As we probe deeper into the DSi, we come across some neat stuff. Scanlime got a new FPGA board from Sparkfun, which gives him more GPIOs and the ability to run them at the 1.8v necessary to properly talk to the RAM.
Scanlime's debugging setup with new FPGA
Sorting through the data we get from this setup is still a considerable challenge. Here’s a trace taken while the video camera is actually capturing video:
http://dl.getdropbox.com/u/1926728/dsi/camera-trace-20090914.raw.bz2
There’s some code for decoding this trace format in scanlime’s svn repo: http://svn.navi.cx/misc/trunk/nds/dsi/ram-tracer/decoder/
If you’d like to play along, see if you can distinguish between:
- Instruction fetches from RAM
- Reads/writes to RAM buffers (statically or dynamically allocated) by code running on either processor
- Reads/writes to control flags, used for e.g. synchronization between the ARM7 and ARM9
- DMA writes from the camera hardware to RAM of the video data
The video data makes up the vast majority of the data in this dump; if you’re working on homebrew code to talk to the camera, this might be helpful. For the rest of you — can you make a tool to visualize the data flows in these traces, or a tool to decode the video frames in scanlime’s dump?
There’s also a hidden message in the video =)
22 responses so far ↓
1 master5o1 // Sep 14, 2009 at 4:16 am
Sounds like someone is having fun π
2 pbsds // Sep 14, 2009 at 12:03 pm
WHOOT! One step close to dsi homebrew!
Awesome work! About the visualize tool:
i just started in python but only helloworld stadium so far but in a year im maybe able to help…
but by that time the dsi would already be cracked…
3 Ibrahim Awwal // Sep 14, 2009 at 1:40 pm
Awesome, if I have some time I will check this out. Is the camera I/O memory mapped, or what? Actually, I should probably read up on the DS’s architecture before attempting this.
4 Crims0n // Sep 14, 2009 at 3:05 pm
Great work, this is getting pretty exciting π
5 me.yahoo.com/thegamefrea… // Sep 14, 2009 at 3:15 pm
A challenge has been issued! If only I was more fluent in ARM… Still, great job getting so much done, and thanks for keeping us updated. ^_^
6 tardyp // Sep 14, 2009 at 3:21 pm
Here is the video extracted from the dma writes
http://tardyp.free.fr/dsi/output.avi
Thanks for the fun..
7 WiiGamin // Sep 14, 2009 at 3:34 pm
That’s cool! Hope you can get some good info, soon! BTW, I can’t open the video file. What program uses the .raw format? Maybe convert the format into something else?
8 djdynamite123 // Sep 14, 2009 at 3:41 pm
SquidMan hope you’re not first ya HackMii lover. π Interesting posts lately Bushing, you must be slacking from work, tut-tut!
9 jhurliman // Sep 14, 2009 at 9:23 pm
Oh I see your problem. All the wires are hanging out! You should send that to Nintendo to get it fixed.
10 Muzer // Sep 15, 2009 at 11:35 am
@WiiGamin: That’s because it’s not a video file π
It’s the dump of all of the data going into (and presumably coming out of) the RAM – since the video camera was in use at the time, this happens to contain a lot of video data, which tardyp seems to have decoded.
11 ifish // Sep 15, 2009 at 1:45 pm
good work bushing so it seems your wii work is slowing down to work on dsi which is good
12 Zack Fulpington // Sep 16, 2009 at 3:35 pm
Tardyp, are you sure that your Python script worked? When I open up your alarmingly small AVI in Notepad2, I see what I assume are headers than quite a few lines of “[= MPlayer junk data! =]”, which leads me to believe you mucked up. Try again?
13 ChuckBartowski // Sep 16, 2009 at 5:25 pm
Hey since were on the topic of dsi… when are you going to pick an icon for DSi Brew?
14 getopenid.com/aj00200 // Oct 13, 2009 at 1:57 pm
I’m off to learn ARM assembely.
Then decode it with a strange combo of Blitz3D (blitzbasic.com) and JavaScript.
15 pbsds // Oct 28, 2009 at 10:00 am
well i can view the video just fine.
16 dustinhayes93 // Nov 1, 2009 at 9:32 pm
Hey, hate to bump an old post but was just wondering if any new progress has been made? It has been a couple months since I last heard anything…
17 ambedrake // Nov 20, 2009 at 7:41 pm
Idea : As Nintendo is coming out with more and more updates to stop homebrew I thought of this. (I am a network tech. so networking is always my first thought lol.) Theoretically couldnt one create an Ad-Hoc or Mini Network in which the router or NIC addresses the IP as the address of the Nintendo Update server and get information in this way. If one can emulate an update server one could potentially gain information from the DSi and possibly create an access point to create a CFW and/or Downgrade capability.
18 ambedrake // Nov 20, 2009 at 8:02 pm
Oh and on that not, one could also get the server information needed by running WIRE SHARK (Home edition is free to use) to capture the packets and analyze the information used in the transmission.
19 ambedrake // Nov 20, 2009 at 8:29 pm
@ChuckBartowski
Take a look at this I would be happy to make graphics for this sites creators as the information here has been useful to me since I found it quite some time back XD.
Picture Link :
http://fc01.deviantart.net/fs50/f/2009/324/1/4/iBREW_by_ambedrake.png
20 MuNk // Feb 3, 2010 at 1:11 pm
Wish i had the knowlage to dump memory etc.. like this myself. keep up the good work. =]
21 taw // Feb 20, 2010 at 11:21 am
Me too… I’`m new to programming in VB. I know nothing else
22 Lugaidster // Apr 23, 2010 at 6:55 pm
I know it’s been a while since this post but I have a question.
I’ve been playing with dump and I identified a large amount of writes to a series of contiguous addresses of 128 words (16-bits) that I assume are from the camera. The thing is that unless the addresses provided in the dump are word addresses instead of byte addresses then they overlap. So is there a chance that they are word-addresses?
Regards,
Albert
You must log in to post a comment.