DCEmu Homebrew Emulation & Theme Park News
wraggster
by Published on May 5th, 2008 19:54
Bushing is back with another article
As promised:...
A friend whose Wii I bricked was kind enough to hook me up with an Infectus chip to use as a NAND Flash programmer in my UnbrickMii project. I’ve spent the last couple of weeks just trying to get it to work, and have run into several, um, speedbumps along the way.
No Mac or Linux support. This one wasn’t really a surprise, but is still frustrating. That’s what VMWare is for, I suppose, and there’s always my old, shitty Dell laptop.
Inflexible programming. You basically get a “Program firmware” and a “Dump firmware” command. There is no way to specify a range of bytes to program.
“Erase” command is broken. It only erases half of the chip, twice. I’m not sure how anyone has actually managed to use this to restore a Wii dump
Verification is, too. There’s a “write verify” option, but it always fails when trying to program a Wii chip. Apparently, it does not correctly handle large-block flash chips, meaning that it tries to write 512 bytes, and then verify 2048 bytes, and then refuses to program any further.
Provided software makes permanent, irreversible changes to device. When you install the 0.0.3.9 software available from the Infectus site, it reflashes the firmware inside the SiLabs MCU that serves as the USB interface to the Actel chip. This means you can no longer use any older versions of the Infectus Programmer software. Well, I hope this version is a good version, then!
It’s not. It locks up whenever you try to select the NAND Programmer option. Ooops. (It turns out that you can work around this by selecting the “Timing Attack (Homebrew)” option, and then restarting the program — but this is hardly obvious, and you still run into the problems listed above.
Non-existent documentation. I’m a DIY sort, so I don’t need much — however, there is a fine art to reprogramming a flash-chip, in circuit, while the host system is still running. Some of the other pages on the Infectus site give directions for other consoles (”start a game and press pause, then program the chip”), etc. None of this was given for the Wii, which left many people guessing on their message board, and as far as I can tell nobody has gotten it right.
The last problem is probably the most pernicious, because it means that any dump taken with the Infectus has a high likelyhood of being corrupted, and the only way you’ll find this out is if you try to write the dump back to your flash chip and boot your Wii. Of course, if your dump IS corrupted, then you’ve just bricked your Wii, because there is currently no way to obtain compatible flash chips that you could use as spares. (If you know of a source, please let me know!)
So, what to do?
First, let me gather my courage and show you the way I ended up installing the chip in my test Wii (not yet the bricked one):
The key thing here is that little push-button — connected between D0 and ground. If you power on the Wii, even if nothing appears on the screen, the Starlet will still start up and write to your NAND flash. It does this every few minutes. If this ever happens while you’re trying to read or write to the flash chip, your dump is toast, and the contents of the flash may be corrupted. It is NOT enough to just remote the BT or Wifi modules to keep the thing from booting.
Instead, follow this sequence:
Plug in power cable to Wii. Observe power light coming on (red or orange LED).
Hold down special pushbutton to short D0 to ground.
Press Power button on front of Wii — watch LED turn green.
After LED turns green, release D0 button. You only need to keep that button held down for maybe half a second.
When the Wii turns on and the LED goes green, boot0 will run and it will try to load boot1 from the NAND flash. If you hold down D0, it will fail, and everything will halt; this will keep power applied to the NAND flash chip, but it won’t try to access the chip.
You’re now most of the way there — at least, electrically. (If you look closely, I had to add a second ground wire to the bottom -right of the Infectus chip — I explained why here.)
However, there’s still the problem that the software is entirely broken, and doesn’t even work on my MacBook Pro. So, I did what any good hacker would do — I reverse-engineered the protocol and wrote my own Mac client (which is also a Linux client, and probably a Windows client, too — but I don’t know how to compile it for Windows). It’s still pretty minimal, but I’ve used it to brick and restore this Wii about 10-15 times without problems. I’m sure you can find plenty of bugs and missing features — and if you do, please send patches my way and I’ll update the program.by Published on May 5th, 2008 19:53
New article from Bushing:
So, here’s my big project for, well, this quarter or so. I’d like to be able to unbrick a Wii. Any Wii. I think you could rightfully call this the “Holy Grail” of Wii-Hacking projects right now — many have tried, some have written about it, and to my knowledge, nobody has succeeded. It still won’t be easy, but I believe we now know what must be done and have some ideas about how to do it....
The problem: The Wii has a single-string bootup system, with several points of failure and no safety or recovery mechanisms. It appears to have been designed with the assumption that internal testing (by Nintendo) can catch all problems that would prevent the unit from booting, and that the other failures would be rare enough that they could be dealt with at the Nintendo factory.
This was first discovered when people bricked their consoles by installing System Menu updates from “import” games. This is a pretty ****ing lame problem, but it is obviously something that didn’t occur to Nintendo to test. Fortunately (for them), playing import games required that you physically tamper with your Wii, voiding your warranty in the process. So, this oversight on their part didn’t really cost them any money.
Lately, the situation has grown more complicated. Many new (official) updates have been released, each of which carries a minute risk of bricking. Datel’s Freeloader (among others) allows playing of import games without any visible modification of the console. The Twilight Hack allows unsigned code to be run; this can then be used to modify system files (e.g. banners), and there seems to be little to no error recovery built into any of the existing system software. Oops.
So, you install a slightly-corrupted channel banner while experimenting with channel creation, and now your Wii freezes on the “warning screen” (with the throbbing “Press A”). Now what?
Here are a few ideas that have been suggested but will not work:
Replace flash chip with one from another console (or a cloned one from another console): Will not work because each Wii uses two unique keys to read and write the contents of the flash chip. These keys are not tied to a particular flash chip, but rather are stored inside the Hollywood chip.
Backup flash chip, and then later reflash chip from backup: This is almost viable, but it requires that you have a clean backup of your particular Wii before you brick it. This applies to very, very few people, because it requires foresight and special equipment which is difficult to install. More on this later.
Use some magic boot disc to “repair” the Wii: This will not work. The System Menu is the only software which knows how to boot a Wii Disc; if it does not run, you can’t use a disc to do anything.
Plug some special USB dongle / memory card / SD card / Wifi thingy in to trigger a hidden recovery mode (ala the Pandora Battery): This is a neat idea, but it won’t work. Support for this would have had to be specifically written into the Wii system software, and after 6-8 months of auditing the Wii’s boot path, I’m pretty confident that no such code exists.
Maintenance Mode: Sorry, folks. Wishing something will fix your Wii won’t make it happen.
Fix the specific bugs in the software which cause it to be so fragile: This is a nice idea, and one we will pursue someday. However, it’s not a fix for the current bricking problem, because A) you can’t patch bugs on a system you can’t boot, B) patching the bugs is risky and will brick your system if you’re not careful, and C) most bricking scenarios happen when new software is installed; this means that any defensive patches you would make would be wiped out when they would be most needed.
So, with all of those out of the way, what’s left? What can we do?
We need to modify the encrypted contents of a Wii’s NAND Flash filesystem in a way such that whatever damage or corruption will no longer interrupt the boot process, without disturbing the security mechanisms that try to prevent us from doing this.
There’s a lot there, but since we’re engineers, we can apply good engineering practice and break this up into several discrete problems. Each of these is complicated enough to deserve (and will receive) its own blog entry, but I’ll give an overview here before I go to bed:
Hardware access to the NAND flash: We need to be able to read and write the raw contents of the NAND flash, even on a unit that is bricked. This requires a hardware solution. The cheapest and most common solution is the Infectus chip, which has severe problems that prevent it from being used without custom software that has yet to be written
Keys: In order to read and modify the raw contents of the NAND flash chip, we need to be able to extract this data from the Hollywood / Starlet. Tmbinc demonstrated this using sophisticated equipment — we should be able to do this with a modified /by Published on May 5th, 2008 19:49
BLU-RAY PLAYER SALES are sucking wind as well they should. According to Cnet, sales of the DRM infected format players are dropping like rocks.
The not so bright people out there had expected sales to skyrocket once the format war was done, but it didn't. They thought was people would ignore the massive defects of Blu-ray and buy like the dumb sheep that they are, handcuffing themselves to the Sony bank account.
Surprise, it didn't happen. US consumers are still dumb sheep, but this time they are realizing what is being done to them and they aren't biting. Sony's hope of having 50% of disc sales this year be Blu-ray are more likely to happen because of falling DVD sales than rocketing Blu-ray.
The format has three problems, DRM infections, BD-J and greed. The greed part is obvious, Sony won the format war and are trying to charge people between 50 and 100% more for a product with marginally better quality. Sure, it looks better, and the 0.07% of people with 7.1 channel audio setups will be overjoyed, but for the rest, it is a small step at best over an upconverting DVD.
Are you going to buy the DVD version for $16.99 on new release sale or $29.99 for the BD? It doesn't take a genius to realize that the next iteration of Hollywood Formula #7 with Big Stars #3 and #8 isn't worth it. The movie studios have yet to convince me that The Water Horse is worth spending my money on at all, much less at twice the price for DRM'd HD versions.
That brings us to the next down side, there is no up, DRM. Every Blu-ray disc is DRM infected even if the producer doesn't want it to be, in order to get a company to manufacture it, it must be infected. Sony gets an infection kickback fee as well, so don't think it is purely for protection unless you mean it in the -racket sense.
Blu-ray DRM infections do not protect anything, Slysoft has cracked it with their excellent AnyDVD HD product, something I can't recommend enough. Basically, new DRM schemes are broken before you can buy discs with them on it, protecting nothing. It will however prevent legitimate users from using legally purchased media on legally purchased hardware. If you pirate though, no more compatibility issues, once again making Piracy the Better Choice (TM)(C)(R).
Basically the new format has DRM baked in and in your face. It costs you money, hurts only legitimate users, and is laughably insecure. Until it is abolished, just say no to Blu-ray and spend your money elsewhere, try books for example. If you must stoop to the DRM infected media, crack it and run it from your HD, it will save you immense frustration.
The last thing that makes people want to run for the hills is the badly broken BD-J abomination. Basically, when Blu-ray was 'finished', it wasn't close to done. HD-DVD on the other hand was well thought out and thorough, HD had a robust virtual machine that did all the work it needed to, and BD had none. Sony rushed a hacked BD v1.1 out, followed by 2.0, and instantly obsoleted all the money spent by the early adopters. All except those who bought Sony players of course.
There are two problems with this, other than the fact that morons spent money on a Sony format, it works like crap and it phones home, both comprise the third negative. Working like crap is the obvious one, to test it, look at one of the flagship titles, Pirates of the Caribbean 3. Disney insists on BD-J, customer be damned, and it shows. If you click on any of the options from the title menu, it pauses, you hear the disc seek, you wait, it loads, you wait more, and it decrypts, you wait a little more, and then the menu animates. It is nothing short of a disaster that you can't skip. Unless you pirate the title, once a gain making piracy the better choice (TM)(R)(C).
In any case, the BD-J support is so half-assed and broken that using it is nothing less than misery, but you also get the BD benefits as well. That is incompatibility and higher prices to soothe you while you wait and wait and wait. Whoever forced this on people should be shot.
The other down side is that to support the so called Profile 2.0, you must have internet capabilities and access. Anyone here trust Sony? Remember, these are the people who unashamedly rootkit paying customers and then tries as hard as they can to bury it, but never apologizes.
With the new BD Profile 2.0, they can run arbitrary code on your player, download and install whatever they want (You read the EULA didn't you?), and take any data they want. In return, you get the privilege of watching your legally purchased media on your legally purchased players. Fair trade, right? Once again, Piracy is the Better Choice(R)(TM)(C), it doesn't rat you out to unrepentant rootkitters even if they have a EULA behind them this time.
In the end, if you buy Blu-ray, you get a more expensive product that is likely incompatible with your hardware, DRM'd to the hilt, slow as dirt and it rats you out for good measure. All this for slightly better ...by Published on May 5th, 2008 19:48
anomalous_underdog has again updated his Text Editor for the Nintendo DS:
current release: revision 103
http://dl.sharesource.org/blarghtext...ditor.r103.zip
http://www.zshare.net/download/11528400d5b3077e/
the source code is also available (licensed in GPL v3):
http://dl.sharesource.org/blarghtext...r.src.r103.zip
since I'm lazy I'll just paste the SVN logs that I've put since the last release
Quote:
Revision: 103
Author: anomalous_underdog
Date: 2008-May-04 22.25.16
Message:
Added placeholder values for cut, copy, paste, home, end, undo, redo, and search.
----
Modified : /branches/BLARGHTextEditor-UsingLineData/BLARGHTextEditor/source/Underdog/Gui/HexGrid.cpp
Modified : /branches/BLARGHTextEditor-UsingLineData/BLARGHTextEditor/source/Underdog/Gui/HexGrid.h
Modified : /branches/BLARGHTextEditor-UsingLineData/BLARGHTextEditor/source/Underdog/Gui/TextBox.cpp
Modified : /branches/BLARGHTextEditor-UsingLineData/BLARGHTextEditor/source/Underdog/Gui/TextBox.h
Give Feedback Here --> http://nintendo-ds.dcemu.co.uk/nds-b...or-103250.html ...by Published on May 5th, 2008 19:46
via pdroms
Home is designed to allow easy viewing of critical information on one screen with quick access for locking the device, changing sound profiles, wireless, battery and general settings.
http://forum.xda-developers.com/showthread.php?t=389689 ...by Published on May 5th, 2008 19:45
via pdroms
Hi all,
this is just another auto locking program.
The difference is that it uses the Windows Lock and it can be activated:
a. A few seconds after the screen has deemed (Backlight has been reduced due to user inactivity) and/or
b. After the device has waken up.
Also during the above the program can run a specified executable/registered file together with any command line arguments that might be required.
The behavior of this program is driven by the next key/values:
> Key
HKEY_LOCAL_MACHINE\Software\CSDevCtrl\Options
> Values
- LockWhileOnExternalPwr=0 or 1
If set to 1 it will lock the device even while running on external power.
- LockAfterWake=0 or 1
If set to 1 it will lock the device after the device has waken (not soft reset).
- LockAfterWakeOnlyBlthOn= 0 or 1
If set to 1 it will lock the device after the device has waken (not soft reset) and Bluetooth is on.
- DelayBeforeLockMsAfterWake=250
Time in ms to wait before applying the lock from wake and running any program (no need to change).
- LockAfterDim=0 or 1
If set to 1 it will lock the device after the screen has dimmed (user inactive).
- DelayBeforeLockMs=250
Time in ms to wait before applying the lock from dim and running any program (no need to change)
- LockAfterDimSeconds=10
Time in seconds to wait before applying the lock once the screen has dimmed.
- ShowTodayAfterLock=0 or 1
If set to 1 it will bring the Windows Today Screen after applying the user selected lock.
-- AfterTodayRunFilePath=XXX
XXX (if not left blank) it can be an executable/registed file which will be run after the lock and the Today focus
-- AfterTodayRunFileParm=XXX
XXX (if not left blank) they are the command line arguments of the previous option.
-- LockAndBackAfterToday=0 or 1
If set to 1, after unlocking the Today screen will be hidden so that the rest of the windows are visible.
If set to 0 then the next values will be used
-- AfterLockRunFilePath=XXX
XXX (if not left blank) it can be an executable/registed file which will be run after the lock.
-- AfterLockRunFileParm=XXX
XXX (if not left blank) they are the command line arguments of the previous option.
To install it:
> copy the csdevctrl.exe to a folder
The initial run of the program, will create the registry keys with default values which are:
- LockAfterWakeOnlyBlthOn= 0
- LockWhileOnExternalPwr=0
- LockAfterWake=1
- DelayBeforeLockMsAfterWake=250
- LockAfterDim=1
- DelayBeforeLockMs=250
- LockAfterDimSeconds=10
- ShowTodayAfterLock=1
-- AfterTodayRunFilePath=(Blank)
-- AfterTodayRunFileParm=(Blank)
-- LockAndBackAfterToday=1
-- AfterLockRunFilePath=(Blank)
-- AfterLockRunFileParm=(Blank)
To run it:
Simply run it and it will spawn at the background as another process.
Running the program second time will cause the program to exit (It will show a confirmation window which will close in 3 seconds unless you close it sooner).
To uninstall it, close the process as usual (run it again or kill the process) and delete the file.
Also delete the registry key HKEY_LOCAL_MACHINE\Software\CSDevCtrl\Options
As a note, do not rename the csdevctrl.exe as the uninstall depends on this name.
It has been compiled for WM5 so it should run on both WM5/WM6 (i am using a Kaiser with WM6.1)
Have fun
Chris
P.S:
I can not upload the new version, seems there is a problem with the xda side.
This is the rapidshare link instead:
http://rapidshare.com/files/11228207...ctrl-v.2.5.zip
Changes:
Added option to lock only if bluetooth is on after wake
http://forum.xda-developers.com/showthread.php?t=386451 ...by Published on May 5th, 2008 19:43
via pdroms
Quad is a Tetris game written using (less than) 100 GL-Basic commands.
http://forum.gp2x.de/viewtopic.php?f=22&t=5480 ...by Published on May 5th, 2008 19:41
Start Dev-Cpp (GP2x Version)
Make new Application
There is a button with a Paper and a Plus (Zum Projekt hinzufügen; Add to Project?)
Add SDL_Utilities.cpp
in the main write
#include "SDL_Utilities.h"
Copy all files in the Project dir
Questions: http://forum.gp2x.de/viewforum.php?f=8
Sorry for my Bad English
http://archive.gp2x.de/cgi-bin/cfile...,0,0,0,19,2580 ...by Published on May 5th, 2008 19:40
Flip the visible-light images of the Universe into infrared-light images, by clicking on the gameboard. Programmed using GLBasic.
http://archive.gp2x.de/cgi-bin/cfile...,0,0,0,25,2579 ...by Published on May 5th, 2008 19:37
PlayStation 2 Rock Band owners have to be sick of playing the same songs over and over again by now, and with Wii owners eagerly awaiting the June 22nd release of the game, the question of delivering downloadable content to the online-handicapped systems is finally being addressed - offline.
MTV Games, Harmonix, and EA will be releasing the Rock Band Track Pack Volume 1 for the PS2 and the Wii on July 15th. $29.99 at your local game purveyor nets you an additional 20 songs for the game, chosen from the DLC already available on the PS3 and 360. It's an okay mix I suppose, with some of my favorites - NIN's "March of the Pigs", Faith No More's "We Care A Lot", and Weezer's "Buddy Holly", but I much prefer being able to pick and choose my songs rather than be handed a chunk all at once.
I am going to assume these packs are standalone, going by the size of the files and both systems lacking a hard disk. Still, more Rock Band fun is more Rock Band fun, right?
http://kotaku.com/387195/wii-and-ps2...-packs-in-july ...- Search DCEmu
- Advert 3
News Categories
- Links of Interest
Sony Consoles News
- Nintendo Consoles News
- Sega Consoles News
- Apple & Android News
- Xbox Consoles News
- Open Source Consoles News
DCEmu News Archive
- Advert
- Retro Consoles News
- PC News
- Latest DCEmu News
- DCEmu Network Sites
-
Menu 
Forum Stats
- What is the DCEmu Homebrew & Gaming Network
Catherine: Full Body’s English translation for the Vita