DSi unlaunch (bootcode exploit)

Discussion of development of software for any "obsolete" computer or video game system. See the WSdev wiki and ObscureDev wiki for more information on certain platforms.
gorgyrip
Posts: 58
Joined: Tue Jan 11, 2011 4:41 am

Re: DSi unlaunch (bootcode exploit)

Post by gorgyrip »

I have this error when trying to install unlaunch 1.8: "You have discovered unknown old firmware version"

My dsi xl was on 1.4E. I used flipnote to install unlaunch 1.8. I had some problems with hiyacfw and decided to start everything form scratch. So i uninstalled unlaunch using the uninstall option. After that I updated the console to 1.4.5E. Also I deleted 2 brain training games from it's memory. Also the internet browser and nintendo dsi+ internet. Now If i try to install unlaunch again, I get that error.
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

That is odd. I had added that warning in unlaunch v1.5, hoping to find with people who have old firmware from 2008 (ie. firmware v1.2 or older). Mostly because I want to ask them if they have the same system files as later consoles (eg. font and wifi firmware).

What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.

Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.

But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?

---

Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
gorgyrip
Posts: 58
Joined: Tue Jan 11, 2011 4:41 am

Re: DSi unlaunch (bootcode exploit)

Post by gorgyrip »

nocash wrote:That is odd. I had added that warning in unlaunch v1.5, hoping to find with people who have old firmware from 2008 (ie. firmware v1.2 or older). Mostly because I want to ask them if they have the same system files as later consoles (eg. font and wifi firmware).

What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.

Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.

But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?

---

Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
I've used version 1.8 for install and uninstall. The thing is that i never set the date and the clock. But I've adjusted it now and I get the same error.
PS: Most likely when I updated the console the date was set to 2008.
EDIT: I downgraded the console to 1.4 and then I updated again to 1.4.5E, but this time i set the correct date. Now unlaunch works. But if I choose launcher i have no sound in the menu. This happened before too.
EDIT2: My dsi compatible R4 doesn't start from unlaunch (black screen). It isn't recognized in unlaunch (instead of the name it shows some scrambled tiles). I need to go to launcher and start it from there. My cart: wi-fi R4i v5.0 3ds www.r4i-sdhc.com
User avatar
Apache Thunder
Posts: 24
Joined: Tue Jul 24, 2018 6:28 pm

Re: DSi unlaunch (bootcode exploit)

Post by Apache Thunder »

Ok got my DSI back. Tested 1.8 myself now (the reports about HIyaCFW Launcher not working was based on reports I was getting from others so hadn't tested that myself yet).

It's able to boot my prepatched Launcher SRL off SDMC (it just shows up in your file browser with the rest of the apps so didn't have to move it)

It's applying your patches ontop of the existing ones though (so no bootsplash/system menu music). But it otherwise appears to work! But only if I booted it from menu. BUT it seems to take a considerable amount of time. Maybe a full 30+ seconds? If I set it as the default boot option it just blackscreens (waited in excess of a minute to be sure. It never goes any further). :(

Now if there was a flag I could set in the header to tell Unlaunch to not patch it but still boot it like Launcher then this would replace the need of using a prepatched stage2 SRL. Part of the issue may be due to the existing patches baked into the SRL which may be slowing Unlaunch's loader down. Oh of coarse maybe still good idea to at least patch Launcher so that it doesn't delete it's own TMD (as I recall certain versions of Launcher did this?) in the event someone does boot a custom Launcher that doesn't have SD redirection applied to it.

Oh also I moved it to SD:\\Launcher.dsi and SD:\\Launcher.prv respectively and from the menu it was able to boot it from there too. (but again with Unlaunches patches stacked ontop of the existing patches)

As before it took 30+ seconds to boot. Almost thought it just got stuck. but it did eventually boot it.

EDIT: Tested altering the title ID of Launcher. It would load it immediately after I did this. But Launcher then just white screens. Looks like you can't mess with title ID of Launcher. It doesn't like that. It's not a modcrypt issue. I disabled modcrypt in the header and left it decrypted so I had nothing besides the header CRC to fix after I altered the TID. (that too could be slowing the loader down. It sees that it's launcher and then wastes time trying to decrypt it?)

EDIT2: Re-modcrypted it. This didn't change anything so modcrypt not causing the problem.
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

Apache Thunder wrote:EDIT: Tested altering the title ID of Launcher. It would load it immediately after I did this. But Launcher then just white screens. Looks like you can't mess with title ID of Launcher. It doesn't like that.
Then breakpoint on "[2FFE230]?" or whatever you had changed, and patch the launcher code that uses that address.
User avatar
Apache Thunder
Posts: 24
Joined: Tue Jul 24, 2018 6:28 pm

Re: DSi unlaunch (bootcode exploit)

Post by Apache Thunder »

It's been awhile since I've done any serious hex editing stuff. Don't think I know how to do that anymore. :(
Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 »

So I tried launching Pictochat in the Unlaunch menu, and I got the "Communication error" message.
I also tried DS Download Play, and while it seems to be working fine, it doesn't seem to find my DS console that's acting as a server.

Both of these issues also happen when launched via a homebrew launcher on a flashcard, or TWiLight Menu++ (as .nds files).

If you found a fix for those issues, can you show me the fix, so I can implement it to TWiLight Menu++?
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

Robz8 wrote:So I tried launching Pictochat in the Unlaunch menu, and I got the "Communication error" message.
Oops, thanks! I've somehow missed noticing that bug. But, yeah, happens here, too.
I haven't tested if it does help, but it might be due missing channel flags in [2FFFCFA]. I don't have that initialized, and DS Download Play is actually reading from there (and Pictochat maybe, too). It should be usually set to 1041h (channel ch1+7+13). No idea if that's valid for all countries though.
Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 »

nocash wrote:
Robz8 wrote:So I tried launching Pictochat in the Unlaunch menu, and I got the "Communication error" message.
Oops, thanks! I've somehow missed noticing that bug. But, yeah, happens here, too.
I haven't tested if it does help, but it might be due missing channel flags in [2FFFCFA]. I don't have that initialized, and DS Download Play is actually reading from there (and Pictochat maybe, too). It should be usually set to 1041h (channel ch1+7+13). No idea if that's valid for all countries though.
That worked! Thanks!
Weird that the apps themselves don't set it though...
Semas
Posts: 1
Joined: Thu Jan 03, 2019 9:37 am

Re: DSi unlaunch (bootcode exploit)

Post by Semas »

gorgyrip wrote:
nocash wrote:That is odd. I had added that warning in unlaunch v1.5, hoping to find with people who have old firmware from 2008 (ie. firmware v1.2 or older). Mostly because I want to ask them if they have the same system files as later consoles (eg. font and wifi firmware).

What I am doing is checking the file creation timestamp for the launcher's title.tmd file. If it's saying year 2008 then unlaunch is bugging you with the unknown firmware warning message.

Not sure why you get warning that on firmware v1.4.5E. Maybe your console did originally have v1.2E or older installed? And any later system update(s) did maintain the old file creation timestamp for title.tmd. I don't if that would happen - it would depend on if the update is "overwriting" the old .tmd file, or if it's "replacing" the old .tmd file.

But... you didn't get the warning with firmware v1.4E on the same console? Weird. Or did you use an older unlaunch version back then (ie. something older than unlaunch v1.5)?
EDIT: Stupid question. You said you used v1.8 for install+uninstall (and uninstall didn't even exist before v1.5).
Hmmm, maybe the battery backed realtime clock was somehow reset back to 2008 at time when installing v1.4.5E?

---

Well, I could try to detect older firmware versions via some other method. Best would be checking the version data file (but it's difficult to extract the data from there).
Or better: Does somebody HAVE dumped old firmware versions like v1.0J, and could answer a few questions about it?
Then I could just completely remove the warning about yet unknown firmwares : )
I've used version 1.8 for install and uninstall. The thing is that i never set the date and the clock. But I've adjusted it now and I get the same error.
PS: Most likely when I updated the console the date was set to 2008.
EDIT: I downgraded the console to 1.4 and then I updated again to 1.4.5E, but this time i set the correct date. Now unlaunch works. But if I choose launcher i have no sound in the menu. This happened before too.
EDIT2: My dsi compatible R4 doesn't start from unlaunch (black screen). It isn't recognized in unlaunch (instead of the name it shows some scrambled tiles). I need to go to launcher and start it from there. My cart: wi-fi R4i v5.0 3ds http://www.r4i-sdhc.com
I think I have exactly the same problem because of wrong dates during that process: I had Unlaunch v1.8 in 1.4, then I uninstalled it, I updated to 1.4.5 and now I cannot install it because of that same error.

How could I downgrade an EUR DSi from 1.4.5E to 1.4? Is there any other way for fixing this and being able to install Unlaunch? Thanks!
Robz8
Posts: 13
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 »

Someone is trying to install Unlaunch 1.8, and got the unknown old firmware version error.
Is there any information that should be given?

Note that the user has always been on 1.4.5E.
User avatar
Apache Thunder
Posts: 24
Joined: Tue Jul 24, 2018 6:28 pm

Re: DSi unlaunch (bootcode exploit)

Post by Apache Thunder »

Me thinks using a database of md5/sha1's of all the known TMD files of the known Launcher versions would have been better for detecting "unknown" firmware versions then using file dates as that could be unreliable. If system does a system update with wrong clock setting, that could easily cause a false flag. :(
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

I've recently got the directory tree for firmware v1.0J, interestingly, that firmware did have the file time/date stamps set to year 2000 (instead of 2008), whilst v1.4.5E is apparently often having them set to year 2008 (instead of 2012), so my warning message always fired on the wrong version only : ) but I can remove the warning now.

Some findings for v1.0J:

The whitelist is same as in v1.3U.

The v1.0J font file is same as usually, up to throughout v1.4.5E (same as everywhere else, except korea (and presumably china)).

For whatever reason, the Version Data file does exist twice: A v1.0J file (as expected), and a v0.1A file (apparently some relict from pre-release usa version). I am not sure how (or if) the console is knowing which file to use. The per-region gamecode for the launcher is found in HWINFO_S.dat. But for Version Data, the launcher seems to be just using whichever file it finds in the directory tree (perhaps simply using the folder that occurs first or last in the title directory).

The wifi firmware is 20h bytes smaller as in v1.3U, the only real difference seems to be in part 1.C (the bootstub code for reading the I2C EEPROM data; I haven't disassembled the v1.0J code, but I guess it's some small bugfix, or - the newer code does support EEPROMs with different sizes - maybe the old code did support only one EEPROM size).

The serial/barcode in HWINFO_S.dat starts with letters TJH for japan (probably with some variations on older/newer japanese DSi's, and japanese DSi XL's).

Oh, and unrelated:

Wifiboot is now supporting WPA and WPA2 using DSi-Wifi hardware, with faster transfers than NDS-Wifi.
See viewtopic.php?f=23&t=18065&start=30#p231672 for details.
gorgyrip
Posts: 58
Joined: Tue Jan 11, 2011 4:41 am

Re: DSi unlaunch (bootcode exploit)

Post by gorgyrip »

I know it's unrelated, but please help me. I have an 1.4E dsi that gives me an error on every app (no, it's not the wifi module that it's damaged). Using a herdmod I have installed unlaunch. In unlaunch all the apps work, only the settings give an error, but only when i go to internet->connection settings and set a new connection. Is there a simple way to edit the menu launcher to ignore the wifi error so that all the apps will work? I'm guessing if the apps work in unlaunch, there must be a way to make them work in the system launcher.
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash »

Might be wifi firmware related. The launcher boots up despite of wifi firmware errors - but refuses to start games if that error had occurred.
For DWM-W024 wifi boards you would need the newer wifi firmware revision, 00000002.app. But you should normally have that in v1.4.
If the bug occurred only after installing unlaunch, try uninstalling it, to see if that helps.
Or scandisk the decrypted emmc image, or compare the wifi firmware file against a redownloaded copy from nusdownloader, in case fat corruption had destroyed it.
Post Reply