Homebrew TWLbf - a tool to brute force DSi Console ID or EMMC CID

[FR0ZN]

guys how do I get my ConsoleID? I have a metallic blue dsi 1.4.5E with flipnote and some other useless dsiware

https://gbatemp.net/threads/dsi-downgrading-the-complete-guide.393682

 

[Deleted User]

Burgundy DSi XL, USA
-----
Console ID: 08201XXXXXXXX1XX
All the other digits are in the 0-9 range.
EMMC CID: CC XX XX XX XX 03 4D 30 30 46 50 41 00 00 15 00
Photo of the EMMC chip.

I'll PM the whole ideal as well, as soon as I get all the data sorted out.

 

[Valery0p]

Hi @JimmyZ , thanks for your program, using this+rPi hardmod, you can hack essentially ANY dsi even the ones without a dsiware installed.

Ot: did you knew that the perfect signature, for the 3ds public release of sighax (boot9strap), was bruteforced ?without a bootrom dump?
Here there are some math and algorithms that, who knows, may be inspirational for your tool
https://sciresm.github.io/33-and-a-half-c3/math.html
https://github.com/Myriachan/sighax/commits/master
About b9s: https://sciresm.github.io/33-and-a-half-c3

 

[JimmyZ]

Burgundy DSi XL, USA
-----
Console ID: 08201XXXXXXXX1XX
All the other digits are in the 0-9 range.
EMMC CID: CC XX XX XX XX 03 4D 30 30 46 50 41 00 00 15 00
Photo of the EMMC chip.

I'll PM the whole ideal as well, as soon as I get all the data sorted out.

Thank you so much! our first EMMC chip photo! and special thanks for the PM.
BTW how do you get the photo so good?

Hi @JimmyZ , thanks for your program, using this+rPi hardmod, you can hack essentially ANY dsi even the ones without a dsiware installed.

Ot: did you knew that the perfect signature, for the 3ds public release of sighax (boot9strap), was bruteforced ?without a bootrom dump?
Here there are some math and algorithms that, who knows, may be inspirational for your tool
https://sciresm.github.io/33-and-a-half-c3/math.html
https://github.com/Myriachan/sighax/commits/master
About b9s: https://sciresm.github.io/33-and-a-half-c3

Thank you, although I've read that when it came out, this kind of document recommendation is very welcomed
BTW they use CUDA to brute RSA, I use OpenCL(I don't have a NVIDIA GPU card) to brute SHA1+AES, I'm not able to copy anything from them...
They need to brute 2^43 possibilities, let alone the big math involved with RSA, that's really impressive work.
My work is simpler by like twenty magnitudes, because of the discoveries by nocash we don't have to brute that many bits, and the hardest part is finding out how it's encrypted, which is also done by nocash already.

 

[leratrad]

Black DSi, USA
-----
Console ID: 08A18XXXXXXXX1XX
All the other digits are in the 0-9 range.
EMMC CID: BB XX XX XX XX 03 4D 30 30 46 50 41 00 00 15 00

 

[JimmyZ]

Black DSi, USA
-----
Console ID: 08A18XXXXXXXX1XX
All the other digits are in the 0-9 range.
EMMC CID: BB XX XX XX XX 03 4D 30 30 46 50 41 00 00 15 00

Thank you, now we NEED 08A17 to fill that gap in 08A1x range...

 

[JimmyZ]

Just made OpenCL Console ID brute working, as my test on HD7970, it's about 25x faster(12.4 seconds for 32bit) than Xeon E3-1230v2(single thread, 304 seconds).

But I know absolutely nothing about OpenCL optimize, so this is pretty much it.

BTW, if you run this version, your system will become very sluggish, I don't know how to limit this yet.

And if your GPU's fan doesn't hold well, you may face system crash, like that crappy R7-200 on my code machine, I have to black list it in the code.

 

[Deleted User]

Thank you so much! our first EMMC chip photo! and special thanks for the PM.
BTW how do you get the photo so good?

I guess the Nexus 5 has a better camera than I expected
I can try to get info from another DSi or two; one doesn't have any DSiWare, and thus requires a hardmod, and another I seem to have bricked while dropping it. (The bottom covering was off, and it fell right on the motherboard...)
At the very least, I can get some more pictures. I think I still have the Console ID from the bricked one somewhere...

 

[JimmyZ]

I guess the Nexus 5 has a better camera than I expected
I can try to get info from another DSi or two; one doesn't have any DSiWare, and thus requires a hardmod, and another I seem to have bricked while dropping it. (The bottom covering was off, and it fell right on the motherboard...)
At the very least, I can get some more pictures. I think I still have the Console ID from the bricked one somewhere...

Wow, the first one seems to be a nice test candidate for this tool

 

[Oleboy555]

DSi Metallic blue 1.4.5E

08201XXXXXXXX1XX

X's are 0-9

 

[Deleted User]

Wow, the first one seems to be a nice test candidate for this tool

Speaking of the first one...

Black DSi, USA
-----
Console ID: No DSiWare
EMMC CID: 3C XX XX XX XX 03 4D 30 30 46 50 41 00 00 15 00
Photo of the EMMC chip.

I definitely would try it out with this tool, but I'm terrible at soldering. There are a few people I know who can solder; perhaps I could contact them.

 

[Oleboy555]

Can the biggest loser USA run on a EUR dsi?

 

[Deleted User]

Can the biggest loser USA run on a EUR dsi?

No. You will need to purchase the EUR version of the Biggest Loser (if you don't have it already), and inject the appropriate save.

 

[Oleboy555]

No. You will need to purchase the EUR version of the Biggest Loser (if you don't have it already), and inject the appropriate save.

cant find a EUR version anywhere

 

[Deleted User]

cant find a EUR version anywhere

Then you'll either have to extract it with a Raspberry Pi (or something similar), or via fwTool.

 

[JimmyZ]

brCL binary posted on github

 

[nocash123]

The EUR version is called "Biggest Loser USA". The US version is just called "Biggest Loser"

 

[Oleboy555]

The EUR version is called "Biggest Loser USA". The US version is just called "Biggest Loser"

oh thanks! did not know that

 

[JimmyZ]

Added some test numbers and notes about different versions.

 

[Oleboy555]

DSi Metallic Blue, EUR
EMMC CID: 9C XX XX XX XX 03 4D 30 30 46 50 41 00 00 15 00