Discover > Answered Question
 |
where do i find the pin for my ds game?
|
No Clarification Requests
Answer
|
User Rating:
 
Compliment Answer:
Answer Compliments:
0
|
Hope this helps...
Nintendo DS passthrough methods
A so-called "passthrough" method is needed to get homebrew DS programs to run on a Nintendo DS handheld video game system.
...
Nintendo DS passthrough methods
A so-called "passthrough" method is needed to get homebrew DS programs to run on a Nintendo DS handheld video game system.
...
Hope this helps...
Nintendo DS passthrough methods
A so-called "passthrough" method is needed to get homebrew DS programs to run on a Nintendo DS handheld video game system.
Contents
Intro
Generation 1 (PassMe, WMB, WiFiMe, FlashMe)
Generation 2 (PPFlash, PassMe2, FlashMe5, TakeMeOut)
Generation 3 (NoPass)
Future generations (PPFlash Lite, WiFiMe2, JamMe, SaveMe, PetMe)
Legal
Generation 1
The Nintendo DS firmware version 1 through 3 had a couple bugs that let us redirect execution to GBA ROM space. For one thing, the DS card loader did not do any range checking to make sure that a program's run address was within the memory used by the card. For another, DS Download Play ordinarily uses only programs signed by Nintendo, but the early firmware took the run address from a separate, unsigned header.
PassMe
PassMe is a Game Genie-style adapter that sits between a DS card and the DS slot. When the Nintendo DS tries to read the card's header, the PassMe CPLD[?] changes the header so that the run address points to GBA ROM space. Customers in most of the developed world can purchase them here or here.
Wireless Multiboot (WMB)
This Windows application by FireFly requires a PCI or PCMCIA wireless network card using the Ralink chipset. It can send small programs signed by Nintendo to the "DS Download Play" function of a receiving DS.
WiFiMe
The first version of the Nintendo DS BIOS's DS Download Play used a run address from a header that sat outside the digitally signed portion of the code and data. WiFiMe is a DS Download Play program extracted from Super Mario 64 DS with the run address changed to GBA ROM space, but it could have been any DS Download Play program. Here is a tutorial for using WMB and WiFiMe.
FlashMe
FlashMe overwrites the Nintendo DS firmware with a modified version that checks GBA ROM space for DS-aware code, jumping to it if present, before doing anything else. It also removes the digital signature check from DS Download Play, allowing it to receive homebrew .nds files sent by WMB. This is the counterpart to the "soft mod" on the Xbox that replaces the console's dashboard. The name FlashMe has nothing to do with flashing lights (which are alleged to cause seizures in sensitive individuals); instead, it refers to the flash memory that contains the firmware.
Generation 2
Nintendo fixed the bugs in the Nintendo DS firmware version 4, adding range checks to the DS card startup code (blocking PassMe) and using a separate run address within the signed portion of the DS Download Play program (blocking WiFiMe). But the BIOS, which sits at a lower level than the firmware, still has bugs that allow redirecting execution to GBA SRAM space, which is ordinarily used for saving game characters, levels, scores, etc.
In addition, Nintendo's Internet Wi-Fi code overwrites an area of DS firmware that the original FlashMe developers didn't know was reserved for future use. This was first observed with Mario Kart DS turning Nintendo DS systems into "bricks".
Methods of Generation 2 will stay effective much longer than those of Generation 1, as it's much harder for Nintendo to change the BIOS than to change the firmware. Unlike the firmware, which is a standard flash memory chip that can be reprogrammed in-circuit or out-of-circuit, the BIOS is a mask ROM on the same die as the CPU, which cannot be reprogrammed without an expensive retool of the CPU masks.
PPFlash
After a "bricker", or program that erased the DS firmware, appeared from the warez scene, DarkFader offered an apology and an antidote. The "ppflash" utility from DarkFader's DS page can restore the firmware, but the process involves soldering a cable from the PC's parallel port to the DS's firmware chip. The ppflash program installs part of FlashMe so that you can use the recovery code (A+B+Select+Start+power) to install the rest of FlashMe. For more information about the bricker and ppflash, see DS Bricker@PHWiki.
PassMe2
This is the same hardware as PassMe with a new program on its CPLD. This time the device changes the header's run address to an out-of-range Nintendo DS BIOS call that jumps to shellcode in SRAM. This method requires the card's CPLD to be reprogrammed to work with each specific DS game. Not all games are compatible, as the method requires specific data bytes to be present in the game's initial code and data segments. (DarkFader maintains a list of compatible and incompatible games.) It also requires a GBA card with SRAM, making it impossible on the GBAMP and unwieldy on other cards, but it's useful for installing FlashMe. The same online stores selling PassMe units are now selling PassMe2 units; see above.
FlashMe version 5
FlashMe was recompressed so that the important parts fit within the write-protected area of the DS firmware chip, which will never be overwritten by any licensed Nintendo DS game. So even if games start writing to even more areas that were originally thought to be unused, FlashMe users are still safe.
TakeMeOut
In January 2006, it was discovered that the user can determine which version of firmware is installed on a given DS. The procedure involves inserting a DS game, powering on the DS, entering PictoChat, ejecting the DS game while the DS is still on (demonstration), and looking up the colors of the screens in a table. DS Firmware at PHWiki has details. (The name TakeMeOut comes from the music played behind the demonstration and a similar demonstration of in-game eject on the Sony PSP, which is "Take Me Out" by Franz Ferdinand.)
Generation 3
From left to right: the PassMe adapter and a NoPass card. PassMe2 does not work with the GBA Movie Player, which was a popular method of running DS homebrew programs during Generation 1. In addition, the DS lite's new motherboard made it more difficult to execute FlashMe successfully. So homebrew developers continued to look for new boot methods.
NoPass
On January 24, 2006, it was revealed that the encryption on Nintendo DS Game Cards had been cracked by Martin Korth, author of the no$gba emulator. This could easily lead to a device that plugs into SLOT-1 of the DS and does not need an official game plugged into it, which pepsiman has dubbed "NoPass". By the end of April, Datel had implemented NoPass in a product called Max Media Launcher, and Dan2552 reports that it works with GBAMP even on the new firmware. However, it can still take a while to ship.
In August 2006, rewritable DS cards such as Ninjapass began to appear. Originally, the term "NoPass-RW" (rewritable) was suggested on analogy with CD-RW, but the community has standard on the name "SLOT-1 flash cards" for these products. Many SLOT-1 flash cards such as R4 are adapters for microSD media, much like the GBA Movie Player and SuperCard SLOT-2 products.
Future generations?
All these boot methods are still centered around the PC. Therefore, we will still need to look for more boot methods. Some of the suggestions that have been posted to forum.gbadev.org and elsewhere generally involve tricking a licensed program into loading and running custom code. This could be "shellcode" that sets up the DS to jump to GBA ROM as with PassMe, or in some cases it could be up to 4 MB of custom code in a .nds file. In the latter case, it would even be possible to have a homebrew-capable DS boot a stock DS. However, none of the following suggestions are under actual development unless otherwise noted.
PPFlash Lite
Unlike the original Nintendo DS firmware chip, which is soldered in, the DS lite's firmware chip sits in a socket. It'd probably be easy to create instructions to build a PPFlash cable that would allow the chip to be removed from the DS lite, flashed with PPFlash, and replaced.
WiFiMe2
Several Nintendo DS games that support DS Download Play will send an initial segment to the other DS systems, and then this segment will receive the actual game code and data.
Nintendo DS passthrough methods
A so-called "passthrough" method is needed to get homebrew DS programs to run on a Nintendo DS handheld video game system.
Contents
Intro
Generation 1 (PassMe, WMB, WiFiMe, FlashMe)
Generation 2 (PPFlash, PassMe2, FlashMe5, TakeMeOut)
Generation 3 (NoPass)
Future generations (PPFlash Lite, WiFiMe2, JamMe, SaveMe, PetMe)
Legal
Generation 1
The Nintendo DS firmware version 1 through 3 had a couple bugs that let us redirect execution to GBA ROM space. For one thing, the DS card loader did not do any range checking to make sure that a program's run address was within the memory used by the card. For another, DS Download Play ordinarily uses only programs signed by Nintendo, but the early firmware took the run address from a separate, unsigned header.
PassMe
PassMe is a Game Genie-style adapter that sits between a DS card and the DS slot. When the Nintendo DS tries to read the card's header, the PassMe CPLD[?] changes the header so that the run address points to GBA ROM space. Customers in most of the developed world can purchase them here or here.
Wireless Multiboot (WMB)
This Windows application by FireFly requires a PCI or PCMCIA wireless network card using the Ralink chipset. It can send small programs signed by Nintendo to the "DS Download Play" function of a receiving DS.
WiFiMe
The first version of the Nintendo DS BIOS's DS Download Play used a run address from a header that sat outside the digitally signed portion of the code and data. WiFiMe is a DS Download Play program extracted from Super Mario 64 DS with the run address changed to GBA ROM space, but it could have been any DS Download Play program. Here is a tutorial for using WMB and WiFiMe.
FlashMe
FlashMe overwrites the Nintendo DS firmware with a modified version that checks GBA ROM space for DS-aware code, jumping to it if present, before doing anything else. It also removes the digital signature check from DS Download Play, allowing it to receive homebrew .nds files sent by WMB. This is the counterpart to the "soft mod" on the Xbox that replaces the console's dashboard. The name FlashMe has nothing to do with flashing lights (which are alleged to cause seizures in sensitive individuals); instead, it refers to the flash memory that contains the firmware.
Generation 2
Nintendo fixed the bugs in the Nintendo DS firmware version 4, adding range checks to the DS card startup code (blocking PassMe) and using a separate run address within the signed portion of the DS Download Play program (blocking WiFiMe). But the BIOS, which sits at a lower level than the firmware, still has bugs that allow redirecting execution to GBA SRAM space, which is ordinarily used for saving game characters, levels, scores, etc.
In addition, Nintendo's Internet Wi-Fi code overwrites an area of DS firmware that the original FlashMe developers didn't know was reserved for future use. This was first observed with Mario Kart DS turning Nintendo DS systems into "bricks".
Methods of Generation 2 will stay effective much longer than those of Generation 1, as it's much harder for Nintendo to change the BIOS than to change the firmware. Unlike the firmware, which is a standard flash memory chip that can be reprogrammed in-circuit or out-of-circuit, the BIOS is a mask ROM on the same die as the CPU, which cannot be reprogrammed without an expensive retool of the CPU masks.
PPFlash
After a "bricker", or program that erased the DS firmware, appeared from the warez scene, DarkFader offered an apology and an antidote. The "ppflash" utility from DarkFader's DS page can restore the firmware, but the process involves soldering a cable from the PC's parallel port to the DS's firmware chip. The ppflash program installs part of FlashMe so that you can use the recovery code (A+B+Select+Start+power) to install the rest of FlashMe. For more information about the bricker and ppflash, see DS Bricker@PHWiki.
PassMe2
This is the same hardware as PassMe with a new program on its CPLD. This time the device changes the header's run address to an out-of-range Nintendo DS BIOS call that jumps to shellcode in SRAM. This method requires the card's CPLD to be reprogrammed to work with each specific DS game. Not all games are compatible, as the method requires specific data bytes to be present in the game's initial code and data segments. (DarkFader maintains a list of compatible and incompatible games.) It also requires a GBA card with SRAM, making it impossible on the GBAMP and unwieldy on other cards, but it's useful for installing FlashMe. The same online stores selling PassMe units are now selling PassMe2 units; see above.
FlashMe version 5
FlashMe was recompressed so that the important parts fit within the write-protected area of the DS firmware chip, which will never be overwritten by any licensed Nintendo DS game. So even if games start writing to even more areas that were originally thought to be unused, FlashMe users are still safe.
TakeMeOut
In January 2006, it was discovered that the user can determine which version of firmware is installed on a given DS. The procedure involves inserting a DS game, powering on the DS, entering PictoChat, ejecting the DS game while the DS is still on (demonstration), and looking up the colors of the screens in a table. DS Firmware at PHWiki has details. (The name TakeMeOut comes from the music played behind the demonstration and a similar demonstration of in-game eject on the Sony PSP, which is "Take Me Out" by Franz Ferdinand.)
Generation 3
From left to right: the PassMe adapter and a NoPass card. PassMe2 does not work with the GBA Movie Player, which was a popular method of running DS homebrew programs during Generation 1. In addition, the DS lite's new motherboard made it more difficult to execute FlashMe successfully. So homebrew developers continued to look for new boot methods.
NoPass
On January 24, 2006, it was revealed that the encryption on Nintendo DS Game Cards had been cracked by Martin Korth, author of the no$gba emulator. This could easily lead to a device that plugs into SLOT-1 of the DS and does not need an official game plugged into it, which pepsiman has dubbed "NoPass". By the end of April, Datel had implemented NoPass in a product called Max Media Launcher, and Dan2552 reports that it works with GBAMP even on the new firmware. However, it can still take a while to ship.
In August 2006, rewritable DS cards such as Ninjapass began to appear. Originally, the term "NoPass-RW" (rewritable) was suggested on analogy with CD-RW, but the community has standard on the name "SLOT-1 flash cards" for these products. Many SLOT-1 flash cards such as R4 are adapters for microSD media, much like the GBA Movie Player and SuperCard SLOT-2 products.
Future generations?
All these boot methods are still centered around the PC. Therefore, we will still need to look for more boot methods. Some of the suggestions that have been posted to forum.gbadev.org and elsewhere generally involve tricking a licensed program into loading and running custom code. This could be "shellcode" that sets up the DS to jump to GBA ROM as with PassMe, or in some cases it could be up to 4 MB of custom code in a .nds file. In the latter case, it would even be possible to have a homebrew-capable DS boot a stock DS. However, none of the following suggestions are under actual development unless otherwise noted.
PPFlash Lite
Unlike the original Nintendo DS firmware chip, which is soldered in, the DS lite's firmware chip sits in a socket. It'd probably be easy to create instructions to build a PPFlash cable that would allow the chip to be removed from the DS lite, flashed with PPFlash, and replaced.
WiFiMe2
Several Nintendo DS games that support DS Download Play will send an initial segment to the other DS systems, and then this segment will receive the actual game code and data.
Answer Date: 05:35pm 09/07/08
