HackMii

Notes from inside your Wii

HackMii header image 2

DSiWare Exploit Sudokuhax Release

January 27th, 2011 by yellows8 · 88 Comments

Update: 28/01/2011 Nintendo removed Sudoku from the EUR/AU and USA DSi Shop. At the time of the USA Sudoku removal, there was 234 injection requests from the client software, and 1684 client software release archive downloads. The download/request ratio is large because there was several downloads per minute, while each user took several minutes to buy Sudoku and inject Sudokuhax, thus there was one injection request every couple minutes. Current download and injection stats are available here.

Update: 02/02/2011 USA Sudoku was removed from NUS, EUR Sudoku is still available on NUS but both aren’t available from any of the DSi Shop regions. None of the Sudoku regions were updated on NUS yet. And at this time when trying access the Sudoku page from DSi Shop “Account activity”, it displays an error saying this software was removed due to certain circumstances.

Update: 03/24/2011 USA Sudoku was updated and is now available on DSi shop again. EUR/AU Sudoku was not yet updated. On roughly 03/30/11, EUR/AU Sudoku was updated and is now available on DSi Shop. This update fixes all the Sudoku string bugs, and the game will check for Sudokuhax and delete it when detected. Sudokuhax is dead for this updated Sudoku version.

As you may remember we started looking at the DSi about two years ago. Despite some early attempts using savegame hacks for hybrid card games we eventually resorted to more complex attacks that involved soldering many wires to tiny points on the PCB to be able to trace and modify the RAM. However, doing this is not feasible for the average homebrew user so we used the knowledge we gained through these complicated attacks to get more information about the whole system which allowed us to experiment with DSiWare games in the end. We also learned how to create savegames so we can now do what we did three years ago with the Wii: Savegame hacks!

In early December we managed to get DSi mode code execution by exploiting the DSiWare application ‘Sudoku’ by EA. Sudoku is only available for regions USA and EUR/AU. Exploiting DSiWare is interesting because in DSi mode the DSi SD card slot is accessible, the whole 16MB RAM is available, and the CPU is clocked 2x higher than DS-mode. The max size of the embedded code that can be loaded directly via this exploit is limited so a small payload was needed to chain load to another application. Initially a wifi loader was used, but this was switched to load from the DSi SD card slot. The SD card loader boots /boot.nds from the SD card directly from Sudokuhax.

DSiWare exploits can’t access gamecard slot1, it’s likely that only launcher/sysmenu can access slot1. The main advantage of DSiWare exploits over hybrid card EEPROM savedata exploits is SD card access, *and* the exploit supports SDHC. :)

Usage of the exploit is described below:

  1. Export Sudoku to SD card via the data management menu.
  2. Sudokuhax will then be injected into the Sudoku application via client software. The client software uploads DSi-specific data from the Sudoku application to a web server, then injects the retrieved data into the Sudoku application.
  3. Copy the output binary to SD card with the same filename as the original.
  4. Copy Sudokuhax from SD card to “internal memory” via the data management menu.
  5. Launch Sudoku, then press button A or touch screen at the Sudoku title screen.
  6. Now boot.nds on SD card will be run.

The data uploaded by the client software includes the anonymous DSi-unique console ID, and other data required for modifying the Sudoku binary on SD card. This data is used for logging unique web server requests.

The client software is available here. The tracker for the client software and Sudokuhax is available here. Client software source code licensed under GNU GPLv2 is available here.

Tags: dsi

88 responses so far ↓

  • 1 corenting // Jan 27, 2011 at 11:38 am

    Yeah !!! Thanks TT !

  • 2 popoffka.myopenid.com/ // Jan 27, 2011 at 11:49 am

    Guys, that’s just awesome!
    I can already see frustrated faces of the guys who ordered the iEvo, lol :D
    Btw, if 3DS supports DSiWare, shouldn’t this exploit work on 3DS too?

  • 3 SifJar // Jan 27, 2011 at 11:50 am

    Fantastic work. I’m guessing the DSiWare game will just get pulled soon though, and replaced once the exploit is fixed :(

    Quick question: Does file system access work in homebrew? (e.g. can homebrew like loaders which need to access other files work?)

  • 4 oldtopman // Jan 27, 2011 at 11:51 am

    Thank you!
    This is just the thing I have been waiting for and hopefully I can get it this evening before it is pulled.

  • 5 Tweets that mention DSiWare Exploit Sudokuhax Release -- Topsy.com // Jan 27, 2011 at 11:57 am

    [...] This post was mentioned on Twitter by Daniel Peebles, Antoine Turmel, Antoine Turmel, ssɐquʞunɹp, Gareth Griffiths and others. Gareth Griffiths said: RT @bl4sty: Shortly after CycloDS' illegal iEvo software, Team Twiizers presents: Legit homebrew on DSi, at last! http://bit.ly/eA1VqK P … [...]

  • 6 yellows8 // Jan 27, 2011 at 12:22 pm

    SifJar: We’re working on a libnds patch for DSi sdmmc. SD card can’t be used with old homebrew via DLDI since the MMC bus is arm7 only, homebrew will need rebuilt with latest libnds once support is added.

    popoffka: Only if Nintendo doesn’t block it by then, and only on USA/EUR 3DS since Sudoku is USA/EUR only. But it’s likely(a guess) 3DS has a DSi-mode, where 3DS-only hw is disabled.

  • 7 RupeeClock // Jan 27, 2011 at 12:41 pm

    Fantastic work guys, this exploit was really easy to do, and now I’ve managed to test some homebrew.

    First I tried WordUp.nds, it’s a puzzle game.
    Didn’t work, it was stuck on the enable/disable highscore screen.
    Then I tried a version of NESDS with an injected NES rom, it just failed to boot.
    Next I tried Phidias, a painting homebrew. That would get to the canvas size option, but couldn’t get past it.
    Then I tried Pocket Physics, I was able to get into the main game in that, but then that’s when I realised, the touch screen wasn’t working!

    Weird huh? This exploit and the touch screen just don’t seem to agree! Button inputs work just fine though.

  • 8 yellows8 // Jan 27, 2011 at 12:51 pm

    RupeeClock:
    Current homebrew using FAT will not work, those will need recompiled with a future libnds. Touchscreen and audio will not work with old homebrew, those work fine with recent libnds.

  • 9 RupeeClock // Jan 27, 2011 at 1:00 pm

    Yes, I’m aware that FAT wouldn’t work, which is why I tried to use homebrew where FAT access could be avoided, although the touchscreen issue got in the way first.

    So recent libnds huh? I’ll have to try downloading something newer.

  • 10 RupeeClock // Jan 27, 2011 at 1:12 pm

    Well I did find a homebrew that works nicely from the SD slot, a little 3D tech demo called Multiview.
    http://nintendomax.com/viewtopic.php?p=34448

  • 11 windwakr // Jan 27, 2011 at 1:29 pm

    Am I reading this right? The important stuff is all done on your server?

    Are you trying to hide your methods to try and keep Nintendo from patching it?

  • 12 Crims0n // Jan 27, 2011 at 1:44 pm

    Awesome work guys, going install the old devkitpro toolchain once I’m off work and see what I can do.

  • 13 nitro2k01 // Jan 27, 2011 at 1:57 pm

    Big-N will patch the Sudoku binary in 3… 2… 1…

  • 14 ChuckBartowski // Jan 27, 2011 at 3:53 pm

    Twiizers FTW.

  • 15 DacoTaco // Jan 27, 2011 at 3:55 pm

    @nitro2k01 : to late lol. alot of us have the nds now and im sure the important ppl have more methods to get in aside from this & the hacks from wntrmute
    AND, im not sure if they’d do anything since they are earning money on this.
    and if they do; why not just delete the game? :)

  • 16 DacoTaco // Jan 27, 2011 at 4:13 pm

    *they = nintendo.
    should have said that

  • 17 TB // Jan 27, 2011 at 6:56 pm

    Thanks guys. Is it possible to track the progress of the sdmmc ndslib patch?

  • 18 Nintendo DS SudokuHaxx V1.0 Exploit by Team Twizzers « Revil Games // Jan 27, 2011 at 11:11 pm

    [...] modifying the Sudoku binary on SD card. This data is used for logging unique web server requests.Download Here AKPC_IDS += "2860,";Popularity: unranked [...]

  • 19 Nathan // Jan 28, 2011 at 8:19 am

    Please bring out a new exploit asap, because this game disappeared before I could return from buying Nintendo Points :(

  • 20 ramidavis // Jan 28, 2011 at 8:27 am

    Awesome, just awesome. Are there going to be other DSiWare hacks? Maybe hack something free, like the opera browser? Maybe now we can get DSiLinux :D

  • 21 Sektor // Jan 28, 2011 at 8:32 am

    It has been removed from the store. Everyone who got it in time, the value of your DSi just went up.

  • 22 yellows8 // Jan 28, 2011 at 8:38 am

    Yes it was removed from the EUR shop, it may still be available in USA at least for now, see DSiBrew news.

  • 23 j.zonneveld // Jan 28, 2011 at 9:53 am

    Hi Yellows8,

    Great work! Unfortunately, the game is in the U.S. removed too… Is it hard to port the exploit to antother game?

  • 24 Dave J Murphy » CycloDS iEvolution and DSiWare Sudoku Hack // Jan 28, 2011 at 11:12 am

    [...] Team Cyclops released the firmware and tools for their card YellowStar made an announcement over on hackmii.com of a DSiWare savegame exploit which allows us to boot code from the internal SD card on the DSi. [...]

  • 25 google.com/profiles/11… // Jan 28, 2011 at 12:01 pm

    This is ZazieLavender here to confirm that as of noon today, they removed that software from the DSI shop.

  • 26 DacoTaco // Jan 28, 2011 at 12:05 pm

    now its removed in both.
    have fun 200+ ppl who got it injected (me included). time to go for it

  • 27 Sudoku DSiWare exploit enables homebrew on DSi | BuyElectro.com // Jan 28, 2011 at 12:08 pm

    [...] Perhaps most exciting for homebrew developers, this breakthrough brings the DSi’s hardware upgrades (over the original DS) into play. “In DSi mode, the DSi SD card slot is accessible, the whole 16MB RAM is available, and the CPU is clocked 2x higher than DS-mode,” Twiizers notes in on post on HackMii. [...]

  • 28 Sudoku DSiWare exploit enables homebrew on DSi | MensaDad News // Jan 28, 2011 at 12:10 pm

    [...] Perhaps most exciting for homebrew developers, this breakthrough brings the DSi’s hardware upgrades (over the original DS) into play. “In DSi mode, the DSi SD card slot is accessible, the whole 16MB RAM is available, and the CPU is clocked 2x higher than DS-mode,” Twiizers notes in on post on HackMii. [...]

  • 29 yellows8 // Jan 28, 2011 at 12:38 pm

    TB: Support for DSi SD card was committed,(doesn’t work for SDHC AFAIK) you can track DSi changes by the DevKitPro svn logs and the libnds tracker patches.

    We’re working on another exploit. We tried to find vulns in the free DSiWare for ages but never found anything.

  • 30 DSi Mode Homebrew via Sudokuhaxx | Coburn's Domain // Jan 28, 2011 at 12:49 pm

    [...] More info can be seen at the source here. [...]

  • 31 electrical // Jan 28, 2011 at 1:48 pm

    May sound a bit silly, but is there a way for me to update any homebrew I already have so it works with this exploit?

  • 32 google.com/profiles/ev… // Jan 28, 2011 at 3:32 pm

    I’m so glad I bought Sudoku just in time :D
    I’m getting the new libnds files to try a few things.

    Little question though : in DSi mode, is the VRAM bigger on not ?

  • 33 yellows8 // Jan 28, 2011 at 3:35 pm

    electrical: You’d need to recompile open-source homebrew with latest libnds.

  • 34 Eon-Rider // Jan 28, 2011 at 3:53 pm

    The game was pulled from the Australian shop at around the same time as the European shop. I guess you guys don’t care since the two seem to be identical to each other but I think it’s worth updating the first sentence for completeness’ sake and to not get any Australian’s hopes up. :P

  • 35 yellows8 // Jan 28, 2011 at 6:46 pm

    windwakr: Yes, all crypto is done server-side.

    eviltroopa: VRAM is identical to DS.

  • 36 oldtopman // Jan 28, 2011 at 7:38 pm

    How portable is this exploit (to other games)?
    Also: Shouldn’t you be able to release a redistributable installer now? This will be legal because the Sudoku game won’t work, it will have been recompiled/edited/whatever to load your code.
    For you to get the keys, all you have to do is find the encryption key based off of the DSi Browser and then you can re-encrypt your exploited sudoku.
    I could just be speaking out of my ignorance though…

  • 37 winmaster // Jan 28, 2011 at 8:25 pm

    Wonderful, I’ve been waiting since launch day for something like this! Too bad Sudoku was removed by the time I read this.

    Just a suggestion though: If you make a new game exploit, don’t release it until after the 3DS, that way we may be able to have some homebrew on there too.

    Also, I just noticed that the crashable list of DSiWare you removed from DSiBrew is still in the archives.

    Finally, I have a question. If I read that post correctly, Slot-1 access is currently not possible. Will this be possible in the future?

    Great job guys. Reading this made my day.

  • 38 yellows8 // Jan 28, 2011 at 9:04 pm

    oldtopman: If you’re asking something like “can you make a injection app, which generates the the content key and encrypts the copyrighted .nds and sudokuhax”, then no. Tad(DSiWare exports) content crypto uses AES engine F(X^Y) where F is an unknown function implemented in AES engine, thus it can’t be de/encrypted on PCs.(linux/win32 etc) Also, we can’t do something like that without leaking a DSiWare .nds(however arm7i/arm9i bins would be still encrypted, decrypted bins are required for booting it) and it’s illegal to redistribute copyrighted software like that.

    winmaster: See comment #6, 3DS DSiWare probably would have 3DS-hw disabled. Thus there’s not much point in 3DS DSiWareHax for using 3DS-hw directly from the exploit. Slot1 access via DSiWareHax is impossible. Hw that is disabled can never be enabled again without a hard-reset.(power button etc)

  • 39 Segher // Jan 28, 2011 at 11:14 pm

    > *and* the exploit supports SDHC

    Is that a snipe at savezelda? Well played sir!

  • 40 yellows8 // Jan 28, 2011 at 11:21 pm

    Segher: Eh that wasn’t really aimed at savezelda.

  • 41 ron975 // Jan 29, 2011 at 11:16 am

    Will you guys be working on a new exploit?

  • 42 yellows8 // Jan 29, 2011 at 11:31 am

    ron975: I already answered that in comment #29.

  • 43 Techokami // Jan 29, 2011 at 2:06 pm

    Well, with how fast Nintendo pulled the affected game from its market, DSiWare-based exploits are going to be a hell of a lot harder. But hey, at least EA sold 200 more copies of this game in the span of a few hours, and Nintendo made a small commission from each one!

  • 44 ron975 // Jan 29, 2011 at 2:51 pm

    @yellows8

    So I assume it’s a DSiWare exploit?

  • 45 yellows8 // Jan 29, 2011 at 2:57 pm

    ron975, yes more DSiWareHax.

  • 46 winmaster // Jan 29, 2011 at 3:33 pm

    @yellows8 Thanks for answering my previous questions.

    Could a Homebrew Channel be made for the DSi? If so, is it possible to launch it without disabling Slot-1? (Maybe a system menu patch?)

    Also, I just thought DSiWareHax could be useful on the 3DS because some homebrew is better than no homebrew.

  • 47 yellows8 // Jan 29, 2011 at 4:15 pm

    winmaster: We currently are not aware of any title launching vulns that could allow a DSi HBC. And you can’t modify launcher/sysmenu or any title since the RSA signatures are verified on launching, the .nds itself is signed. I’m assuming that launcher disables slot1 automatically during title launching, regardless of bits in the header.
    Any specific reason why you want slot1 access?

  • 48 winmaster // Jan 29, 2011 at 6:06 pm

    I was hoping to be able to dump/restore savedata to game cards.

  • 49 Nathan // Jan 30, 2011 at 2:20 am

    What do you guys want to ultimately achieve with this?

  • 50 spinal_cord // Jan 30, 2011 at 6:49 am

    This might sound like a stupid question, but would it be possible for a DSi homebrew to switch to DS mode and allow loading older non-DSi homebrew? a lot of homebrew is now either abandoned (and closed source) or wont easily (or at all) compile with recent dkp builds.

  • 51 Zachary // Jan 30, 2011 at 8:06 am

    That’s pretty awesome, can’t wait until somebody makes it more accessible to noobs… like me.

  • 52 winmaster // Jan 30, 2011 at 9:36 am

    Thought: DSDownloadPlay must have slot1 access because Pokemon Black and White can use it to access your savedata on a Diamond/Pearl/Platinum card, so shouldn’t there theoretically be some way to launch a title without disabling slot1?

    BTW, everyone says that exploiting DSDownloadPlay is impossible, but I don’t think I’ve ever seen a reason why except for the fact that it would be DS mode, which is undesirable.

  • 53 yellows8 // Jan 30, 2011 at 11:16 am

    winmaster: Yes that does have slot1 access but it’s ds-mode so exploiting it is rather pointless. There’s no reason why dlplay second-stage wmb loaders couldn’t be exploited. I actually have an exploit for a WMB bin but releasing it doesn’t have much point for DSi-mode since WMB is DS-mode. I can’t legally release it if I wanted to: would need to redistribute the copyrighted JP DS Station WMB bin, and people would need to either setup a softAP or change their router SSID/WEP key.

    Zachary: What exactly do you mean? We’re working on more exploits, we can’t do much about Nintendo removing the targets so fast besides more hax.(Would be nice to exploit a popular DSiWare, presuming that Nintendo would care enough about profits to not remove it.)

    Nathan: Currently since we’re not aware of any vulns that could allow a DSi HBC, so just load full DSi-mode homebrew from SD card, which Sudokuhax already does.

  • 54 yellows8 // Jan 30, 2011 at 11:27 am

    spinal_cord: Only launcher/sysmenu can activate DS-mode, DSiWare exploits can’t access the registers for that since the titles’ arm7 crt0 disables access to those registers. Even if that was possible, the loaded homebrew couldn’t access SD card in ds-mode and would have to use flash card for FAT.

  • 55 SifJar // Jan 30, 2011 at 3:23 pm

    spinal_cord & yellows8: In addition to what yellows8 said, even if it were possible to switch to DS mode, surely a flash card couldn’t be used for FAT because slot-1 can’t be accessed once DSiWare has been launched? Or would that be negated by theoretical DS mode activation?

  • 56 yellows8 // Jan 30, 2011 at 3:31 pm

    SifJar: I’m assuming that slot1 hw disable is only for DSi-mode, after switching to DS-mode I’d assume that slot1 could be accessed regardless if slot1-access was disabled before activating DS-mode.

  • 57 RuinPf // Feb 1, 2011 at 8:45 am

    I try the Sudokuhax, but failed.

    py:
    $ python dsisavpatch.py 4B344445.bin inject.bin
    opening http://bootmii.org/dsiexploits/inject/upload.php
    ProtocolVer 1000 is good!
    trying /dsiexploits/inject/poll.php with hash as 46264e10fc342d05414473d58bab9ff71630cfa1
    bad times, we got 500 reply

    win32:
    >injectrawsav.exe 4B344445.bin
    injectrawsav v1.0
    Uploading data and retrieving bins from server…
    Error, server reply:
    Injection/resign failed. Perhaps you used an unsupported title input.

    I have US Region DSi and Sudoku.
    And I successed export Sudoku DSiWare.
    (4B344445.bin was exported to SD.)

    Might I have to do anything?

  • 58 yellows8 // Feb 1, 2011 at 9:17 am

    RuinPf: That’s the first I’ve heard of that fail, but apparently other people have been getting the same server decryption fail error since release day: there’s a total of 75 hits for that error. We’ll work on this elsewhere, send me an email to the address on here: http://dsibrew.org/wiki/DSiWare_VulnList

  • 59 igeek5 // Feb 1, 2011 at 6:54 pm

    just a question. i’m kinda new to all this, but is it possible to exploit other games in a similar manner? such as the web browser, or flipnote studio? what makes sudoku so special?

  • 60 yellows8 // Feb 2, 2011 at 12:17 am

    igeek5: Yeah we’re looking for more exploitable games. Sudoku had a savedata ASCII string buffer overflow. Flipnote uses UCS-2(UCS-2 isn’t exploitable) we haven’t found anything in flipnote and opera there’s nothing useful in savedata either. Basically we managed to exploit Sudoku not free titles because Sudoku used sprintf and strcpy, the free titles use UCS-2 for strings if anything.

  • 61 yellows8 // Feb 2, 2011 at 12:31 pm

    Nintendo removed the USA Sudoku TMD from the server, 404s: http://nus.cdn.t.shop.nintendowifi.net/ccs/download/000300044B344445/tmd

  • 62 getopenid.com/aj00200 // Feb 2, 2011 at 6:21 pm

    This is great news to hear. I started thinking that you gave up on the DSi. Sadly, I don’t have Soduku, but I think I know someone who does, so hopefully I will be able to try this out.

    Great work TT!

  • 63 Pachi-chan // Feb 9, 2011 at 3:50 pm

    I was browsing the DSi Shop today and I noticed several other EA titles on there.

    Considering that EA has already produced a title that was exploitable, why don’t we take a look at some of their other titles on the DSi Shop and see. I think I recall a Texas Hold ‘Em software there too or something like that. Not to mention there is other software in the 200 points section that is shovelware basically, and would likely be easy to exploit. I hope someone takes a look into that. XD

  • 64 yellows8 // Feb 9, 2011 at 8:15 pm

    Pachi-chan: You can help, read this: http://dsibrew.org/wiki/DSiWare_VulnList

  • 65 Pachi-chan // Feb 10, 2011 at 1:01 am

    You didn’t catch my intent proper, if I were skilled enough to test these vulns myself I would. :/

    However I don’t have skill to test them, and I likely wouldn’t know a vulnerability even if it slapped me in the face and raped me unless there were an already compiled program to plug the data into that plugs code in wherever it can and returns a visible “You found an exploit!” message. >_<

  • 66 Pachi-chan // Feb 10, 2011 at 1:03 am

    That’s why I made some suggestions, because aside from blindly editing that wiki page and adding titles I think should be tested, I’m only a smart end-user of this stuff. xD

  • 67 yellows8 // Feb 10, 2011 at 1:07 am

    Pachi: “If you know of DSiWare that has English-only string(high-scores, player name, high-scores that use username from system settings, etc) input, mention it on IRC EFNet #dsidev.” You’d only need to get some targets, we’d modify the tads(.bin files exported from data management) for you.

  • 68 dankboy // Mar 1, 2011 at 4:09 pm

    would it be posible to make sd card reader for the cyclods ievolution to load hackmii from as well, i have been looking for a homebrew app that reads sd slot in dsi mode to no avil

  • 69 yellows8 // Mar 4, 2011 at 2:03 pm

    dankboy: Hybrid cards can’t access DSi SD card.

  • 70 DsProjekts // Apr 28, 2011 at 6:29 am

    Hello, has anyone the unpatched sudoku by ea?
    When yes:
    Can anyone post it here or send me per email?
    dsprojektsteam@gmail.com

    Please!

    I search for it, but i couldnt found it!!

    Please

  • 71 Tux // Apr 30, 2011 at 12:53 pm

    Would it be possible to hack other WiiWare, like the ones included in Dsi XL ? Or even the photo channel (since pictures are in .bin format) ?

  • 72 yellows8 // Apr 30, 2011 at 9:14 pm

    DsProjekts: Exported DSiWare from data management are locked to the console it was exported from, attempting to copy someone else’s old Sudoku tad to your DSi will not work.(Tad header MAC address and tmd/srl console-unique keys would be different)

    Tux: Did you mean DSiWare? Other DSiWare can be exploited of course.(But I doubt the DSiWare which comes with XL is exploitable, not much in the saves for those) DSi photo app uses .jpg not .bin.(And no-one managed to crash the photo app either)

  • 73 DsProjekts // May 1, 2011 at 5:14 am

    yes i know, but i need it.
    please

  • 74 DsProjekts // May 1, 2011 at 5:15 am

    and probably it work on the 3Ds?

  • 75 yellows8 // May 1, 2011 at 11:08 pm

    DsProjekts: The only way to get you a vulnerable Sudoku tad would be to re-encrypt the console-unique encrypted sections, but we can’t do that with a web server. And we won’t do that manually either, just wait for other dsiwarehax.

    Yes other dsiwarehax should work on 3DS though in dsi-mode.(With eshop in late May) Transferring hax via the DSi->3DS system transfer should work, but if they changed the dsiware SD card export format/keys 3DS uses, hax couldn’t be injected that way for a long while.

  • 76 Patxinco // May 13, 2011 at 1:59 am

    I tried to copy Sudokuhaxx from SD to the internal memory of my DSi and no works with the new firmware v1.4.2 think is blocked…

  • 77 Tux // May 15, 2011 at 10:52 pm

    Hello, which ARM disassembler/reassembler did you use to hack Sudoku ?

  • 78 DsProjekts // May 16, 2011 at 8:20 am

    @yellow8
    ok, thanks

    but another question:
    have you or other people here the tmd file of the original sudoku game?

    i will downlaod the sudoku with nus downloader.

    i have redirected the nintendo server url to a local path.

    i have the original 00000001 and cetk file.
    but i need the original tmd file to decrypt it!

    please help me

  • 79 yellows8 // May 16, 2011 at 8:36 am

    Patxinco: Guess I have to RE settings more, afaict they didn’t change DSiWare sdcard import code much, but they did change a bunch of banner code.(not sure what for)

    Tux: I use arm-eabi-objdump.(I can’t afford IDA Pro, but I heard they aren’t really allowing individuals to get an IDA Pro license anymore either…)

    DsProjekts: You can’t redirect shop comms to download the old Sudoku, the tmd and ticket are downloaded via HTTPS. The cetk is not available on NUS.

  • 80 DsProjekts // May 16, 2011 at 8:50 am

    no, i have already the original 00000001 and cetf file, i have downlaodet it befor it wos removed.

    i have redirect the nintendo server url to a local directory and now nusd laod from my local directory.
    because i need nusd to decrypt dsiware, manuel it is not possible.

    but have anyone the OLD, ORIGINAL TMD file for sudokuhax and can upload it?

    sorry for my very bad english

  • 81 winmaster // May 17, 2011 at 5:31 pm

    @yellows8 I see on dsibrew that all future DSiWare HAXX will not work due to the System Menu’s refusal to import the save file. Is this true, and if so, how did Nintendo manage to do this?

  • 82 yellows8 // May 17, 2011 at 6:02 pm

    winmaster: It’s true, all DSiWareHax is dead with 1.4.2, details later.

    EDIT: Btw, it’s system settings(Data Management) which does DSiWare import from SD card, not launcher/sysmenu.

  • 83 winmaster // May 17, 2011 at 8:36 pm

    @yellows8 Thanks for the info. I thought the settings were a part of system menu.

  • 84 sean12345 // May 27, 2012 at 2:27 pm

    so, i updated my dsi to 1.4.4, so does this mean that there’s no hope for me to get homebrew on my dsi.
    and also, is there any possible way to get my dsi’s firmware back to 1.4.1?

  • 85 yellows8 // May 28, 2012 at 6:51 am

    Yeah once you update to 1.4.4 *all* means of DSi-mode code exec are dead unless you already had DSiWareHax prior to 1.4.2. With 1.4.2+ the only way to get DSiWareHax, is to solder your DSi to dump NAND, and extract dev.kp from it.

  • 86 rian2002 // May 31, 2012 at 11:32 am

    but how do you get sudoku on the dsi

  • 87 rian2002 // May 31, 2012 at 11:46 am

    i dont have enogh money to buy sudoku what now

  • 88 yellows8 // May 31, 2012 at 12:19 pm

    You can’t even use DSiWareHax anymore in the first place when you don’t have the required DSiWare.

You must log in to post a comment.