DSi bootrom dumped andnew exploit disclosed @37th CCC
- Thread starter syrusch
- Start date
- Views 5,597
- Replies 31
- Likes 7
What does Gericom's new project GCDTool (https://github.com/Gericom/GCDTool) used for?
Can we flash the GCD rom to a flashcard, and use a magnet to trigger ntrboot and load a firm on sdcard, like we do for 3DS?
Can we flash the GCD rom to a flashcard, and use a magnet to trigger ntrboot and load a firm on sdcard, like we do for 3DS?
Yes, you can!What does Gericom's new project GCDTool (https://github.com/Gericom/GCDTool) used for?
Can we flash the GCD rom to a flashcard, and use a magnet to trigger ntrboot and load a firm on sdcard, like we do for 3DS?
This fork of ntrboot_flasher_nds does just that, and should work on Ace3DS+, Acekard2i, and DSTT.
https://github.com/Epicpkmn11/ntrboot_flasher_nds/tree/twl
Next step would be to find a GCD ROM to use.
- Joined
- Oct 7, 2007
- Messages
- 4,461
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,890
- Country
Could try and use the bootloader SRL used with HiyaCFW as a source for building the GCD rom as a way to test things? (as they are basically patched arm binaries from stage2 section of nand) I imagine the arm binaries are similar to the ones on stage2 section of nand and I think the entry addresses used check out for this.
- Joined
- Sep 13, 2022
- Messages
- 7,369
- Trophies
- 3
- Location
- The Wired
- Website
- m4x1mumrez87.neocities.org
- XP
- 22,736
- Country
- Joined
- Oct 7, 2007
- Messages
- 4,461
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,890
- Country
That would be cool but I'm about 80% sure the blowfish key is hardcoded in the blob chip. It's not on nand last I checked....Unless the blob chip dynamically generates the blowfish key depending on the game code the main rom uses ...but I doubt that.Next future step: Get the N-Cards/DS Linker running ntrboot.
Is the GCD ROM something that was used in the factory to flash the console or something like that? I guess this is what @PoroCYon meant with the new exploits that were being discovered.
I also wanted to know if the ntrboot flasher for TWL works in "www.r4isdhc.com" carts, I did use those kind of flashcarts for 3DS ntrboot and they work just fine.
No idea.
It does not work for those carts, or any other Demon/timebomb flashcard, due to issues related to the blowfish.
Oh well, I wonder if the Ace3DS X is compatible, it seems like it's the card that is being offered right now by most sellers on sites like Aliexpress.
EDIT: It could be my fault for not finding the Ace3DS+, Aliexpress search sucks.
- Joined
- Oct 7, 2007
- Messages
- 4,461
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,890
- Country
On the subject of the demon timebomb carts. I found out how the blowfish is setup on mine. The 48 byte chunk starts at 0x1000 in the dump with the rest the exact spacing it would normally be if the entire rom was at 0x1000. (so the main blowfish is at 0x2000.
But there's another copy of the blowfish at 0x1F1000 where the header for the game is placed. (that one I'm unsure if it uses...probably does).
Not sure why it has two copies but you could try updating them both. I may attempt this myself. The test GCD should fit in the 0x1F1000 region without me having to worry about the arm7 binary since that is stored right next to the arm9 binary. I'd have to edit the header otherwise and that would be tricky to do since I'd have to resign it and I'm not setup for that currently. But you could give this ago on your end too and see if that works.
By the way the second copy of the blowfish looks like the setup the GCD uses. But the first copy at 0x1000 has some unrelated data in between the first 48 byte chunk and the rest instead of zero data...not sure what that other data is used for...
EDIT: Yep it worked. I have already let Robz know about this.
Last edited by Apache Thunder,
-
-
@
Psionic Roshambo:
I think Game streaming should work like this.... Local Hardware able the run the game fine, game engine and common assets stored locally, all FMV and music and textures could be streaming+1 -
-
@
Xdqwerty:
also @BigOnYa im making some progress on my gdevelop project, implemented various mechanics -
-
@
BigOnYa:
Or free government supplied high speed internet be nice also. Like Obama care. Xdqwerty that's cool, its time consuming but rewarding once done or playable, to see what you've made from scratch. Animations take forever, but worth it.+1 -
-
-
@
Xdqwerty:
@BigOnYa,+1
and the visual aspect of the game is quite crude (the sprite that looks best is that of the protagonist just because he is a stickman with sunglasses) -
@
BigOnYa:
There is a bullets behaviour you assign to your character, that makes the code easier, under "behaviours"
-
-
@
Xdqwerty:
i meant that when the character is pointing to the right, the bullets spawn where they should, but when he is on the right, they move to the right but the spawn point is incorrect
-
@
BigOnYa:
Itch.io has lots of free assets also. Under the bullets behavior tab, there is a "rotate bullets" option, can try that. Or in the code can try
- fire bullet Player.X(PlayerDirection) -
-
-
@
BigOnYa:
That's cool tho, I'm proud of you going back to it, not giving up. It is difficult at first to learn, but fun once you get the hang of it. I think I've watched every tutorial video there is, but I still struggle sometimes to get stuff to work right. But gotta keep trying dif things, and eventually you will get it right.+1
-
-
-
-
-
-
@
BigOnYa:
I live maybe 3 minutes from a Dairy Queen, so I would just go there for ice cream anything anyways. I usually get the Oreo Blizzard, or a Peanut Buster Parfait.
-
-
-
them