DS Firmware

From PHWiki

Jump to: navigation, search

The Nintendo DS firmware is a program stored on a 256 KB flash memory chip inside every Nintendo DS system.

Nintendo updated the firmware in mid-2005 to prevent homebrew and piracy. The new firmware requires new methods to run unauthorized code.

Contents

Write Protection

Normally only parts of the DS firmware can be overwritten, the rest is protected on a hardware level, making it impossible to just insert a cart and run a program and overwrite all of it.

Shorting the SL-1 is like flipping a switch and bypassing the protection, allowing all of the firmware to be overwritten.

Imagine, if you will, that in the following line, X is protected and O is writable.

XXXXXXXXXXXXXXXXXXXXXXXOOOOO

Shorting the SL1 turns it all to O

OOOOOOOOOOOOOOOOOOOOOOOOOOOO

Shorting the SL1 is equivalent to flipping the lock switch on a SD card or floppy disk. When you're not shorting it anymore, it switches back to locked.

FlashMe includes recovery code which goes into the protected area, so once it's been installed it's possible to recover a bricked DS no matter what goes into the unprotected area. If you don't install FlashMe, however, and the unprotected area gets screwed up, there is no recovery code anywhere to fix it.

Firmware Versions

  • v1 (checksum 0x2C7A)
  • v2 (checksum 0xE0CE)
  • v3 (checksum 0xBFBA)
"old" firmware, works with PassMe, PassMe2, NoPass and WifiMe

  • v4 (checksum 0xDFC7)
  • v5 (checksum 0x0F1F)
  • v6 (Dumped,
  • v7 (Dumped,
"new" firmware, works with PassMe2 and NoPass only

  • iQue (checksum 0xF96D)
Chinese firmware

Checksum is located at offset 0x6 in firmware.

v1-v3 are the old firmware versions supported by first generation passthroughs, WifiMe and the original PassMe. The newer PassMe2 and NoPass devices work as well.

v4-v6 are the new firmware versions that block WifiMe and the original PassMe. PassMe2 and NoPass work with these.
DS units that have this firmware include all pink, light blue, and red DSs, as well as some newer silver and electric blue ones.
DS Lite also has firmware that works like these new versions, with the addition of the brightness control feature.

FlashMe works with v1-v5 once you get it to boot in DS mode (v5 flash recently confirmed).

Checking the Firmware Version

Different firmware versions have different behaviors if a DS Game Card or Game Boy Advance cartridge is ejected during Pictochat [1]. To determine your DS firmware version, follow these steps:

No.1 Way:

  1. Insert an authentic Nintendo DS Game Card into SLOT-1, or a Game Boy Advance cart into SLOT-2, of your Nintendo DS.
  2. Turn on DS (hold Select+Start if you have autostart enabled in the settings).
  3. Enter Pictochat.
  4. Enter any chat room.
  5. Eject the Game Card or GBA Cart from the DS.

No.2 Way(non working if firmware is v.1):

  1. Turn on DS (hold Select+Start if you have autostart enabled in the settings).
  2. Enter Pictochat.
  3. Enter any chat room.
  4. Close Nintendo DS and observe color of the screen.

Result:

  • v1: Pictochat hangs
  • v2: two grayish blue screens
  • v3: two dark green screens
  • v4: two golden yellow screens
  • v5: two magenta screens (DS lite units have this)
  • v6: two dark blue screens (un-confirmed new DSes have this)
  • iQue: two dark green screens

As FlashMe is based on the v3 firmware, FlashMe will behave like v3 (two dark green screens).

See Also

PassMe, PassMe2, NoPass, FlashMe, WifiMe, DS Homebrew, DS Piracy

Links

Personal tools