DSi unlaunch (bootcode exploit)

Discussion of development of software for any "obsolete" computer or video game system. See the WSdev wiki and ObscureDev wiki for more information on certain platforms.
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

The unknown bootcode version error is shown when the retail/debug flag in SCFG_OP register doesn't match up with the expected corresponding retail/debug bootcode (on eMMC address 200h and up). Theoretically that should be working fine, and it should be also emulated okay in no$gba.
Ah, no. I forgot that most titles (all exploitable titles) do disable the SCFG registers, so SCFG_OP will always read as zero even on debug consoles. Hmmm, I guess I could simply accept either one of the two known bootcode versions (retail or debug) regardless of SCFG_OP what says.
homepage - patreon - you can think of a bit as a bottle that is either half full or half empty
Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 »

nocash wrote: Thu Feb 27, 2020 10:46 am Which homebrews are that? And are the binaries available for download somewhere?
Here's a Hello World example compiled.
Attachments
hello_world.zip
(79.68 KiB) Downloaded 260 times
User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu »

Hi,

i tried installing unlaunch v2.0 and v1.9 on my EUR DSi with firmware 1.4.5E.
i'm using memory pit exploit to start hbmenu which is working great so far - i can load some emulators etc.
it's no problem to start the unlaunch installer from hbmenu, too. the installation runs through und says "installation complete".
if i powercycle the dsi after the unlaunch installation - it doesn't boot, both screens stay black.

my second try was to install unlaunch 2.0 in no$gba on my nand backup, the installation complets and after powercycle the no$gba is booting fine to the unlauch menu.
if i write back the modified nand to the dsi via hardmod, both screens stay black, too.

It's a Samsung KMAPF NAND

Has anyone an idea, what is going wrong? FAT-errors or is the path memory pit -> hbmenu -> unlaunch-installation correctly working at all?

have a nice weekend!
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

Firmware 1.4.5E and Samsung KMAPF are standard and should work without problems, I have that firmware and chipset myself.
There must be something else that is different and somehow uncommon, either the console, or external hardware.
If you haven't already tried, try removing the SD card and game cartridge.
homepage - patreon - you can think of a bit as a bottle that is either half full or half empty
User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu »

Yes, i already tried removing the cartridge and sdcard. The sdcard was formated with the sdcard.org formating tool, 32kb cluster size and was checked for errors.
Quaker
Posts: 1
Joined: Mon Mar 23, 2020 7:22 am

Re: DSi unlaunch (bootcode exploit)

Post by Quaker »

Hi i think the site of unlaunch is down i cant reach the site, it says This site can’t be reached problemkaputt.de took too long to respond. Help plz
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

saturnu wrote: Sun Mar 22, 2020 3:16 am Yes, i already tried removing the cartridge and sdcard. The sdcard was formated with the sdcard.org formating tool, 32kb cluster size and was checked for errors.
Hmmm, then I don't know what is wrong, I am not aware of anyone else having that problem.
The console does still work with unlaunch uninstalled?
There aren't any broken cables/connectors... browser and cameras are still working?
There isn't anything special with it, like a large sticker saying "special prototype hardware - not for release"?
Did you do any manual/partial firmware upgrades/downgrades? version 1.4.5E as such should work... but it could screw up if you have it mixed with an older wifi-firmware.
The bootcode should be same on all DSi models, so I think the exploit should work everywhere. If there is a problem in my own init code, you could try some older unlaunch versions (which had less init code).
Robz8 wrote: Wed Mar 18, 2020 12:07 pm Here's a Hello World example compiled.
Okay, I've tried. It doesn't work on my DSi via wifiboot either. But it's working on my NDS via wifiboot. So it seems to be somehow DSi related.
The Hello World is doing only three DSi register accesses (and DSi touchscreen reading, and either DSi or NDS SWI functions).
If it's related to those reads then it should be easy, to change/remove that reads and see if it's helping.
For the touchscreen, how does it detect whether to use NDS or DSi touchscreen mode?
And same for SWI functions in NDS or DSi mode?

One eye-catching detail is that the DSi ARM9 bootcode is loaded to 2000000h (for DSi titles, the official address would be 2004000h and up). But I don't think that it is harmful (it does ju
st wipe-out some system values that could be useful on next warmboot).
homepage - patreon - you can think of a bit as a bottle that is either half full or half empty
User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu »

hi nocash,

yes, if i reflash the nand everything is working. it's a normal retail console that i bought once in a local store as a new device.
i haven't made any modifications in the past and i have used it only a few hours, it's like brand new.
i'll give it a try with an older unlaunch version, v1.3 seems to be the first sable for fw v1.4.5.
User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu »

nocash wrote: Tue Mar 24, 2020 5:37 pm The bootcode should be same on all DSi models, so I think the exploit should work everywhere. If there is a problem in my own init code, you could try some older unlaunch versions (which had less init code).
i have installed unlaunch v1.3 and now it is working for me.
thanks for your support, you have been a big help. 8-)
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

Okay, fine. Glad that it's working.
Can you try the next newer versions, too?
It would be interesting to know which version stopped working.
homepage - patreon - you can think of a bit as a bottle that is either half full or half empty
User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu »

oh man, i was so happy that it's working and now i have to brick it again? :shock:
ok i did it for science anway. it stops working with unlaunch v1.5.
is it interesting for you to look into the nand with the broken v1.5 installation? i dumped it - just in case.

tested - not working
v2.0
v1.9
v1.7
v1.5

working
v1.4
v1.3
Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 »

nocash wrote: Tue Mar 24, 2020 5:37 pm Okay, I've tried. It doesn't work on my DSi via wifiboot either. But it's working on my NDS via wifiboot. So it seems to be somehow DSi related.
The Hello World is doing only three DSi register accesses (and DSi touchscreen reading, and either DSi or NDS SWI functions).
If it's related to those reads then it should be easy, to change/remove that reads and see if it's helping.
For the touchscreen, how does it detect whether to use NDS or DSi touchscreen mode?
And same for SWI functions in NDS or DSi mode?

One eye-catching detail is that the DSi ARM9 bootcode is loaded to 2000000h (for DSi titles, the official address would be 2004000h and up). But I don't think that it is harmful (it does ju
st wipe-out some system values that could be useful on next warmboot).
Touch screen mode is detected by checking the touch screen mode bit in the DSi extended header.
As for DSi mode and it's functions, I assume it checks for the DSi BIOS, if it wants to use DSi SWI functions.
NightScript
Posts: 3
Joined: Mon Apr 27, 2020 9:46 pm

Re: DSi unlaunch (bootcode exploit)

Post by NightScript »

Dear Mr NoCash.
While most of our users have successfully installed Unlaunch, a few users have reported a black screen brick after following the guide over at https://dsi.cfw.guide

Would you mind to please look into this? Thank you.
~NightScript
Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 »

Hello! I have suggestions for the Uninstallation screen.

After the part where it says that the console will become mostly useless, can you add that the console will still work?
Some people have thought that the uninstall feature will brick their console(s).

Also, since we now have another way to open the installer (e.g. Memory Pit), please change "flipnote" to "exploit".
Mahn
Posts: 4
Joined: Sat May 09, 2020 8:32 am

Re: DSi unlaunch (bootcode exploit)

Post by Mahn »

As of 1.9 it's impossible to disable WiFi. Even if the setting is off in system settings, Unlaunch will always force it on on boot.
Post Reply