https://dsibrew.org/w/api.php?action=feedcontributions&user=Svpe&feedformat=atomDSiBrew - User contributions [en]2024-03-29T10:48:39ZUser contributionsMediaWiki 1.35.8https://dsibrew.org/w/index.php?title=FAQ&diff=3447FAQ2011-02-03T20:08:12Z<p>Svpe: </p>
<hr />
<div>'''Frequently asked questions are here.'''<br />
<br />
'''Q:''' What is the purpose of this project?<br />
<br />
'''A:''' Getting unsigned "homebrew" code running on the Nintendo DSi in native DSi mode.<br />
<br />
<br />
'''Q:''' Any progress?<br />
<br />
'''A:''' The Dsi Common key has been found! Now we can decrypt Dsi specific code. And [[Team Twiizers]] has managed to execute some form of unsigned code by directing the save file area of a DSi-mode game to an Arudino chip. This will lead to further - and easier to replicate - exploits, such as [[Sudokuhax]].<br />
<br />
<br />
'''Q:''' What is the purpose of running "homebrew" code on the Nintendo DSi?<br />
<br />
'''A:''' The Nintendo DSi is a decently powerful system that has a SD slot, 2 cameras on it and a touch screen all in a portable system great for homebrew.<br />
<br />
<br />
'''Q:''' Why not just rely on already available flash carts for homebrew?<br />
<br />
'''A:''' The goal here is to run our own code via a software exploit, not a hardware one. Also, some flash carts have a bad reputation. Finally, current flash carts only allow you to run DS-native homebrew, with no DSi features (such as the cameras) or increased processing power being available. Also, SD Cards for the DSi are cheaper than flash carts.<br />
<br />
<br />
'''Q:''' How can we know DSiware title code?<br />
<br />
'''A:''' If you mean title IDs, see the title list. If you want to download DSiWare from NUS, you can't without the ticket which isn't available on NUS.<br />
<br />
<br />
'''Q:''' What is FATFS? /PXI<br />
<br />
'''A:''' PXI is the TWL SDK inter-processor communication system over the FIFO. FATFS is the TWL SDK Arm7 FAT interface for NAND, SD, etc.<br />
<br />
<br />
'''Q:''' How does Team Twiizers dump dsiware?<br />
<br />
'''A:''' Magic.</div>Svpehttps://dsibrew.org/w/index.php?title=FAQ&diff=3446FAQ2011-02-03T20:07:48Z<p>Svpe: </p>
<hr />
<div>'''Frequently asked questions are here.'''<br />
<br />
'''Q:''' What is the purpose of this project?<br />
<br />
'''A:''' Getting unsigned "homebrew" code running on the Nintendo DSi in native DSi mode.<br />
<br />
<br />
'''Q:''' Any progress?<br />
<br />
'''A:''' The Dsi Common key has been found! Now we can decrypt Dsi specific code. And [[Team Twiizers]] has managed to execute some form of unsigned code by directing the save file area of a DSi-mode game to an Arudino chip. This will lead to further - and easier to replicate - exploits, such as [[Sudokuhax]].<br />
<br />
<br />
'''Q:''' What is the purpose of running "homebrew" code on the Nintendo DSi?<br />
<br />
'''A:''' The Nintendo DSi is a decently powerful system that has a SD slot, 2 cameras on it and a touch screen all in a portable system great for homebrew.<br />
<br />
<br />
'''Q:''' Why not just rely on already available flash carts for homebrew?<br />
<br />
'''A:''' The goal here is to run our own code via a software exploit, not a hardware one. Also, some flash carts have a bad reputation. Finally, current flash carts only allow you to run DS-native homebrew, with no DSi features (such as the cameras) or increased processing power being available. Also, SD Cards for the DSi are cheaper than flash carts.<br />
<br />
<br />
'''Q:''' How can we know DSiware title code?<br />
<br />
'''A:''' If you mean title IDs, see the title list. If you want to download DSiWare from NUS, you can't without the ticket which isn't available on NUS.<br />
<br />
<br />
'''Q:''' What is FATFS? /PXI<br />
<br />
'''A:''' PXI is the TWL SDK inter-processor communication system over the FIFO. FATFS is the TWL SDK Arm7 FAT interface for NAND, SD, etc.<br />
<br />
<br />
'''Q:''' How does Team Twiizers dump dsiware?<br />
<br />
""A:"" Magic.</div>Svpehttps://dsibrew.org/w/index.php?title=DSi_exploits&diff=2918DSi exploits2010-06-16T06:14:46Z<p>Svpe: No.</p>
<hr />
<div>This page is dedicated to the listing of exploits used used to run homebrew on the Nintendo DSi. Anyone may contribute to this list, as long as any exploits added are explained and verifiable.<br />
<br />
== DSi-mode exploits ==<br />
<br />
Team Twiizers have found a DSi-Mode Exploit and have managed to use it to run DSi Mode homebrew. However it has not yet been released. More details at : [http://hackmii.com/2009/07/dsi-mode-homebrew-anyone/] The additional hardware is just required to get a connection to a computer so that things like ram dumps can be created.<br />
<br />
<br />
Wintermute has made available an open source DSi hack. The exploit works on DSi enhanced games, allowing you to run custom code from a save file. Instructions for using the exploit can be found here: [http://drunkencoders.com/2009/08/dsi-hack-update/]<br />
<br />
== DS-mode exploits ==<br />
<br />
This type of exploit is undesirable because all DSi functionality, such as usage of the [[cameras]], is unavailable to homebrew.<br />
<br />
Blasteh (Blasty) has posted a [http://www.youtube.com/watch?v=7QHO7ctWuZ8 video on Youtube] showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08].</div>Svpehttps://dsibrew.org/w/index.php?title=AES_Engine&diff=2694AES Engine2010-02-05T18:25:36Z<p>Svpe: </p>
<hr />
<div>== Registers ==<br />
{| class="wikitable" border="1"<br />
! NAME<br />
! ADDRESS<br />
! WIDTH<br />
|-<br />
| REG_AESCNT<br />
| 0x04004400<br />
| 4<br />
|-<br />
| REG_AESBLKCNT<br />
| 0x04004404<br />
| 4<br />
|-<br />
| REG_AESWRFIFO<br />
| 0x04004408<br />
| 4<br />
|-<br />
| REG_AESRDFIFO<br />
| 0x0400440C<br />
| 4<br />
|-<br />
| REG_AESCTR<br />
| 0x04004420<br />
| 16<br />
|-<br />
| REG_AESMAC<br />
| 0x04004430<br />
| 16<br />
|-<br />
| REG_AESKEY0<br />
| 0x04004440<br />
| 48<br />
|-<br />
| REG_AESKEY1<br />
| 0x04004470<br />
| 48<br />
|-<br />
| REG_AESKEY2<br />
| 0x040044A0<br />
| 48<br />
|-<br />
| REG_AESKEY3<br />
| 0x040044D0<br />
| 48<br />
|}<br />
<br />
== REG_AESCNT ==<br />
{| class="wikitable" border="1"<br />
! BIT<br />
! DESCRIPTION<br />
|-<br />
| 4-0<br />
| Write fifo count<br />
|-<br />
| 9-5<br />
| Read fifo count<br />
|-<br />
| 10<br />
| Flush write fifo<br />
|-<br />
| 11<br />
| Flush read fifo<br />
|-<br />
| 15-12<br />
| ?<br />
|-<br />
| 18-16<br />
| MAC size (size in bytes = s*2+2, e.g, 7 == 16 bytes)<br />
|-<br />
| 19<br />
| ?<br />
|-<br />
| 20<br />
| MAC input control (0 = read MAC from FIFO, 1 = read MAC from REG_AESMAC)<br />
|-<br />
| 21<br />
| MAC status (0 = invalid, 1 = verified)<br />
|-<br />
| 23-22<br />
| ?<br />
|-<br />
| 24<br />
| Key select<br />
|-<br />
| 25<br />
| Key schedule busy<br />
|-<br />
| 27-26<br />
| Key slot (0..3)<br />
|-<br />
| 29-28<br />
| Mode (0=AES CCM decrypt, 1=AES CCM encrypt, 2=AES CTR)<br />
|-<br />
| 30<br />
| Interrupt enable<br />
|-<br />
| 31<br />
| Enable<br />
|}<br />
<br />
<br />
== REG_AESBLKCNT ==<br />
{| class="wikitable" border="1"<br />
! BIT<br />
! DESCRIPTION<br />
|-<br />
| 15-0<br />
| CBC-MAC associated data blocks to process (1 block = 4 words)<br />
|-<br />
| 31-16<br />
| CTR or payload data blocks to process (1 block = 4 words)<br />
|}<br />
<br />
== REG_AESKEY0/1/2/3 ==<br />
{| class="wikitable" border="1"<br />
! BYTE<br />
! DESCRIPTION<br />
|-<br />
| 0-15<br />
| Key data<br />
|-<br />
| 16-31<br />
| Special key data X<br />
|-<br />
| 32-47<br />
| Special key data Y<br />
|}<br />
<br />
<br />
Key gets updated when either the last word of the key data or the last word of "special key data y" is written. When writing to special key data the actual key is F((key data x) xor (key data y)) where F is some unkown function implemented in hardware.<br />
<br />
<br />
== AES CCM mode (Counter with CBC-MAC) ==<br />
AES CCM mode combines AES CTR with AES CBC-MAC, to provide confidentiality and authenticity of a message.<br />
<br />
The message contains optional associated data and an actual payload. The payload is XORed with an AES CTR generated stream, while AES CBC-MAC is used to generate a MAC based on both the associated data and the payload. The MAC can be used to verify integrity of the message. In addition, a nonce is used to initialize the AES CTR and CBC-MAC modes of operation. <br />
<br />
More information can be found in NIST 800-38C or RFC 3610.<br />
<br />
The used MAC size can be adjusted in hardware, but usually a MAC size of 16 bytes is used. The hardware has a hardcoded maximum payload size of 24 bits for CCM, and this automatically means the nonce is 12 bytes. <br />
<br />
When encrypting or decrypting, the first 12 bytes of REG_AESCTR are used for the nonce. The actual counter used is defined in NIST 800-38C, and looks like this: (02 <nonce> 00 00 00). The last 3 bytes are the counter and is incremented for each subsequent AES CTR operation. The first block for AES CBC-MAC is also defined in NIST 800-38C, and looks like this: (<flags> <nonce> <payloadsize>), where flags is (0 <adata> <m> <q>), where adata is 1 or 0 if associated data is used, m the encoded mac size, and q the sizebytes (always 2).<br />
<br />
== CCM hardware encryption ==<br />
First, the optional associated data is written to the write fifo. During this time, the hardware will internally update the MAC with the associated data. If no associated data is used, this step can be skipped.<br />
Then, the actual payload is written to the write fifo. The crypted payload will appear in the read fifo, and during this time the MAC will be internally updated with the payload data.<br />
Once all blocks are done, the MAC can be read from the read fifo. The hardware knows when this is because the number of associated blocks and payload blocks are specified in REG_AESBLKCNT.<br />
<br />
== CCM hardware decryption ==<br />
It is possible to let the hardware use the dedicated MAC slot in REG_AESMAC or from the write fifo for verification. This option depends on bit 20 of REG_AESCNT.<br />
Like encryption, first the optional associated data is written to the write fifo. Then the actual payload is written to the write fifo, and the crypted payload will appear in the read fifo. If using the dedicated MAC slot, the hardware will now verify whether the MAC matches. Otherwise, the MAC must be supplied into the write fifo for verification.</div>Svpehttps://dsibrew.org/w/index.php?title=AES_Engine&diff=2692AES Engine2010-02-05T10:51:19Z<p>Svpe: mostly courtesy of neimod. someone needs to wikify those tables a bit :P</p>
<hr />
<div>== Registers ==<br />
{| class="wikitable" border="1"<br />
|-<br />
! NAME<br />
! ADDRESS<br />
! WIDTH<br />
|-<br />
| REG_AESCNT<br />
| 0x04004400<br />
| 4<br />
|-<br />
| REG_AESBLKCNT<br />
| 0x04004404<br />
| 4<br />
|-<br />
| REG_AESWRFIFO<br />
| 0x04004408<br />
| 4<br />
|-<br />
| REG_AESRDFIFO<br />
| 0x0400440C<br />
| 4<br />
|-<br />
| REG_AESCTR<br />
| 0x04004420<br />
| 16<br />
|-<br />
| REG_AESMAC<br />
| 0x04004430<br />
| 16<br />
|-<br />
| REG_AESKEY0<br />
| 0x04004440<br />
| 48<br />
|-<br />
| REG_AESKEY1<br />
| 0x04004470<br />
| 48<br />
|-<br />
| REG_AESKEY2<br />
| 0x040044A0<br />
| 48<br />
|-<br />
| REG_AESKEY3<br />
| 0x040044D0<br />
| 48<br />
|}<br />
<br />
<br />
(:tableend:)<br />
<br />
== REG_AESCNT ==<br />
(:table border=1 cellspacing=0 cellpadding=3 bgcolor=#F0F0F0 :)<br />
(:cellnr bgcolor=#E0E0E0 :)'''BIT'''<br />
(:cell bgcolor=#E0E0E0 :)'''DESCRIPTION'''<br />
(:cellnr:)4-0<br />
(:cell:)Write fifo count<br />
(:cellnr:)9-5<br />
(:cell:)Read fifo count<br />
(:cellnr:)10<br />
(:cell:)Flush write fifo<br />
(:cellnr:)11<br />
(:cell:)Flush read fifo<br />
(:cellnr:)15-12<br />
(:cell:)?<br />
(:cellnr:)18-16<br />
(:cell:)MAC size (size in bytes = s*2+2, e.g, 7 == 16 bytes)<br />
(:cellnr:)19<br />
(:cell:)?<br />
(:cellnr:)20<br />
(:cell:)MAC input control (0 = read MAC from FIFO, 1 = read MAC from REG_AESMAC)<br />
(:cellnr:)21<br />
(:cell:)MAC status (0 = invalid, 1 = verified)<br />
(:cellnr:)23-22<br />
(:cell:)?<br />
(:cellnr:)24<br />
(:cell:)Key select<br />
(:cellnr:)25<br />
(:cell:)Key schedule busy<br />
(:cellnr:)27-26<br />
(:cell:)Key slot (0..3)<br />
(:cellnr:)29-28<br />
(:cell:)Mode (0=AES CCM decrypt, 1=AES CCM encrypt, 2=AES CTR)<br />
(:cellnr:)30<br />
(:cell:)Interrupt enable<br />
(:cellnr:)31<br />
(:cell:)Enable<br />
(:tableend:)<br />
<br />
<br />
== REG_AESBLKCNT ==<br />
(:table border=1 cellspacing=0 cellpadding=3 bgcolor=#F0F0F0 :)<br />
(:cellnr bgcolor=#E0E0E0 :)'''BIT'''<br />
(:cell bgcolor=#E0E0E0 :)'''DESCRIPTION'''<br />
(:cellnr:)15-0<br />
(:cell:)CBC-MAC associated data blocks to process (1 block = 4 words)<br />
(:cellnr:)31-16<br />
(:cell:)CTR or payload data blocks to process (1 block = 4 words)<br />
(:tableend:)<br />
<br />
== REG_AESKEY0/1/2/3 ==<br />
(:table border=1 cellspacing=0 cellpadding=3 bgcolor=#F0F0F0 :)<br />
(:cellnr bgcolor=#E0E0E0 :)'''BYTE'''<br />
(:cell bgcolor=#E0E0E0 :)'''DESCRIPTION'''<br />
(:cellnr:)0-15<br />
(:cell:)Key data<br />
(:cellnr:)16-31<br />
(:cell:)Special key data X<br />
(:cellnr:)32-47<br />
(:cell:)Special key data Y<br />
(:tableend:)<br />
<br />
<br />
Key gets updated when either the last word of the key data or the last word of "special key data y" is written. When writing to special key data the actual key is F((key data x) xor (key data y)) where F is some unkown function implemented in hardware.<br />
<br />
<br />
== AES CCM mode (Counter with CBC-MAC) ==<br />
AES CCM mode combines AES CTR with AES CBC-MAC, to provide confidentiality and authenticity of a message.<br />
<br />
The message contains optional associated data and an actual payload. The payload is XORed with an AES CTR generated stream, while AES CBC-MAC is used to generate a MAC based on both the associated data and the payload. The MAC can be used to verify integrity of the message. In addition, a nonce is used to initialize the AES CTR and CBC-MAC modes of operation. <br />
<br />
More information can be found in NIST 800-38C or RFC 3610.<br />
<br />
The used MAC size can be adjusted in hardware, but usually a MAC size of 16 bytes is used. The hardware has a hardcoded maximum payload size of 24 bits for CCM, and this automatically means the nonce is 12 bytes. <br />
<br />
When encrypting or decrypting, the first 12 bytes of REG_AESCTR are used for the nonce. The actual counter used is defined in NIST 800-38C, and looks like this: (02 <nonce> 00 00 00). The last 3 bytes are the counter and is incremented for each subsequent AES CTR operation. The first block for AES CBC-MAC is also defined in NIST 800-38C, and looks like this: (<flags> <nonce> <payloadsize>), where flags is (0 <adata> <m> <q>), where adata is 1 or 0 if associated data is used, m the encoded mac size, and q the sizebytes (always 2).<br />
<br />
== CCM hardware encryption ==<br />
First, the optional associated data is written to the write fifo. During this time, the hardware will internally update the MAC with the associated data. If no associated data is used, this step can be skipped.<br />
Then, the actual payload is written to the write fifo. The crypted payload will appear in the read fifo, and during this time the MAC will be internally updated with the payload data.<br />
Once all blocks are done, the MAC can be read from the read fifo. The hardware knows when this is because the number of associated blocks and payload blocks are specified in REG_AESBLKCNT.<br />
<br />
== CCM hardware decryption ==<br />
It is possible to let the hardware use the dedicated MAC slot in REG_AESMAC or from the write fifo for verification. This option depends on bit 20 of REG_AESCNT.<br />
Like encryption, first the optional associated data is written to the write fifo. Then the actual payload is written to the write fifo, and the crypted payload will appear in the read fifo. If using the dedicated MAC slot, the hardware will now verify whether the MAC matches. Otherwise, the MAC must be supplied into the write fifo for verification.</div>Svpehttps://dsibrew.org/w/index.php?title=ARM7_BIOS&diff=2326ARM7 BIOS2009-09-12T15:30:21Z<p>Svpe: </p>
<hr />
<div>== BIOS and Bootrom ==<br />
The ARM7 BIOS is splitted up into two parts:<br />
<br />
# the actual BIOS which is 0x8000 bytes long and starts at 0x0<br />
# the bootrom which is probably also 0x8000 bytes long and starts at 0x8000<br />
<br />
*The data of 1) can only be read by instructions within the BIOS. It can therefore be dumped by applying some irq timer trick to find a usable ''ldr'' instruction or by just using the memcpy at 0x6bb0 with the usual arguments.<br />
*The data of 2) can only be read until bit 0 in register '''0x04004000 or 0x04004001 (?)''' is cleared. It is enabled after it has been executed and can never be read again until a reset then. It might contains keys and has not been dumped yet.<br />
<br />
== SVC list ==<br />
The BIOS provides the following SVC functions. Every SVC not mentioned here just jumps to an infinite loop at 0x16c (b .)<br />
<br />
{| class="wikitable sortable" width="55%"<br />
|-<br />
! SVC<br />
! NAME<br />
! DESCRIPTION<br />
|-<br />
|01<br />
|n/a<br />
|n/a<br />
|- <br />
|02<br />
|n/a<br />
|n/a<br />
|- <br />
|03<br />
|WaitByLoop<br />
|n/a<br />
|-<br />
|04<br />
|IntrWait<br />
|n/a<br />
|-<br />
|05<br />
|VSyncWait<br />
|n/a<br />
|-<br />
|06<br />
|HaltMaybe<br />
|n/a<br />
|-<br />
|07<br />
|StopMaybe<br />
|n/a<br />
|-<br />
|08<br />
|n/a<br />
|n/a<br />
|-<br />
|09<br />
|n/a<br />
|n/a<br />
|-<br />
|0b<br />
|CPUSet<br />
|n/a<br />
|-<br />
|0c<br />
|CpuFastSet<br />
|n/a<br />
|-<br />
|0d<br />
|n/a<br />
|n/a<br />
|-<br />
|0e<br />
|crc16<br />
|n/a<br />
|-<br />
|10<br />
|n/a<br />
|n/a<br />
|-<br />
|11<br />
|n/a<br />
|n/a<br />
|-<br />
|12<br />
|n/a<br />
|n/a<br />
|-<br />
|13<br />
|n/a<br />
|n/a<br />
|-<br />
|14<br />
|n/a<br />
|n/a<br />
|-<br />
|15<br />
|n/a<br />
|n/a<br />
|-<br />
|19<br />
|n/a<br />
|n/a<br />
|-<br />
|1a<br />
|GetSinTable<br />
|n/a<br />
|-<br />
|1b<br />
|GetPitchTable<br />
|n/a<br />
|-<br />
|1c<br />
|GetVolumeTable<br />
|n/a<br />
|-<br />
|1d<br />
|n/a<br />
|n/a<br />
|-<br />
|1f<br />
|CustomHalt<br />
|n/a<br />
|-<br />
|20<br />
|n/a<br />
|n/a<br />
|-<br />
|21<br />
|n/a<br />
|n/a<br />
|-<br />
|22<br />
|n/a<br />
|n/a<br />
|-<br />
|23<br />
|n/a<br />
|n/a<br />
|-<br />
|24<br />
|sha1_init<br />
|n/a<br />
|-<br />
|25<br />
|sha1_update<br />
|n/a<br />
|-<br />
|26<br />
|sha1_finalize<br />
|n/a<br />
|-<br />
|27<br />
|sha1<br />
|n/a<br />
|-<br />
|28<br />
|sha1_compare<br />
|n/a<br />
|-<br />
|29<br />
|sha1_random_maybe<br />
|n/a<br />
|}<br />
<br />
<br />
== reset vectors et al ==<br />
<br />
The first few words of the BIOS cannot be dumped. You can guess them by tracing the code though (all values are noted in little endian here):<br />
060000ea<br />
060000ea<br />
1f0000ea<br />
040000ea<br />
030000ea<br />
feffffea<br />
130000ea<br />
000000ea</div>Svpehttps://dsibrew.org/w/index.php?title=ARM7_BIOS&diff=2325ARM7 BIOS2009-09-12T15:29:53Z<p>Svpe: New page: == BIOS and Bootrom == The ARM7 BIOS is splitted up into two parts: # the actual BIOS which is 0x8000 bytes long and starts at 0x0 # the bootrom which is probably also 0x8000 bytes long a...</p>
<hr />
<div>== BIOS and Bootrom ==<br />
The ARM7 BIOS is splitted up into two parts:<br />
<br />
# the actual BIOS which is 0x8000 bytes long and starts at 0x0<br />
# the bootrom which is probably also 0x8000 bytes long and starts at 0x8000<br />
<br />
*The data of 1) can only be read by instructions within the BIOS. It can therefore be dumped by applying some irq timer trick to find a usable ''ldr'' instruction or by just using the memcpy at 0x6bb0 with the usual arguments.<br />
*The data of 2) can only be read until bit 0 in register '''0x04004000 or 0x04004001 (?)''' is cleared. It is enabled after it has been executed and can never be read again until a reset then. It might contains keys and has not been dumped yet.<br />
<br />
== SWI list ==<br />
The BIOS provides the following SVC functions. Every SVC not mentioned here just jumps to an infinite loop at 0x16c (b .)<br />
<br />
{| class="wikitable sortable" width="55%"<br />
|-<br />
! SVC<br />
! NAME<br />
! DESCRIPTION<br />
|-<br />
|01<br />
|n/a<br />
|n/a<br />
|- <br />
|02<br />
|n/a<br />
|n/a<br />
|- <br />
|03<br />
|WaitByLoop<br />
|n/a<br />
|-<br />
|04<br />
|IntrWait<br />
|n/a<br />
|-<br />
|05<br />
|VSyncWait<br />
|n/a<br />
|-<br />
|06<br />
|HaltMaybe<br />
|n/a<br />
|-<br />
|07<br />
|StopMaybe<br />
|n/a<br />
|-<br />
|08<br />
|n/a<br />
|n/a<br />
|-<br />
|09<br />
|n/a<br />
|n/a<br />
|-<br />
|0b<br />
|CPUSet<br />
|n/a<br />
|-<br />
|0c<br />
|CpuFastSet<br />
|n/a<br />
|-<br />
|0d<br />
|n/a<br />
|n/a<br />
|-<br />
|0e<br />
|crc16<br />
|n/a<br />
|-<br />
|10<br />
|n/a<br />
|n/a<br />
|-<br />
|11<br />
|n/a<br />
|n/a<br />
|-<br />
|12<br />
|n/a<br />
|n/a<br />
|-<br />
|13<br />
|n/a<br />
|n/a<br />
|-<br />
|14<br />
|n/a<br />
|n/a<br />
|-<br />
|15<br />
|n/a<br />
|n/a<br />
|-<br />
|19<br />
|n/a<br />
|n/a<br />
|-<br />
|1a<br />
|GetSinTable<br />
|n/a<br />
|-<br />
|1b<br />
|GetPitchTable<br />
|n/a<br />
|-<br />
|1c<br />
|GetVolumeTable<br />
|n/a<br />
|-<br />
|1d<br />
|n/a<br />
|n/a<br />
|-<br />
|1f<br />
|CustomHalt<br />
|n/a<br />
|-<br />
|20<br />
|n/a<br />
|n/a<br />
|-<br />
|21<br />
|n/a<br />
|n/a<br />
|-<br />
|22<br />
|n/a<br />
|n/a<br />
|-<br />
|23<br />
|n/a<br />
|n/a<br />
|-<br />
|24<br />
|sha1_init<br />
|n/a<br />
|-<br />
|25<br />
|sha1_update<br />
|n/a<br />
|-<br />
|26<br />
|sha1_finalize<br />
|n/a<br />
|-<br />
|27<br />
|sha1<br />
|n/a<br />
|-<br />
|28<br />
|sha1_compare<br />
|n/a<br />
|-<br />
|29<br />
|sha1_random_maybe<br />
|n/a<br />
|}<br />
<br />
<br />
== reset vectors et al ==<br />
<br />
The first few words of the BIOS cannot be dumped. You can guess them by tracing the code though (all values are noted in little endian here):<br />
060000ea<br />
060000ea<br />
1f0000ea<br />
040000ea<br />
030000ea<br />
feffffea<br />
130000ea<br />
000000ea</div>Svpehttps://dsibrew.org/w/index.php?title=Test_Points&diff=2274Test Points2009-09-05T12:42:04Z<p>Svpe: </p>
<hr />
<div>== Table of Test Points ==<br />
<br />
{| class="wikitable" border="1" {{table}}<br />
| /IRQ_0||cartridge insertion detect (?)<br />
|-<br />
| /mRST||<br />
|-<br />
| /WiFi_RST||Wifi chipset reset<br />
|-<br />
| ADPO||<br />
|-<br />
| AOUT||<br />
|-<br />
| ATH_TX_H||<br />
|-<br />
| B+||Battery + voltage<br />
|-<br />
| BLA1||<br />
|-<br />
| BLA2||<br />
|-<br />
| BLC1||<br />
|-<br />
| BLC2||<br />
|-<br />
| BLUE||<br />
|-<br />
| BT-||Battery terminal -<br />
|-<br />
| BT+||Battery terminal +<br />
|-<br />
| CAM_D0||<br />
|-<br />
| CAM_D1||<br />
|-<br />
| CAM_D2||<br />
|-<br />
| CAM_D3||<br />
|-<br />
| CAM_D4||<br />
|-<br />
| CAM_D5||<br />
|-<br />
| CAM_D6||<br />
|-<br />
| CAM_D7||<br />
|-<br />
| CAM_LED||<br />
|-<br />
| CAM_RST||<br />
|-<br />
| CKI||<br />
|-<br />
| COM1||<br />
|-<br />
| COM2||<br />
|-<br />
| DCLK||<br />
|-<br />
| DET||<br />
|-<br />
| EXTB+||External charger +<br />
|-<br />
| GCK||<br />
|-<br />
| GND1||ground<br />
|-<br />
| GND2||ground<br />
|-<br />
| GPIO330||<br />
|-<br />
| GSP||<br />
|-<br />
| HP#SP||<br />
|-<br />
| HSYNC||Horizontal Sync (for one of the LCDs)<br />
|-<br />
| INI||<br />
|-<br />
| LBD24||<br />
|-<br />
| LDB10|| screen #0 B signal #0<br />
|-<br />
| LDB11|| screen #0 B signal #1<br />
|-<br />
| LDB12|| screen #0 B signal #2<br />
|-<br />
| LDB13|| screen #0 B signal #3<br />
|-<br />
| LDB14|| screen #0 B signal #4<br />
|-<br />
| LDB15|| screen #0 B signal #5<br />
|-<br />
| LDB20|| screen #1 B signal #0<br />
|-<br />
| LDB21|| screen #1 B signal #1<br />
|-<br />
| LDB22|| screen #1 B signal #2<br />
|-<br />
| LDB23|| screen #1 B signal #3<br />
|-<br />
| LDB24|| screen #1 B signal #4<br />
|-<br />
| LDB25|| screen #1 B signal #5<br />
|-<br />
| LDG10|| screen #0 G signal #0<br />
|-<br />
| LDG11|| screen #0 G signal #1<br />
|-<br />
| LDG12|| screen #0 G signal #2<br />
|-<br />
| LDG13|| screen #0 G signal #3<br />
|-<br />
| LDG14|| screen #0 G signal #4<br />
|-<br />
| LDG15|| screen #0 G signal #5<br />
|-<br />
| LDG20|| screen #1 G signal #0<br />
|-<br />
| LDG21|| screen #1 G signal #1<br />
|-<br />
| LDG22|| screen #1 G signal #2<br />
|-<br />
| LDG23|| screen #1 G signal #3<br />
|-<br />
| LDG24|| screen #1 G signal #4<br />
|-<br />
| LDG25|| screen #1 G signal #5<br />
|-<br />
| LDR10|| screen #0 R signal #0<br />
|-<br />
| LDR11|| screen #0 R signal #1<br />
|-<br />
| LDR12|| screen #0 R signal #2<br />
|-<br />
| LDR13|| screen #0 R signal #3<br />
|-<br />
| LDR14|| screen #0 R signal #4<br />
|-<br />
| LDR15|| screen #0 R signal #5<br />
|-<br />
| LDR20|| screen #1 R signal #0<br />
|-<br />
| LDR21|| screen #1 R signal #1<br />
|-<br />
| LDR22|| screen #1 R signal #2<br />
|-<br />
| LDR23|| screen #1 R signal #3<br />
|-<br />
| LDR24|| screen #1 R signal #4<br />
|-<br />
| LDR25|| screen #1 R signal #5<br />
|-<br />
| LIN|| <br />
|-<br />
| LS||<br />
|-<br />
| MC1_CLK||cartridge clock line<br />
|-<br />
| MC1_CS||cartridge chip select 1<br />
|-<br />
| MC1_CS2||cartridge chip select 2<br />
|-<br />
| MC1_DET||cartridge insertion detect?<br />
|-<br />
| MC1_IO0||cartridge I/O 0<br />
|-<br />
| MC1_IO1||cartridge I/O 1<br />
|-<br />
| MC1_IO2||cartridge I/O 2<br />
|-<br />
| MC1_IO3||cartridge I/O 3<br />
|-<br />
| MC1_IO4||cartridge I/O 4<br />
|-<br />
| MC1_IO5||cartridge I/O 5<br />
|-<br />
| MC1_IO6||cartridge I/O 6<br />
|-<br />
| MC1_IO7||cartridge I/O 7<br />
|-<br />
| MC1_IREQ||cartridge insertion detect (?)<br />
|-<br />
| MC1_RES||cartridge reset<br />
|-<br />
| MC1_VDD||cartridge supply voltage<br />
|-<br />
| mFE||<br />
|-<br />
| MIC||microphone<br />
|-<br />
| ORANGE||<br />
|-<br />
| P00||<br />
|-<br />
| P01||<br />
|-<br />
| P02||<br />
|-<br />
| P03||<br />
|-<br />
| P04||<br />
|-<br />
| P04||<br />
|-<br />
| P05||<br />
|-<br />
| P06||<br />
|-<br />
| P06||<br />
|-<br />
| P07||<br />
|-<br />
| P08||<br />
|-<br />
| P09||<br />
|-<br />
| PENIRQ||<br />
|-<br />
| PM_SLP||Power Management Sleep<br />
|-<br />
| PMOFF||Power Management Off<br />
|-<br />
| PVDD||<br />
|-<br />
| PWSW||Power Button (short to ground to turn on)<br />
|-<br />
| PWSWO||<br />
|-<br />
| R00||<br />
|-<br />
| R01||<br />
|-<br />
| R7||<br />
|-<br />
| RCLK||<br />
|-<br />
| RED||<br />
|-<br />
| RESET||<br />
|-<br />
| REV||<br />
|-<br />
| RICHG||<br />
|-<br />
| Rosc||<br />
|-<br />
| RTC_INT||Real Time Clock interrupt<br />
|-<br />
| SCK||SPI clock<br />
|-<br />
| SCL||<br />
|-<br />
| SCL1||<br />
|-<br />
| SD10_CD||SD card detect<br />
|-<br />
| SD10_CLK||SD card clock<br />
|-<br />
| SD10_CMD||SD card command line<br />
|-<br />
| SD10_DATA1||SD card D1<br />
|-<br />
| SD10_DATA2||SD card D2<br />
|-<br />
| SD10_DATA3||SD card D3<br />
|-<br />
| SD10_DATAO||SD card D0<br />
|-<br />
| SD10_VDD||SD card power<br />
|-<br />
| SD10_WP||SD card write protect<br />
|-<br />
| SD11_CLK||mmcNAND clock<br />
|-<br />
| SDA||<br />
|-<br />
| SDA1||<br />
|-<br />
| SG||<br />
|-<br />
| SL||<br />
|-<br />
| SND_MCLK||<br />
|-<br />
| SND_SCLK||<br />
|-<br />
| SND_SD0||<br />
|-<br />
| SND_SDI||<br />
|-<br />
| SND_WS||<br />
|-<br />
| SPI_CS1||SPI chip select 1<br />
|-<br />
| SPI_CS2||SPI chip select 2 (SPI flash)<br />
|-<br />
| SPI_CS3||SPI chip select 3<br />
|-<br />
| SPI_MISO||SPI Master In Slave Out<br />
|-<br />
| SPI_MOSI||SPI Master Out Slave In<br />
|-<br />
| SPL||<br />
|-<br />
| SPLN||<br />
|-<br />
| SPLP||<br />
|-<br />
| SPRN||<br />
|-<br />
| SPRP||<br />
|-<br />
| SR||<br />
|-<br />
| TH||<br />
|-<br />
| VCNT5||<br />
|-<br />
| VD18|| +1.8v supply<br />
|-<br />
| VDD-5||<br />
|-<br />
| VDD10|| +1.0v supply<br />
|-<br />
| VDD12|| +1.2v supply<br />
|-<br />
| VDD28|| +2.8v supply<br />
|-<br />
| VDD33|| +3.3v supply<br />
|-<br />
| VDD42|| +4.2v supply<br />
|-<br />
| VDD5|| +5v supply<br />
|-<br />
| VDET-||<br />
|-<br />
| VGND|| battery charger ground<br />
|-<br />
| VIN|| battery charger +4.6v supply<br />
|-<br />
| VOLN||<br />
|-<br />
| VOLP||<br />
|-<br />
| VSHD||<br />
|-<br />
| VSYNC|| Vertical sync<br />
|-<br />
| WL_RXPE||<br />
|-<br />
| WL_TXPE||<br />
|-<br />
| X-||touch screen X-axis input -<br />
|-<br />
| X+||touch screen X-axis input +<br />
|-<br />
| Y-||touch screen Y-axis input -<br />
|-<br />
| Y+||touch screen Y-axis input -<br />
|-<br />
| YELLOW||<br />
|-<br />
|}</div>Svpehttps://dsibrew.org/w/index.php?title=List_of_DSi_Homebrew&diff=2237List of DSi Homebrew2009-09-02T19:20:49Z<p>Svpe: this is soooooo related to dsi homebrew! why didn't i think of adding it myself?!</p>
<hr />
<div>This '''list''' is designed to be a updated collection of current DSi mode homebrew.<br />
<br />
==Regarding the current state of DSi mode homebrew in general==<br />
There is currently no practical way to run homebrew in DSi-mode. Save game hacks exist, but these have severe limitations:<br />
* The SD slot and NAND flash are inaccessible.<br />
* The amount of code space is limited to the available space in the game's save file. (A few kilobytes)<br />
** This restriction can be lifted with external hardware like [[EEPUART]] or [[spime]]. This is how [http://svn.navi.cx/misc/trunk/nds/dsi/cookinject/ larger chunks of code] or [http://www.flickr.com/photos/micahdowty/3794878172/in/set-72157621023570420/ image files] have been loaded by developers so far.<br />
<br />
==Exploits==<br />
===The Drunken Coder's savegame exploit===<br />
This exploit allows DSi homebrew coders to run unsigned ARM asm code in DSi-mode utilizing a buffer overflow in Cooking Coach. The hack can be found [http://drunkencoders.com/2009/08/dsi-hack-update/ here].<br />
<br />
===CookInject===<br />
This is [[User:Scanlime]]'s exploit for Cooking Coach. It works with external hardware to bootstrap larger amounts of C code into system memory. Its primary feature is that it's possible to modify code from the game's ARM9 or ARM7 binaries, then return from the exploit back to the game. This allows insertion of hooks that modify or trace the game's normal behaviour. The code can be found [http://svn.navi.cx/misc/trunk/nds/dsi/cookinject/ here].<br />
<br />
==Homebrew==<br />
<br />
==Computer applications==</div>Svpehttps://dsibrew.org/w/index.php?title=Hardware&diff=2223Hardware2009-09-01T12:28:40Z<p>Svpe: </p>
<hr />
<div>{{stub}}<br />
<br />
== Specifications ==<br />
<br />
*[[Cameras|Includes (2) 0.3 Megapixel VGA Cameras]]<br />
*240MB(+16MB probably reserved for wear leveling purposes (e.g. replacing bad blocks)) Internal Flash Memory - Samsung kmapf0000m-S998 MOVI [[NAND]] - MMC Interface<br />
*16MB RAM - NEC uPD 46128512AF1 - DDR SRAM or a Fujitsu 128-Mbit FCRAM 82DBS08164D-70L<br />
*(2) 256 x 192 3.25 Inch Displays<br />
*Backwards compatible with Nintendo DS games but not GBA games as the lack of a gameboy cartridge port.<br />
*Integrated ARM7/ARM9 cores clocked at 133mhz in real mode and downclocked to 66mhz for compatibility mode.<br />
*PAIC3000D Sound Chip - possibly a TI codecs: AIC3 ????<br />
*Mitsumi (MM3317A) or TI 72071B0 - Power supply and charger circuit ????<br />
*SD/SDHC Card slot<br />
<br />
== Images ==<br />
<br />
=== Front ===<br />
<br />
[[Image:Twl_front.jpg]]<br />
<br />
The socket to the left of the ARM processor is the wifi chip socket.<br />
<br />
=== Back ===<br />
<br />
[[Image:Twl_back.jpg]]<br />
<br />
=== CPU with new ram ===<br />
<br />
[[Image:CPUv2.jpg]]<br />
<br />
=== Glamor Shot ===<br />
<br />
[[Image:Nintendo-dsi-Glamor-Shot.jpg]]<br />
<br />
== References ==<br />
<br />
# http://en.wikipedia.org/wiki/Nintendo_DSi<br />
# http://insidetronics.blogspot.com/2008/11/new-nintendo-dsi-teardown.html<br />
# http://techon.nikkeibp.co.jp/english/NEWS_EN/20081111/161077/<br />
# http://games.gearlive.com/playfeed/article/q408-nintendo-dsi-announced-larger-screens-dual-cameras-dsi-shop-store/<br />
# http://www.ifixit.com/Guide/First-Look/Nintendo-DSi/714/1</div>Svpehttps://dsibrew.org/w/index.php?title=Nintendo_DSi_Camera&diff=2159Nintendo DSi Camera2009-08-27T14:00:13Z<p>Svpe: </p>
<hr />
<div>{{stub}}<br />
<br />
Nintendo DSi Camera is an application that use the [[Cameras]].<br />
<br />
== Description ==<br />
<br />
Take pics with the the inner/outer cam of your DSi, edit them with eleven different filters and show them to your friends by sending them to local DSi's. You can edit both before and after you take a picture. <br />
<br />
Pictures can be sent between DSi systems and loaded onto the DSi from an SD card. However, images not taken with a DSi camera will not be viewable because they lack the proper HMAC stored inside a custom EXIF tag.<br />
<br />
The Camera also has a secret piano, on graffite mode you can use the music notes to play sounds.<br />
<br />
* Bottom row = Low<br />
* Middle = Medium <br />
* Top = High<br />
<br />
<br />
== JPEG Files ==<br />
<br />
JPEG's Put on to an SD card off the computer are NOT viewable on the DSi, even if put into the correct folder ([[DCIM]]). Photos, however, taken with the DSi are viewable on the computer.<br />
If edited on the computer, DSi photos will become unreadable on the DSi.<br />
<br />
== See also ==<br />
<br />
* [[Cameras]]</div>Svpehttps://dsibrew.org/w/index.php?title=Stage2&diff=2122Stage22009-08-23T10:24:13Z<p>Svpe: </p>
<hr />
<div>== Stage 1 ==<br />
<br />
[[Image:boot-stage1-error.jpeg|frame|When the Stage 1 bootloader (in ROM) fails, it displays a 32-bit hexadecimal number on the top screen.]]<br />
<br />
The first stage of the DSi's bootloader lives in ROM, presumably on the CPU die. It loads further encrypted (and probably signed) stages from NAND flash, starting with a (partially unencrypted) offset table in the sector at 0x200.<br />
<br />
Not much is known about this bootloader yet, but it presumably knows how to:<br />
# Initialize the encryption hardware<br />
# Read blocks (but not files) from the NAND flash<br />
# Perform some variety of integrity check on all data it reads (signature, CRC, ?)<br />
# Display basic hexadecimal error codes<br />
# Possibly factory-programming the NAND flash?<br />
# Might also do basic power-on self test of peripherals <br />
<br />
Known error codes:<br />
<br />
{| border="1" cellpadding="3" cellspacing="0"<br />
! Error Code !! Description<br />
|-<br />
| 0000FE00 || Error communicating with NAND chip. (It's missing, CLK is shorted, etc.)<br />
|-<br />
| 0000FEFC || Integrity error in first block of Stage 2 (address at 0x220)<br />
|-<br />
| 0000FEFD || Integrity error in second block of Stage 2 (address at 0x230)<br />
|-<br />
| 0000FEFE || Boot sector integrity error (Sector 0x200 not valid)<br />
|}<br />
<br />
== Stage 2 ==<br />
<br />
[[Image:boot-stage2-error.jpeg|frame|This may have been a Stage 2 bootloader error.]]<br />
<br />
Not much concrete information is known about the second-stage bootloader. This may be an actual bootloader, or it's possible that this stage is the DSi Menu itself. The Stage 2 loader was not modified by the [[System Menu 1.4]] update. This is still earlier in the boot process than the "Health and Safety" warning.<br />
<br />
The first stage bootloader reads sector 0x200 in order to find a table of offsets to the Stage 2 bootloader:<br />
<br />
00000220 00 08 00 00 10 64 02 00 00 80 7b 03 00 66 02 00 |.....d....{..f..|<br />
00000230 00 6e 02 00 88 75 02 00 00 80 7b 03 00 76 02 00 |.n...u....{..v..|<br />
00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|<br />
<br />
This appears to be describing two chunks of the stage2 loader, one 0x26410 bytes in length at address 0x800, and one 0x27588 bytes at address 0x26e00.<br />
<br />
Note that this sector (and two similar ones at 0x400 and 0x600) appear to be the only unencrypted blocks on the NAND flash.<br />
<br />
It is unclear why there are two pieces which are nearly but not quite the same size. Passive traces of the boot sequence confirm that the 0x26e00 chunk is slightly larger, and it's loaded first. The 0x800 chunk is read immediately after the 0x26e00 chunk.<br />
<br />
After Stage 2 is loaded:<br />
# The NAND flash is partially re-initialized<br />
# Sector 0 is read from the NAND. This appears to be an (encrypted) DOS-style MBR.<br />
# The MBR signature and the type of the first partition are verified.<br />
# Filesystem metadata is read from sectors starting around 0x100000. The metadata appears to be in FAT32 format with long filenames.<br />
# A file is loaded from 0x790000 (just below 8MB). This may be the DSi Menu. If the "stage 2" loader ''is'' the DSi Menu, this may be data for the photo application that runs on the top screen.<br />
<br />
All errors show before the health and safety screen. It appears that stage2 errors from a cold power-on always cause the DSi to hang at a black screen, whereas stage2 errors after reset (pressing but not holding the power button) will give an error message screen. Known errors:<br />
<br />
{| border="1" cellpadding="3" cellspacing="0"<br />
! Text !! Description<br />
|-<br />
| "Error: 1-2435-8325" || Invalid signature or partition type in MBR, invalid starting LBA.<br />
|-<br />
| "Error: 3-2435-8325" || Modified the file at 0x790000 (likely the DSi Menu)<br />
|-<br />
|}</div>Svpehttps://dsibrew.org/w/index.php?title=DSiBrew:News/Archive&diff=2107DSiBrew:News/Archive2009-08-22T08:52:01Z<p>Svpe: </p>
<hr />
<div><br />
*'''24 July 09:''' The Drunken Coders team have made a speed comparison of the old DS and DSi using Wintermute's "Cooking Coach" exploit. They have posted the results on their [http://drunkencoders.com/2009/07/dsi-news/ blog]<br />
*'''9 July 09:''' Team Twiizers successfully ran DSi-Mode Homebrew. More details can be found over at [http://hackmii.com/2009/07/dsi-mode-homebrew-anyone/ HackMii]<br />
*'''25 June 09:''' Voting has begun for the [[DSiBrew:Contests|DSiBrew logo]] contest! Please cast your vote '''[[DSiBrew talk:Contests#Voting time!|here]]'''.<br />
*'''17 June 09:''' An unofficial [http://dsiforums.podtube.us/index.php forum] for DSiBrew has been created.<br />
*'''8 June 09:''' The [[DSiBrew:Contests|DSiBrew logo]] contest is now closed to submissions.<br />
*'''12 April 09:''' A [[DSiBrew:Contests|DSiBrew logo]] contest has started.<br />
*'''5 April 09:''' The Nintendo DSi has been released in North America.<br />
*'''3 April 09:''' Nintendo has released [[System Update 1.3]]. DSi Shop is accessible. All DSi flashcarts still work. Added a button to start DSi Camera application when pressing L or R.<br />
*'''3 April 09:''' The Nintendo DSi has been released in Europe.<br />
*'''2 April 09:''' The Nintendo DSi has been released in Australia.<br />
*'''19 February 09:''' [http://nintendo.co.uk/NOE/en_GB/news/2008/nintendo_dsi_arrives_in_europe_on_3_april_2009_11627.html Nintendo of Europe] and [http://www.nintendo.com/whatsnew/detail/Q5D4ti_bPqJO_I0Oup0AMFudaUOLz6C7 Nintendo of America] have announced that the DSi will be released on April 3 in Europe and April 5 in North America.<br />
* '''25 January 09 ''': [[User:Bushing|Bushing]] from [http://www.hackmii.com Hackmii] created this wiki as a spinoff of the [http://wiibrew.org/wiki/Main_Page WiiBrew wiki].</div>Svpehttps://dsibrew.org/w/index.php?title=FAQ&diff=2043FAQ2009-08-20T14:37:41Z<p>Svpe: Reverted edits by Taraff1 (Talk) to last version by Zack</p>
<hr />
<div>'''Frequently asked questions are here.'''<br />
<br />
'''Q:''' What is the purpose of this project?<br />
<br />
'''A:''' Getting unsigned "homebrew" code running on the Nintendo DSi in native DSi mode.<br />
<br />
<br />
'''Q:''' Any progress?<br />
<br />
'''A:''' Not much as this project just started. However, [[Team Twiizers]] has managed to execute some form of unsigned code by directing the save file area of a DSi-mode game to an Arudino chip. This will lead to further - and easier to replicate - exploits. <br />
<br />
<br />
'''Q:''' What is the purpose of running "homebrew" code on the Nintendo DSi?<br />
<br />
'''A:''' The Nintendo DSi is a decently powerful system that has a SD slot, 2 cameras on it and a touch screen all in a portable system great for homebrew.<br />
<br />
<br />
'''Q:''' Why not just rely on already available flash carts for homebrew?<br />
<br />
'''A:''' The goal here is to run our own code via a software exploit, not a hardware one. Also, some flash carts have a bad reputation. Finally, current flash carts only allow you to run DS-native homebrew, with no DSi features (such as the cameras) or increased processing power being available. Also, SD Cards for the DSi are cheaper than flash carts.</div>Svpehttps://dsibrew.org/w/index.php?title=Nintendo_Software&diff=2040Nintendo Software2009-08-20T14:36:47Z<p>Svpe: Reverted edits by Taraff1 (Talk) to last version by CashMan</p>
<hr />
<div>This article links to information about all Nintendo created software.<br />
<br />
== System ==<br />
<br />
*[[System Menu]] (DSi Menu)<br />
<br />
== DSi applications ==<br />
<br />
*[[Nintendo DSi Browser]]<br />
*[[Nintendo DSi Calculator]]<br />
*[[Nintendo DSi Camera]]<br />
*[[Nintendo DSi Clock]]<br />
*[[Nintendo DSi Shop]]<br />
*[[Nintendo DSi Sound]]<br />
*[[DS Download Play]]<br />
*[[Pictochat]]</div>Svpehttps://dsibrew.org/w/index.php?title=Flipbook_XOR_Pad&diff=1991Flipbook XOR Pad2009-08-16T09:58:52Z<p>Svpe: less rumours</p>
<hr />
<div>There's a static XOR pad applied when encrypting/decrypting files. (This pad *might* be generated using aes-ctr) It repeats each 0x40 (what a fuck-up, Nintendo).<br />
Here's the XOR pad used for the *.lst file (hexadecimal):<br />
<br />
00: F7 4C 6A 3A FB 82 A6 37 6E 11 38 CF A0 DD 85 C0<br />
10: C7 9B C4 D8 DD 28 8A 87 53 20 EE E0 0B EB 43 A0<br />
20: DB 55 0F 75 36 37 EB 35 6A 34 7F B5 0F 99 F7 EF<br />
30: 43 25 CE A0 29 46 D9 D4 4D BB 04 66 68 08 F1 F8</div>Svpehttps://dsibrew.org/w/index.php?title=ARM9_SWI_Functions&diff=1789ARM9 SWI Functions2009-07-30T12:39:17Z<p>Svpe: courtesy of segher</p>
<hr />
<div>These are the functions provided by the ARM9 BIOS. IDs not mentioned here, calls swiSoftReset. I haven't checked any old ones if they've been modified/replaced.<br />
<br />
{| class="wikitable"<br />
|-<br />
! ID<br />
! Name <br />
! Args<br />
! New?<br />
|-<br />
| 0x00<br />
| swiSoftReset<br />
| none<br />
| old<br />
|-<br />
| 0x01<br />
| swiUnknown<br />
| ??<br />
| '''new''' ??<br />
|-<br />
| 0x02<br />
| swiDecompressLZSSVram<br />
| ??<br />
| old<br />
|-<br />
| 0x03<br />
| swiDelay<br />
| ??<br />
| old<br />
|-<br />
| 0x04<br />
| swiIntrWait<br />
| ??<br />
| old<br />
|-<br />
| 0x05<br />
| swiWaitForVBlank<br />
| ??<br />
| old<br />
|-<br />
| 0x06<br />
| swiWaitForIRQ<br />
| ??<br />
| old<br />
|-<br />
| 0x09 <br />
| swiDivide<br />
| ??<br />
| old<br />
|-<br />
| 0x0B<br />
| swiCopy<br />
| ?? <br />
| old<br />
|-<br />
| 0x0C<br />
| swiFastCopy<br />
| ?? <br />
| old<br />
|-<br />
| 0x0D<br />
| swiSqrt<br />
| ?? <br />
| old<br />
|-<br />
| 0x0E<br />
| swiCRC16<br />
| ?? <br />
| old<br />
|-<br />
| 0x10<br />
| swiUnpackBits<br />
| ??<br />
| old<br />
|-<br />
| 0x11<br />
| swiDecompressLZSSWram<br />
| ??<br />
| old<br />
|-<br />
| 0x12<br />
| swiDecompressLZSSVram<br />
| ??<br />
| old<br />
|-<br />
| 0x13<br />
| swiDecompressHuffman<br />
| ??<br />
| old<br />
|-<br />
| 0x14<br />
| swiDecompressRLEWram<br />
| ??<br />
| old<br />
|-<br />
| 0x15<br />
| swiDecompressRLEVram<br />
| ??<br />
| old<br />
|-<br />
| 0x16<br />
| swiDecodeDelta8<br />
| ??<br />
| old<br />
|-<br />
| 0x18<br />
| swiDecodeDelta16<br />
| ??<br />
| old<br />
|-<br />
| 0x1F<br />
| swiSetHaltCR<br />
| ??<br />
| old<br />
|-<br />
| 0x20<br />
| init_crypto_heap<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x21<br />
| rsa_decrypt<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x22<br />
| rsa_decrypt_signature<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x23<br />
| rsa_decrypt_der<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x24<br />
| swiSHA1_Init<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x25<br />
| swiSHA1_Update<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x26<br />
| swiSHA1_Final<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x27<br />
| swiSHA1<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x28<br />
| swiSHA1_Compare<br />
| ??<br />
| '''new'''<br />
|-<br />
| 0x29<br />
| SHA1_Random<br />
| looks like it's trying to generate a random number using SHA1<br />
| '''new'''<br />
|}</div>Svpehttps://dsibrew.org/w/index.php?title=DSiBrew:Contributing&diff=1652DSiBrew:Contributing2009-07-11T23:39:17Z<p>Svpe: </p>
<hr />
<div>If you want to contribute to DSi Homebrew-community this would be the page to start.<br />
<br />
== Help with reverse engineering ==<br />
If you are familiar with reverse engineering software/hardware or have a background in decompiling, C/C++, and ASM, join the channel #dsidev at EFNet. Lurk for a while to see what are the topics and goals of the day. Be sure to report any and all substantial findings on the wiki.<br />
<br />
You can also help out new users in IRC by linking them to wiki articles that answer their questions, or this article and the Channel FAQ to get new users more quickly acquainted with how we do things and what we've accomplished.<br />
<br />
== Become a wiki editor ==<br />
<br />
Help is always needed here on the wiki!<br />
<br />
# You should [http://www.dsibrew.org/index.php?title=Special:Userlogin&type=signup&returnto=Main_Page register]. It's not absolutely necessary to interact with the wiki, but it helps identifying you and with building your reputation in the community. Please use the same (or similar to the) nick you use in IRC.<br />
# Go through the [http://en.wikipedia.org/wiki/Wikipedia:Tutorial Wikipedia Editing tutorial]. It's not that long, added up it's less than two pages. Go through the entire thing, make sure you are familiar.<br />
# Read this entire page twice. Thoroughly (Especially the [[Contributing#Rules|Rules]]).<br />
# Dive into the [[Contributing#To_Do|To Do]] below. If you want to practice you can use our [[Sandbox]] page<br />
# [[Contributing#Useful_links|Look below]] for some very useful Wiki documentation. (Such as [http://en.wikipedia.org/wiki/Wikipedia:How_to_edit_a_page this page] which searching will reveal how to do something, such as adding an article to a Category)<br />
<br />
== To do ==<br />
The most benefit comes from the things detailed below. The articles here are good but could be much better. We must make them great.<br />
<br />
Editors should use the [[Talk:Contributing|Contributing discussion]] section for proposing changes and keeping track of cleanup/improvement progress.<br />
<br />
=== General improvement ===<br />
<br />
==== Formatting / Organizing ====<br />
* [http://en.wikipedia.org/wiki/Wikipedia:How_to_edit_a_page#Headings Organize and format] all articles that need it<br />
* Make sure editing an article for this will make information EASIER to read/find. That said, just about every article could do with a heavy dose of this. Function should come at the sake of looks.<br />
<br />
==== Categories ====<br />
''See: [[Special:Categories|Categories]] and [[Special:Uncategorizedpages|List of pages without category]].''<br />
<br />
The goal is to have *every* article in ''some'' category.<br />
* Make sure the categories are proper and actually apply.<br />
* Go through all articles and make categories as necessary.<br />
* Add an article to as many categories that it fits in.<br />
* Use categories to make pages drastically easier to find.<br />
* Add Development Category<br />
<br />
==== Linking ====<br />
* Inter-wiki linking, aka linking together (i.e. <nowiki>[[ Link ]]</nowiki> stuff). Make sure people know there's an article for something.<br />
* Linking to relevant websites, articles on other sites, YouTube or other video site videos in articles they're relevant to are needed.<br />
* '''See Also''' sections would definitely make finding related information much easier for users ([http://en.wikipedia.org/wiki/Linux#See_also an example]). After just a few hours of reading about progress in the Wiibrew scene, it should be obvious what articles are related.<br />
<br />
==== Vandalism ====<br />
* Vandalism most often comes in the form of nonsense and gibberish added to articles here.<br />
* If you are sure an edit to an article constitutes vandalism (e.g. intentionally false, disruptive, or crude information is added), please use the "undo" function from the article's "diff" page or undo the edit manually.<br />
* Check who made the edit, and add them to [[List of Vandals]] along with a short description of what they did wrong and a link to their contributions page.<br />
<br />
=== Needed articles ===<br />
Believe it or not, it was over a week after [[Starlet]] was announced before there was an article. One of our primary goals is to make sure articles are written quickly and, ideally, cleanly.<br />
<br />
==== Big new developments ====<br />
Keep an eye out for new developments (These tend to happen frequently) and things relevant to them. Watch the latest videos and lurk IRC for new developments. <br />
<br />
==== Copied articles ====<br />
Re-copy or write '''from scratch''' recently deleted and other articles that are copied from WiiLi or other sites. If copied, be sure to adhere with the license of the original document, to the letter. If the document has been released under the GFDL, such as WiiLi articles, provide a citation in the form of a link on the bottom of the page and a statement saying the document was released under the terms of the GNU Free Documentation License.<br />
<br />
==== All wanted pages ====<br />
The [[Special:Wantedpages|list of Wanted pages]] is short enough for just a few people to at least give a small article's worth of info on every one. If you know something, please take it upon yourself to add even a tiny bit of info! Any user can request a page by inter-linking ((<nowiki>[[Page]]</nowiki>)) to a page that doesn't exist yet. Be sure to link to pages that you want to see or think we should have!<br />
<br />
== Rules ==<br />
Needs to be said, just to be clear. The point of this wiki is to be a definitive source for information about the hardware and software that has to do with running [[homebrew]] on the Dsi. <br />
<br />
The same rules for IRC along with some other wiki-specific rules apply to the IRC. Some of the other rules are loose, some aren't.<br />
<br />
=== Definite Rules ===<br />
Break these and bad things will happen to you.<br />
* Never copy and paste articles or do any act of verbatim copying from [[ WiiLi ]] or any other source without following its licensing terms to the letter. If an article exists on a site that has a non-free license that should be here also, '''start from scratch'''. Illegally copied articles will be deleted as soon as they are noticed.<br />
** In the case of WiiLi, the [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation License] applies.<br />
*** Verbatim copying requires that a citation must be given (linking to the original article) and a statement that the original document was released under the terms of the GNU Free Documentation License.<br />
*** Modifying a copied article requirements can be found on the [http://www.gnu.org/copyleft/fdl.html GNU Free Documentation License] page under section 4<br />
* Always follow the [http://en.wikipedia.org/wiki/Wikipedia:Etiquette Principles of Wikipedia etiquette]<br />
* All [[Channel FAQ|IRC rules]]<br />
<br />
=== Loose Rules ===<br />
These are best described as "guidelines".<br />
* Make a clear effort to find where something fits before making a new article. (Chances are there's a place to put something unless it's *really* new.)<br />
* Follow the suggestions set forth in the Wikipedia Editing Tutorial. (Adding a description of each edit in the Summary box, etc.)<br />
* Proper spelling / grammar. (The latest browsers have spellchecking built in or there are plugins available to add such functionality.)<br />
* [http://en.wikipedia.org/wiki/Wikipedia:How_to_edit_a_page#Headings Organize and format] your writing<br />
<br />
There is no reason to break the rules, everything we are trying to accomplish easily fits within them. Just please don't, you waste both of our time. Offending users will be swiftly dealt with.<br />
<br />
== Closing ==<br />
The chance of someone able to make use of the information but didn't know it existed goes from 0% to 100% thanks to a well-placed link or piece of info. Every edit you make page you change to add more info, format info easier to read and absorb, and everything you link to could potentially speed up homebrew development drastically.<br />
<br />
'''Don't be afraid to edit''' — ''anyone'' can edit almost any page, and we encourage you to [http://en.wikipedia.org/wiki/Wikipedia:Be_bold_in_updating_pages be bold]! Find something that can be improved, whether content, grammar or formatting, and make it better.<br />
<br />
You can't break the wiki. Anything can be fixed or improved later. Follow the rules and contribute good edits and you'll be making friends in no time.<br />
<br />
So go ahead, edit an article and help make Wii homebrew possible! [http://wiibrew.org/index.php?title=Special:Random Welcome]. :)<br />
<br />
== Useful links ==<br />
[[Special:Recentchanges|DSiBrew Recent changes]] (Useful to see what the site has been up to and if anything needs reviewing. Also found on in the navigation on the left.)<br /><br />
[http://en.wikipedia.org/wiki/Wikipedia:Cheatsheet Wikipedia Editing Cheatsheet] (Very handy)<br /> <br />
[http://en.wikipedia.org/wiki/Wikipedia:Tutorial Wikipedia Editing tutorial] (Required reading)<br /> <br />
[http://en.wikipedia.org/wiki/Wikipedia:How_to_edit_a_page How to edit a page] (To learn how to do something, search this page)<br /><br />
[http://en.wikipedia.org/wiki/Wikipedia:Introduction_2 General Wiki Usage Info] (For the curious ones)<br /> <br />
<br />
<br />
Parts paraphrased from [http://en.wikipedia.org Wikipedia]. They were originally released under the GNU Free Documentation License.</div>Svpehttps://dsibrew.org/w/index.php?title=DSi_exploits&diff=1629DSi exploits2009-07-09T13:50:14Z<p>Svpe: </p>
<hr />
<div>This page is dedicated to the listing of exploits used used to run homebrew on the Nintendo DSi. Anyone may contribute to this list, as long as any exploits added are explained and verifiable.<br />
<br />
== DSi-mode exploits ==<br />
<br />
Team Twiizers have found a DSi-Mode Exploit and have managed to use it to run DSi Mode homebrew. However it has not yet been released. More details at : [http://hackmii.com/2009/07/dsi-mode-homebrew-anyone/] The additional hardware is just required to get a connection to a computer so that things like ram dumps can be created.<br />
<br />
== DS-mode exploits ==<br />
<br />
This type of exploit is undesirable because all DSi functionality, such as usage of the [[cameras]], is unavailable to homebrew.<br />
<br />
Blasteh (Blasty) has posted a [http://www.youtube.com/watch?v=7QHO7ctWuZ8 video on Youtube] showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08].</div>Svpehttps://dsibrew.org/w/index.php?title=User_talk:Svpe&diff=1544User talk:Svpe2009-06-24T18:14:29Z<p>Svpe: Removing all content from page</p>
<hr />
<div></div>Svpehttps://dsibrew.org/w/index.php?title=User:Svpe&diff=1543User:Svpe2009-06-24T18:14:23Z<p>Svpe: Removing all content from page</p>
<hr />
<div></div>Svpehttps://dsibrew.org/w/index.php?title=DSi_exploits&diff=920DSi exploits2009-04-17T12:36:00Z<p>Svpe: just as useful as ~10MB data read from /dev/urandom</p>
<hr />
<div>This page's [[Talk:DSi hacks|talk page]] is dedicated to the discussion and furthering of an exploit on the DSi that can be used for homebrew. We will use this page to update important updates in the project. Feel free to contribute.<br />
<br />
== Current Hacks ==<br />
<br />
=== Blasty's hack ===<br />
<br />
Blasteh (Blasty) has posted a video on Youtube showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08]. Several people are currently working on this hack.<br />
<br />
[http://www.youtube.com/watch?v=7QHO7ctWuZ8 Video]<br />
<br />
=== Yasu's hack ===<br />
<br />
Inthegray has posted a video on Youtube showing homebrew but it is not known whether it is a real exploit or just a flashcart.(he should obviously show if he is) Yasu is credited as the programmer.<br />
<br />
[http://www.youtube.com/watch?v=s1OT4oSUKtc Video 1] <br /><br />
[http://www.youtube.com/watch?v=uaKxWSENwGo Video 2] <br /><br />
[http://tinycartridge.com/post/58843578/homebrew-ds-game-played-on-dsi-yasu-the-same Source]<br />
<br />
== Working on a hack ? ==<br />
<br />
If you are working on a hack for the Nintendo DSi and need help, feel free to talk about it on the talk page or update this page to write informations on your hack. Please only do this if you have actually made any progress, and have proof (for example a video or some technical information on what you have done or what you have found out from doing it) proving that you have. This is not a list for possible ideas or team recruitment.</div>Svpehttps://dsibrew.org/w/index.php?title=DSi_exploits&diff=830DSi exploits2009-04-14T23:13:42Z<p>Svpe: see talk page</p>
<hr />
<div>This page's [[Talk:DSi hacks|talk page]] is dedicated to the discussion and furthering of an exploit on the DSi that can be used for homebrew. We will use this page to update important updates in the project. Feel free to contribute.<br />
<br />
== Current Hacks ==<br />
<br />
=== Blasty's hack ===<br />
<br />
Blasteh (Blasty) has posted a video on Youtube showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08]. Several people are currently working on this hack.<br />
<br />
[http://www.youtube.com/watch?v=7QHO7ctWuZ8 Video]<br />
<br />
=== Yasu's hack ===<br />
<br />
Inthegray has posted a video on Youtube showing homebrew but it is not known whether it is a real exploit or just a flashcart. Yasu is credited as the programmer.<br />
<br />
[http://www.youtube.com/watch?v=s1OT4oSUKtc Video 1] <br /><br />
[http://www.youtube.com/watch?v=uaKxWSENwGo Video 2] <br /><br />
[http://tinycartridge.com/post/58843578/homebrew-ds-game-played-on-dsi-yasu-the-same Source]<br />
<br />
== Working on a hack ? ==<br />
<br />
If you are working on a hack for the Nintendo DSi and need help, feel free to talk about it on the talk page or update this page to write informations on your hack. Please only do this if you have actually made any progress. This is not a list for possible ideas or team recruitment.</div>Svpehttps://dsibrew.org/w/index.php?title=User_talk:Funkamatic&diff=829User talk:Funkamatic2009-04-14T23:12:31Z<p>Svpe: </p>
<hr />
<div>== Feel free to talk! ==<br />
<br />
Hello, the DSI_Hacks page is intended to show a list of actually working hacks for the DSi and not to recruit people for something that is not even remotely possible at the moment. I have yet to see any evidence of those guys actually hacking the DSi instead of looking for other people who are capable to do said thing. Those claims made on the GBAtemp page clearly show that those guys working on this so-called hack have actually no clue about what they are doing. They may be good programmers but please refrain from adding such rumors to wiki pages. You are free to add this again when you have actually archived anything. Please come #dsidev at EFNet before adding this to the page again. thanks --[[User:Svpe|Svpe]] 23:12, 14 April 2009 (UTC)</div>Svpehttps://dsibrew.org/w/index.php?title=DSi_exploits&diff=814DSi exploits2009-04-14T17:23:00Z<p>Svpe: less fail</p>
<hr />
<div>This page's [[Talk:DSi hacks|talk page]] is dedicated to the discussion and furthering of an exploit on the DSi that can be used for homebrew. We will use this page to update important updates in the project. Feel free to contribute.<br />
<br />
== Current Hacks ==<br />
<br />
=== Blasty's hack ===<br />
<br />
Blasteh (Blasty) has posted a video on Youtube showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08].<br />
<br />
[http://www.youtube.com/watch?v=7QHO7ctWuZ8 Video]<br />
<br />
=== Yasu's hack ===<br />
<br />
Inthegray has posted a video on Youtube showing homebrew but it is not known whether it is a real exploit or just a flashcart. Yasu is credited as the programmer.<br />
<br />
[http://www.youtube.com/watch?v=s1OT4oSUKtc Video 1] <br /><br />
[http://www.youtube.com/watch?v=uaKxWSENwGo Video 2] <br /><br />
[http://tinycartridge.com/post/58843578/homebrew-ds-game-played-on-dsi-yasu-the-same Source]</div>Svpehttps://dsibrew.org/w/index.php?title=Private/ds/title/HNB_.lst&diff=324Private/ds/title/HNB .lst2009-04-05T17:52:15Z<p>Svpe: checksum != hash</p>
<hr />
<div>HNB_.lst is a file created on the SD Card (/private/ds/title/) when a DSi application/game is copied in the SD Card from Data Manager.<br />
<br />
It contains the lower title-ids of the titles copied to the SD Card, each in 32-bit words.<br />
<br />
At the end of the file there's a 16-bit checksum to prevent data corruption.</div>Svpehttps://dsibrew.org/w/index.php?title=Title_database&diff=323Title database2009-04-05T17:50:12Z<p>Svpe: no, we do not care about your attention deficit</p>
<hr />
<div>The Nintendo DSi uses the same title scheme and update servers as the Wii, but they introduced a new (currently unknown) common-key for the DSi title decryption. <br />
<br />
The following "DSiWare" titles have been seen:<br />
00030004: 484e474a ('HNGJ') (DSi Web Browser)<br />
4b41414a ('KAAJ')<br />
4b41444a ('KADJ')<br />
4b414d4a ('KAMJ') <br />
4b44394a ('K9DJ')<br />
4b47554a ('KGUJ')<br />
4b4d394a ('KM9J')<br />
4b4d464a ('KMFJ') <br />
4b4d534a ('KMSJ')<br />
4b4e444a ('KNDJ')<br />
4b4e524a ('KNRJ') <br />
4b50364a ('KP6J')<br />
4b54504a ('KTPJ')<br />
4b55574a ('KUWJ')<br />
<br />
The following "System" titles have been seen:<br />
00030005: 484e494a ('HNIJ') (v256)<br />
48434a4a ('HNJJ') (v512)<br />
48434a45 ('HNJE') (v512)<br />
48434a50 ('HNJP') (v512)<br />
48434b4a ('HNKJ') (v256)<br />
48434b45 ('HNKE') (v256)<br />
48434b50 ('HNKP') (v256)<br />
0003000f: 484e4c4a ('HNLJ') (v1, v2, v3)<br />
484e4c45 ('HNLE') (v3)<br />
484e4c50 ('HNLP') (v3)<br />
484e4341 ('HNCA') (v256)<br />
00030015: 484e464a ('HNFJ') (v1024, v1280, v1536)-- apparently the "firmware"<br />
484e4645 ('HNFE') (v1536)<br />
484e4650 ('HNFP') (v1536)<br />
00030017: 484e414a ('HNAJ') (v256)<br />
<br />
As with on the Wii, the TMD for these titles may be fetched at e.g. http://nus.cdn.t.shop.nintendowifi.net/ccs/download/0003000f484e4c4a/tmd.<br />
<br />
The official list is located here : http://www.nintendo.co.jp/ds/dsiware/titlelist.html<br />
<br />
Each game specific url uses above 4 letter code.<br />
<br />
== Title database ==<br />
<br />
=== DSi Ware ===<br />
<br />
{| class="wikitable sortable" width="100%"<br />
|-<br />
! Title ID<br />
! Type<br />
! Region<br />
! Name<br />
|-<br />
| PGNH (484E4750)<br />
| Application<br />
| PAL<br />
| [[Nintendo DSi Browser]]<br />
|-<br />
| HNGJ (484E474A)<br />
| Application<br />
| JAP<br />
| [[Nintendo DSi Browser]]<br />
|-<br />
| KUWV (4B555756)<br />
| Game<br />
| ?<br />
| WarioWare: Snapped<br />
|-<br />
| KUWJ (4B55574A)<br />
| Game<br />
| JAP<br />
| Utsutsu! Made in Wario<br />
|-<br />
| KADJ (4B41444A)<br />
| Game<br />
| JAP<br />
| Art Style : DECODE<br />
|-<br />
| KNRJ (4B4E524A)<br />
| Game<br />
| JAP<br />
| Brain Training - Science version<br />
|-<br />
| KTPJ (4B54504A)<br />
| Game<br />
| JAP<br />
| Asobi Taizen<br />
|-<br />
| KD9J (4B44394A)<br />
| Game<br />
| JAP<br />
| Dr. Mario <br />
|-<br />
| KP6J (4B50364A)<br />
| Game<br />
| JAP<br />
| Tori to Mame<br />
|-<br />
| KAMJ (4B414D4A)<br />
| Game<br />
| JAP<br />
| Kami Hikouki<br />
|-<br />
| KMSJ (4B4D534A)<br />
| Game<br />
| JAP<br />
| 3-tsu no Shuffle Game<br />
|-<br />
| KMFJ (4B4D464A)<br />
| Game<br />
| JAP<br />
| Funny Face<br />
|-<br />
| KM9J (4B4D394A)<br />
| Game<br />
| JAP<br />
| Osoroshii Suuji<br />
|-<br />
| KGUJ (4B47554A)<br />
| Game<br />
| JAP<br />
| Ugoku Memo Chou<br />
|}<br />
<br />
=== System ===<br />
<br />
To do...</div>Svpe