Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- There are 2 installation methods
- AUTOMATIC via DSIware exploits
- simply start unlaunch.dsi and
- select Install now in the menu.
- MANUAL INSTALL via hardmods
- locate 520-byte title.tmd file
- in the following folder:
- title\00030017\484E41xx\content
- (the xx varies per region)
- append 81400-byte unlaunch.dsi
- at the end of the tmd file (tmd
- filesize is then 81920 bytes)
- Both methods are working on all
- retail DSi models, regardless
- of region or firmware version.
- For uninstallation truncate the
- tmd file back to 520-byte size.
- When installed, unlaunch takes
- control almost immediately afterpower-up, before even executing
- the boot menu (aka launcher).
- If SD:\BOOTCODE.DSI exists,
- then it will immediately
- execute that file with all
- access rights, for example,
- rename DSLINK.NDS accordingly,
- so you can wifi-upload your
- game from PC to DSi.
- Otherwise, if the file doesn't
- exist, it will resume normal
- booting, with some improvements
- -Without Healthsafety+bootmusic
- -No Region+RSA+Whitelist checks
- -ARM7+9 SCFG_EXT.BIT31 kept set
- Even old NDS flash carts will
- maintain SCFG_EXT access rights
- (but are probably unable to
- re-enter DSi touchscreen mode).
- Bootstage 2 is loading the
- launcher's TITLE.TMD file to
- memory, that's done without any
- FILESIZE>LIMIT check (it's only
- checking FILESIZE>FILESIZE).
- That is allowing to load about
- 80Kbytes of useful code, and to
- overwrite a task switching
- structure, causing ARM9 to
- execute the loaded code, which
- can then tweak ARM7 to execute
- custom code by remapping some
- portions of shared WRAM.
- Yup, it's actually that simple.
- The bigger problem has been to
- find this exploit within the
- 400,000 lines of code that
- bootstages 2 and 3 consist of.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement