DSi unlaunch (bootcode exploit)

Discussion of development of software for any "obsolete" computer or video game system.
nocash
Posts: 1176
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Wed Mar 11, 2020 1:33 am

The unknown bootcode version error is shown when the retail/debug flag in SCFG_OP register doesn't match up with the expected corresponding retail/debug bootcode (on eMMC address 200h and up). Theoretically that should be working fine, and it should be also emulated okay in no$gba.
Ah, no. I forgot that most titles (all exploitable titles) do disable the SCFG registers, so SCFG_OP will always read as zero even on debug consoles. Hmmm, I guess I could simply accept either one of the two known bootcode versions (retail or debug) regardless of SCFG_OP what says.

Robz8
Posts: 12
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 » Wed Mar 18, 2020 12:07 pm

nocash wrote:
Thu Feb 27, 2020 10:46 am
Which homebrews are that? And are the binaries available for download somewhere?
Here's a Hello World example compiled.
Attachments
hello_world.zip
(79.68 KiB) Downloaded 18 times

User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu » Sat Mar 21, 2020 4:14 am

Hi,

i tried installing unlaunch v2.0 and v1.9 on my EUR DSi with firmware 1.4.5E.
i'm using memory pit exploit to start hbmenu which is working great so far - i can load some emulators etc.
it's no problem to start the unlaunch installer from hbmenu, too. the installation runs through und says "installation complete".
if i powercycle the dsi after the unlaunch installation - it doesn't boot, both screens stay black.

my second try was to install unlaunch 2.0 in no$gba on my nand backup, the installation complets and after powercycle the no$gba is booting fine to the unlauch menu.
if i write back the modified nand to the dsi via hardmod, both screens stay black, too.

It's a Samsung KMAPF NAND

Has anyone an idea, what is going wrong? FAT-errors or is the path memory pit -> hbmenu -> unlaunch-installation correctly working at all?

have a nice weekend!

nocash
Posts: 1176
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Sat Mar 21, 2020 1:36 pm

Firmware 1.4.5E and Samsung KMAPF are standard and should work without problems, I have that firmware and chipset myself.
There must be something else that is different and somehow uncommon, either the console, or external hardware.
If you haven't already tried, try removing the SD card and game cartridge.

User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu » Sun Mar 22, 2020 3:16 am

Yes, i already tried removing the cartridge and sdcard. The sdcard was formated with the sdcard.org formating tool, 32kb cluster size and was checked for errors.

Quaker
Posts: 1
Joined: Mon Mar 23, 2020 7:22 am

Re: DSi unlaunch (bootcode exploit)

Post by Quaker » Mon Mar 23, 2020 7:26 am

Hi i think the site of unlaunch is down i cant reach the site, it says This site can’t be reached problemkaputt.de took too long to respond. Help plz

nocash
Posts: 1176
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Tue Mar 24, 2020 5:37 pm

saturnu wrote:
Sun Mar 22, 2020 3:16 am
Yes, i already tried removing the cartridge and sdcard. The sdcard was formated with the sdcard.org formating tool, 32kb cluster size and was checked for errors.
Hmmm, then I don't know what is wrong, I am not aware of anyone else having that problem.
The console does still work with unlaunch uninstalled?
There aren't any broken cables/connectors... browser and cameras are still working?
There isn't anything special with it, like a large sticker saying "special prototype hardware - not for release"?
Did you do any manual/partial firmware upgrades/downgrades? version 1.4.5E as such should work... but it could screw up if you have it mixed with an older wifi-firmware.
The bootcode should be same on all DSi models, so I think the exploit should work everywhere. If there is a problem in my own init code, you could try some older unlaunch versions (which had less init code).
Robz8 wrote:
Wed Mar 18, 2020 12:07 pm
Here's a Hello World example compiled.
Okay, I've tried. It doesn't work on my DSi via wifiboot either. But it's working on my NDS via wifiboot. So it seems to be somehow DSi related.
The Hello World is doing only three DSi register accesses (and DSi touchscreen reading, and either DSi or NDS SWI functions).
If it's related to those reads then it should be easy, to change/remove that reads and see if it's helping.
For the touchscreen, how does it detect whether to use NDS or DSi touchscreen mode?
And same for SWI functions in NDS or DSi mode?

One eye-catching detail is that the DSi ARM9 bootcode is loaded to 2000000h (for DSi titles, the official address would be 2004000h and up). But I don't think that it is harmful (it does ju
st wipe-out some system values that could be useful on next warmboot).

User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu » Tue Mar 24, 2020 10:06 pm

hi nocash,

yes, if i reflash the nand everything is working. it's a normal retail console that i bought once in a local store as a new device.
i haven't made any modifications in the past and i have used it only a few hours, it's like brand new.
i'll give it a try with an older unlaunch version, v1.3 seems to be the first sable for fw v1.4.5.

User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu » Wed Mar 25, 2020 1:15 pm

nocash wrote:
Tue Mar 24, 2020 5:37 pm
The bootcode should be same on all DSi models, so I think the exploit should work everywhere. If there is a problem in my own init code, you could try some older unlaunch versions (which had less init code).
i have installed unlaunch v1.3 and now it is working for me.
thanks for your support, you have been a big help. 8-)

nocash
Posts: 1176
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: DSi unlaunch (bootcode exploit)

Post by nocash » Wed Mar 25, 2020 2:04 pm

Okay, fine. Glad that it's working.
Can you try the next newer versions, too?
It would be interesting to know which version stopped working.

User avatar
saturnu
Posts: 23
Joined: Wed Aug 05, 2015 2:22 pm

Re: DSi unlaunch (bootcode exploit)

Post by saturnu » Thu Mar 26, 2020 10:22 am

oh man, i was so happy that it's working and now i have to brick it again? :shock:
ok i did it for science anway. it stops working with unlaunch v1.5.
is it interesting for you to look into the nand with the broken v1.5 installation? i dumped it - just in case.

tested - not working
v2.0
v1.9
v1.7
v1.5

working
v1.4
v1.3

Robz8
Posts: 12
Joined: Sun Aug 05, 2018 12:52 pm

Re: DSi unlaunch (bootcode exploit)

Post by Robz8 » Sat Mar 28, 2020 4:37 pm

nocash wrote:
Tue Mar 24, 2020 5:37 pm
Okay, I've tried. It doesn't work on my DSi via wifiboot either. But it's working on my NDS via wifiboot. So it seems to be somehow DSi related.
The Hello World is doing only three DSi register accesses (and DSi touchscreen reading, and either DSi or NDS SWI functions).
If it's related to those reads then it should be easy, to change/remove that reads and see if it's helping.
For the touchscreen, how does it detect whether to use NDS or DSi touchscreen mode?
And same for SWI functions in NDS or DSi mode?

One eye-catching detail is that the DSi ARM9 bootcode is loaded to 2000000h (for DSi titles, the official address would be 2004000h and up). But I don't think that it is harmful (it does ju
st wipe-out some system values that could be useful on next warmboot).
Touch screen mode is detected by checking the touch screen mode bit in the DSi extended header.
As for DSi mode and it's functions, I assume it checks for the DSi BIOS, if it wants to use DSi SWI functions.

Post Reply