cant find a EUR version anywhere
yeah, I already ordered it and got it today, worked great! but because my dsi is a newer model I cannot install dsilink to run homebrew with it but I did retrieve my CID with itThe EUR version is called "The Biggest Loser USA" as it's based on the USA show, which was also renamed to differentiate it from the locally produced version (at least in the UK).
Sorry but I don't get it, if you're gonna do hardmod anyway, why are you getting the biggest loser? well of course you can get it if you want to, but ... if you hardmod, then it's trivial to use a proper SD/MMC reader like RPi to get EMMC CID, and if you don't have that, EMMC CID brute force exists just for that.yeah, I already ordered it and got it today, worked great! but because my dsi is a newer model I cannot install dsilink to run homebrew with it but I did retrieve my CID with it
well, it was only 2 euros so theres that, and I wanted to use it for dslink to load homebrew but sadly that didnt workSorry but I don't get it, if you're gonna do hardmod anyway, why are you getting the biggest loser? well of course you can get it if you want to, but ... if you hardmod, then it's trivial to use a proper SD/MMC reader like RPi to get EMMC CID, and if you don't have that, EMMC CID brute force exists just for that.
Well if it's only two euros then... it would be wonderful if dsilink still works,well, it was only 2 euros so theres that, and I wanted to use it for dslink to load homebrew but sadly that didnt work
I do not think this could stand as a question.Could we not bruteforce with some dsiware copied to SD?
$ ./twlbf_mbedtls console_id_bcd 08a1900000000100 ab00000000034d303046504100001500 001f 60464d5a71ec18d32ae80a762a08b045 000000000000000000000000000055aa
mbed TLS 2.6.0, AES-NI supported
testing 08a190???????1??
testing 08a191???????1??
testing 08a192???????1??
Decrypted Block (Before Subtract): 24cf39bb0e7cfb4b146c5eed9520cb54
Decrypted Block (After Subtract): 24cf39bb0e7cfb4b146c5eed9520cb35
Encrypted Block: 493f3eeb9f7f5f1504bb5e365db26310
got a hit: 08a1927016111108
Target sha1 hash: 24cf39bb0e7cfb4b146c5eed9520cb35
00000000
10000000
20000000
30000000
40000000
50000000
60000000
found cid:abd56e036c034d303046504100001500
1116.00 seconds
Wow, that's brilliant! why haven't I thought of that!
anyway, seriously, I'd love the ocl_brute.h file so I can compile bfCL and get it going
Thanks!Reporting my stuff,
ConsoleID: 08 20 46 77 12 10 21 39
eMMC CID: 6E 4C 18 E6 EE 32 57 37 31 36 35 4D 00 01 15 00
Console Type: Light Blue DSi U
First 512 bytes of the eMMC dump:
https://mega.nz/#!Jgdx2bBL!U-_8sfJ-W7HRlaoBXxWGN-FHU-hm3l2magScGVfHIbY
const u8 block_zero[16] = { 0x10, 0x63, 0xb2, 0x5d, 0x36, 0x5e, 0xbb, 0x04, 0x15, 0x5f, 0x7f, 0x9f, 0xeb, 0x3e, 0x3f, 0x49 }; //hardcoded for testing
u8 block_zero_rev[16];
byte_reverse_16(block_zero_rev, block_zero);
u8 new_enc[16];
u8 dec_data[16];
u8 enc_data[16];
xor_128(enc_data, ver, src);
u8 enc_rev[16];
byte_reverse_16(enc_rev, enc_data);
u16 new_offset = u16be(offset);
int succeed = 0;
if(bcd){
u64 start64 = (u64be(console_id_template) & 0xfffff00000000000ull) + 0x100;
for (u64 i = 0; (i <= 9ull << 40) && !succeed; i += 1ull << 40) {
printf("testing %06x???????1??\n", (u32)((start64 + i) >> 40));
for (u64 j = 0; (j <= 9ull << 36) && !succeed; j += 1ull << 36) {
for (u64 k = 0; (k <= 9ull << 32) && !succeed; k += 1ull << 32) {
for (u64 l = 0; (l <= 9ull << 28) && !succeed; l += 1ull << 28) {
for (u64 m = 0; (m <= 9ull << 24) && !succeed; m += 1ull << 24) {
for (u64 n = 0; (n <= 9ull << 20) && !succeed; n += 1ull << 20) {
for (u64 o = 0; (o <= 9ull << 16) && !succeed; o += 1ull << 16) {
for (u64 p = 0; (p <= 9ull << 12) && !succeed; p += 1ull << 12) {
for (u64 q = 0; (q <= 9ull << 4) && !succeed; q += 1ull << 4) {
for (u64 r = 0; (r <= 9ull) && !succeed; r += 1ull) {
u64 console_id = start64 + i + j + k + l + m + n + o + p + q + r;
u64 key[2];
dsi_make_key(key, console_id);
u8 key_reversed[16];
byte_reverse_16(key_reversed, (u8*)key);
//apparently you have to set both an encryption *and* decryption key?? (enc key must be set after decryption)
aes_128_ecb_set_key(key_reversed);
aes_128_ecb_decrypt_1(dec_data, enc_rev);
aes_128_ecb_set_dec_key(key_reversed);
//assume we'll be looking at block 0
dec_data[15] = dec_data[15] - new_offset;
//block 0 (decrypted) is all zeros from every console I've looked at.
//xor'ing something with zero has no change on the data
//so just encrypting the CID hash, it should match directly with block 0
aes_128_ecb_crypt_1(new_enc, dec_data);
++tested;
if(!memcmp(block_zero_rev, new_enc, 16))
{
printf("eMMC CID SHA1 Hash: ");
for(int s = 0; s < 16; s++)
printf("%02x", dec_data[s]);
printf("\n");
printf("Encrypted Block: ");
for(int s = 0; s < 16; s++)
printf("%02x", new_enc[s]);
printf("\n");
printf("got a hit: %08x%08x\n", (u32)(console_id >> 32), (u32)console_id);
succeed = 1;
break;
}
}
}
}
}
}
}
}
}
}
}
}