gorgyrip wrote:I've used version 1.8 for install and uninstall. The thing is that i never set the date and the clock. But I've adjusted it now and I get the same error.nocash wrote:That is odd. I had added that warning in unlaunch v1.5, hoping to find with people who have old firmware from 2008 (ie. firmware v1.2 or older). Mostly because I want to ask them if they have the same system files as later consoles (eg. font and wifi firmware).
What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.
Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.
But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?
---
Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
PS: Most likely when I updated the console the date was set to 2008.
EDIT: I downgraded the console to 1.4 and then I updated again to 1.4.5E, but this time i set the correct date. Now unlaunch works. But if I choose launcher i have no sound in the menu. This happened before too.
EDIT2: My dsi compatible R4 doesn't start from unlaunch (black screen). It isn't recognized in unlaunch (instead of the name it shows some scrambled tiles). I need to go to launcher and start it from there. My cart: wi-fi R4i v5.0 3ds http://www.r4i-sdhc.com
How could I downgrade an EUR DSi from 1.4.5E to 1.4? Is there any other way for fixing this and being able to install Unlaunch? Thanks!
Re: DSi unlaunch (bootcode exploit)
Someone is trying to install Unlaunch 1.8, and got the unknown old firmware version error.
Is there any information that should be given?
Note that the user has always been on 1.4.5E.
Is there any information that should be given?
Note that the user has always been on 1.4.5E.
- Apache Thunder
- Posts: 24
- Joined: Tue Jul 24, 2018 6:28 pm
Re: DSi unlaunch (bootcode exploit)
Me thinks using a database of md5/sha1's of all the known TMD files of the known Launcher versions would have been better for detecting "unknown" firmware versions then using file dates as that could be unreliable. If system does a system update with wrong clock setting, that could easily cause a false flag.
Re: DSi unlaunch (bootcode exploit)
I've recently got the directory tree for firmware v1.0J, interestingly, that firmware did have the file time/date stamps set to year 2000 (instead of 2008), whilst v1.4.5E is apparently often having them set to year 2008 (instead of 2012), so my warning message always fired on the wrong version only : ) but I can remove the warning now.
Some findings for v1.0J:
The whitelist is same as in v1.3U.
The v1.0J font file is same as usually, up to throughout v1.4.5E (same as everywhere else, except korea (and presumably china)).
For whatever reason, the Version Data file does exist twice: A v1.0J file (as expected), and a v0.1A file (apparently some relict from pre-release usa version). I am not sure how (or if) the console is knowing which file to use. The per-region gamecode for the launcher is found in HWINFO_S.dat. But for Version Data, the launcher seems to be just using whichever file it finds in the directory tree (perhaps simply using the folder that occurs first or last in the title directory).
The wifi firmware is 20h bytes smaller as in v1.3U, the only real difference seems to be in part 1.C (the bootstub code for reading the I2C EEPROM data; I haven't disassembled the v1.0J code, but I guess it's some small bugfix, or - the newer code does support EEPROMs with different sizes - maybe the old code did support only one EEPROM size).
The serial/barcode in HWINFO_S.dat starts with letters TJH for japan (probably with some variations on older/newer japanese DSi's, and japanese DSi XL's).
Oh, and unrelated:
Wifiboot is now supporting WPA and WPA2 using DSi-Wifi hardware, with faster transfers than NDS-Wifi.
See viewtopic.php?f=23&t=18065&start=30#p231672 for details.
Some findings for v1.0J:
The whitelist is same as in v1.3U.
The v1.0J font file is same as usually, up to throughout v1.4.5E (same as everywhere else, except korea (and presumably china)).
For whatever reason, the Version Data file does exist twice: A v1.0J file (as expected), and a v0.1A file (apparently some relict from pre-release usa version). I am not sure how (or if) the console is knowing which file to use. The per-region gamecode for the launcher is found in HWINFO_S.dat. But for Version Data, the launcher seems to be just using whichever file it finds in the directory tree (perhaps simply using the folder that occurs first or last in the title directory).
The wifi firmware is 20h bytes smaller as in v1.3U, the only real difference seems to be in part 1.C (the bootstub code for reading the I2C EEPROM data; I haven't disassembled the v1.0J code, but I guess it's some small bugfix, or - the newer code does support EEPROMs with different sizes - maybe the old code did support only one EEPROM size).
The serial/barcode in HWINFO_S.dat starts with letters TJH for japan (probably with some variations on older/newer japanese DSi's, and japanese DSi XL's).
Oh, and unrelated:
Wifiboot is now supporting WPA and WPA2 using DSi-Wifi hardware, with faster transfers than NDS-Wifi.
See viewtopic.php?f=23&t=18065&start=30#p231672 for details.
Re: DSi unlaunch (bootcode exploit)
I know it's unrelated, but please help me. I have an 1.4E dsi that gives me an error on every app (no, it's not the wifi module that it's damaged). Using a herdmod I have installed unlaunch. In unlaunch all the apps work, only the settings give an error, but only when i go to internet->connection settings and set a new connection. Is there a simple way to edit the menu launcher to ignore the wifi error so that all the apps will work? I'm guessing if the apps work in unlaunch, there must be a way to make them work in the system launcher.
Re: DSi unlaunch (bootcode exploit)
Might be wifi firmware related. The launcher boots up despite of wifi firmware errors - but refuses to start games if that error had occurred.
For DWM-W024 wifi boards you would need the newer wifi firmware revision, 00000002.app. But you should normally have that in v1.4.
If the bug occurred only after installing unlaunch, try uninstalling it, to see if that helps.
Or scandisk the decrypted emmc image, or compare the wifi firmware file against a redownloaded copy from nusdownloader, in case fat corruption had destroyed it.
For DWM-W024 wifi boards you would need the newer wifi firmware revision, 00000002.app. But you should normally have that in v1.4.
If the bug occurred only after installing unlaunch, try uninstalling it, to see if that helps.
Or scandisk the decrypted emmc image, or compare the wifi firmware file against a redownloaded copy from nusdownloader, in case fat corruption had destroyed it.