Page 14 of 16

Re: DSi unlaunch (bootcode exploit)

Posted: Wed Mar 11, 2020 1:33 am
by nocash
The unknown bootcode version error is shown when the retail/debug flag in SCFG_OP register doesn't match up with the expected corresponding retail/debug bootcode (on eMMC address 200h and up). Theoretically that should be working fine, and it should be also emulated okay in no$gba.
Ah, no. I forgot that most titles (all exploitable titles) do disable the SCFG registers, so SCFG_OP will always read as zero even on debug consoles. Hmmm, I guess I could simply accept either one of the two known bootcode versions (retail or debug) regardless of SCFG_OP what says.

Re: DSi unlaunch (bootcode exploit)

Posted: Wed Mar 18, 2020 12:07 pm
by Robz8
nocash wrote:
Thu Feb 27, 2020 10:46 am
Which homebrews are that? And are the binaries available for download somewhere?
Here's a Hello World example compiled.

Re: DSi unlaunch (bootcode exploit)

Posted: Sat Mar 21, 2020 4:14 am
by saturnu
Hi,

i tried installing unlaunch v2.0 and v1.9 on my EUR DSi with firmware 1.4.5E.
i'm using memory pit exploit to start hbmenu which is working great so far - i can load some emulators etc.
it's no problem to start the unlaunch installer from hbmenu, too. the installation runs through und says "installation complete".
if i powercycle the dsi after the unlaunch installation - it doesn't boot, both screens stay black.

my second try was to install unlaunch 2.0 in no$gba on my nand backup, the installation complets and after powercycle the no$gba is booting fine to the unlauch menu.
if i write back the modified nand to the dsi via hardmod, both screens stay black, too.

It's a Samsung KMAPF NAND

Has anyone an idea, what is going wrong? FAT-errors or is the path memory pit -> hbmenu -> unlaunch-installation correctly working at all?

have a nice weekend!

Re: DSi unlaunch (bootcode exploit)

Posted: Sat Mar 21, 2020 1:36 pm
by nocash
Firmware 1.4.5E and Samsung KMAPF are standard and should work without problems, I have that firmware and chipset myself.
There must be something else that is different and somehow uncommon, either the console, or external hardware.
If you haven't already tried, try removing the SD card and game cartridge.

Re: DSi unlaunch (bootcode exploit)

Posted: Sun Mar 22, 2020 3:16 am
by saturnu
Yes, i already tried removing the cartridge and sdcard. The sdcard was formated with the sdcard.org formating tool, 32kb cluster size and was checked for errors.

Re: DSi unlaunch (bootcode exploit)

Posted: Mon Mar 23, 2020 7:26 am
by Quaker
Hi i think the site of unlaunch is down i cant reach the site, it says This site can’t be reached problemkaputt.de took too long to respond. Help plz

Re: DSi unlaunch (bootcode exploit)

Posted: Tue Mar 24, 2020 5:37 pm
by nocash
saturnu wrote:
Sun Mar 22, 2020 3:16 am
Yes, i already tried removing the cartridge and sdcard. The sdcard was formated with the sdcard.org formating tool, 32kb cluster size and was checked for errors.
Hmmm, then I don't know what is wrong, I am not aware of anyone else having that problem.
The console does still work with unlaunch uninstalled?
There aren't any broken cables/connectors... browser and cameras are still working?
There isn't anything special with it, like a large sticker saying "special prototype hardware - not for release"?
Did you do any manual/partial firmware upgrades/downgrades? version 1.4.5E as such should work... but it could screw up if you have it mixed with an older wifi-firmware.
The bootcode should be same on all DSi models, so I think the exploit should work everywhere. If there is a problem in my own init code, you could try some older unlaunch versions (which had less init code).
Robz8 wrote:
Wed Mar 18, 2020 12:07 pm
Here's a Hello World example compiled.
Okay, I've tried. It doesn't work on my DSi via wifiboot either. But it's working on my NDS via wifiboot. So it seems to be somehow DSi related.
The Hello World is doing only three DSi register accesses (and DSi touchscreen reading, and either DSi or NDS SWI functions).
If it's related to those reads then it should be easy, to change/remove that reads and see if it's helping.
For the touchscreen, how does it detect whether to use NDS or DSi touchscreen mode?
And same for SWI functions in NDS or DSi mode?

One eye-catching detail is that the DSi ARM9 bootcode is loaded to 2000000h (for DSi titles, the official address would be 2004000h and up). But I don't think that it is harmful (it does ju
st wipe-out some system values that could be useful on next warmboot).

Re: DSi unlaunch (bootcode exploit)

Posted: Tue Mar 24, 2020 10:06 pm
by saturnu
hi nocash,

yes, if i reflash the nand everything is working. it's a normal retail console that i bought once in a local store as a new device.
i haven't made any modifications in the past and i have used it only a few hours, it's like brand new.
i'll give it a try with an older unlaunch version, v1.3 seems to be the first sable for fw v1.4.5.

Re: DSi unlaunch (bootcode exploit)

Posted: Wed Mar 25, 2020 1:15 pm
by saturnu
nocash wrote:
Tue Mar 24, 2020 5:37 pm
The bootcode should be same on all DSi models, so I think the exploit should work everywhere. If there is a problem in my own init code, you could try some older unlaunch versions (which had less init code).
i have installed unlaunch v1.3 and now it is working for me.
thanks for your support, you have been a big help. 8-)

Re: DSi unlaunch (bootcode exploit)

Posted: Wed Mar 25, 2020 2:04 pm
by nocash
Okay, fine. Glad that it's working.
Can you try the next newer versions, too?
It would be interesting to know which version stopped working.

Re: DSi unlaunch (bootcode exploit)

Posted: Thu Mar 26, 2020 10:22 am
by saturnu
oh man, i was so happy that it's working and now i have to brick it again? :shock:
ok i did it for science anway. it stops working with unlaunch v1.5.
is it interesting for you to look into the nand with the broken v1.5 installation? i dumped it - just in case.

tested - not working
v2.0
v1.9
v1.7
v1.5

working
v1.4
v1.3

Re: DSi unlaunch (bootcode exploit)

Posted: Sat Mar 28, 2020 4:37 pm
by Robz8
nocash wrote:
Tue Mar 24, 2020 5:37 pm
Okay, I've tried. It doesn't work on my DSi via wifiboot either. But it's working on my NDS via wifiboot. So it seems to be somehow DSi related.
The Hello World is doing only three DSi register accesses (and DSi touchscreen reading, and either DSi or NDS SWI functions).
If it's related to those reads then it should be easy, to change/remove that reads and see if it's helping.
For the touchscreen, how does it detect whether to use NDS or DSi touchscreen mode?
And same for SWI functions in NDS or DSi mode?

One eye-catching detail is that the DSi ARM9 bootcode is loaded to 2000000h (for DSi titles, the official address would be 2004000h and up). But I don't think that it is harmful (it does ju
st wipe-out some system values that could be useful on next warmboot).
Touch screen mode is detected by checking the touch screen mode bit in the DSi extended header.
As for DSi mode and it's functions, I assume it checks for the DSi BIOS, if it wants to use DSi SWI functions.

Re: DSi unlaunch (bootcode exploit)

Posted: Mon Apr 27, 2020 9:50 pm
by NightScript
Dear Mr NoCash.
While most of our users have successfully installed Unlaunch, a few users have reported a black screen brick after following the guide over at https://dsi.cfw.guide

Would you mind to please look into this? Thank you.
~NightScript

Re: DSi unlaunch (bootcode exploit)

Posted: Tue Apr 28, 2020 11:13 pm
by Robz8
Hello! I have suggestions for the Uninstallation screen.

After the part where it says that the console will become mostly useless, can you add that the console will still work?
Some people have thought that the uninstall feature will brick their console(s).

Also, since we now have another way to open the installer (e.g. Memory Pit), please change "flipnote" to "exploit".

Re: DSi unlaunch (bootcode exploit)

Posted: Sat May 09, 2020 8:40 am
by Mahn
As of 1.9 it's impossible to disable WiFi. Even if the setting is off in system settings, Unlaunch will always force it on on boot.