When things turn out unexpectedly simple
As I said in the previous post, melonDSi can't boot any DSi-enabled cart. I'd been banging my head against the problem for a long while, attempting to work out how the launcher on the ARM9 worked and why it was failing, but went nowhere. The code is a pain to track, relying on all sorts of threads and callbacks and things.

Shows that taking a break does wonders.

Just yesterday, I idly looked at that bug again. Reproduced the freeze, then pressed F11 (debug key printing some status to the console) a few times to see if I could see a pattern. The ARM9 seemed to exhibit typical 'idle thread' behavior; the ARM7 however, seemed to get stuck in a loop. A quick glance at my IDB of the firmware code confirmed this:

AES wait routine

If you aren't fluent in ARM assembly, this function waits for the AES engine to finish whatever crypto operation it is doing, by checking the busy flag in AES_CNT.

But, in our case, the ARM7 got stuck inside this because, somehow, said busy flag remained set forever.

Some logging of AES operations shown that, while loading the game, the firmware would start a decrypt operation with a block count of zero. melonDSi didn't check for that case, and instead waited for data input that would never come (heh), causing the busy flag to remain set forever. You guess how this goes.

After quickly fixing this bug, I tried loading a cart game again. It still froze on a white screen, but the logs showed it was getting further. In particular:

UNIMPLEMENTED ARM9 NDMA3 START MODE 04, 04100010->021153A0 LEN=1 BLK=1 CNT=A4044000

That meant the game was actually booting, and attempting to load its data, using NDMA ('new DMA' implemented in the DSi) for whatever reason. NDMA start mode 04 is for cart slot DMA, which is triggered every time a data word is transferred from the cart.

This was quickly taken care of, too. A bunch of the NDMA start modes mirror those of 'old' DS DMA, so I just hooked those into the functions responsible for taking care of DS DMA. The only one that needs more extensive checking is GXFIFO mode, since it has a maximum block length of 112 words, I'm not sure how that interacts with the block subdivision system of NDMA.

Anyway, with this, I was finally able to boot DSi-enabled games.

Nothing terribly exciting to show tho. After all, most of the DSi-enhanced games out there don't have much extra features other than making use of the DSi cameras, so we have to do something to emulate them.

Loading DSi ROMs is also a bit finicky as they have to be one specific way for it to work (right now, with the DSi-specific data encrypted). And, some of the ROM dumps out there lack the DSi-specific data, so it would be good to add some verification and warn the user if their ROM is a bad dump.


Speaking of which, I am thinking of the ways I can make this evolve, now that it's atleast working to some extent. Namely:

* lowering the entry barrier, that is, upgrading dsidumper to dump all the required material in one go

* getting rid of some of the required files. boot2_7/9.bin can be sourced from the NAND directly, provided I can find a way to derive the required decryption keys. initmem7/9.bin could be made optional, the required data can also be sourced from certain particular BIOS dumps (the ones that NO$GBA requires) (and dsidumper could also be upgraded to produce such augmented BIOS dumps). Not sure about aeskeys.bin.

* rewriting the trainwreck that is the SD/MMC controller code. As an example, Flipnote Studio tends to softlock while saving due to bugs in that code. It was written mainly to get things working, and it shows, but now that we know that things are working, we can afford to rewrite it cleanly. Some other DSi parts (AES engine, ...) could use some cleanup, but they aren't as bad.

* adding features such as cameras and wifi connectivity

* ability to direct-boot DSi games, and work out something for DSiware

* the holy grail, eventually, merging all that back into regular melonDS
Generic aka RSDuck says:
Nov 5th 2019
> Vulkan is available on Nintendo Switch

with the mesa homebrew port currently used to gain access to graphics acceleration hw, we currently only have OGL on switch.
kevincrans says:
Nov 5th 2019
Oke thanks for the information, sorry but I've only home-brewed my DSi/N3DS/Wii/WiiU, I'm waiting for the switch pro/2/XL to come out, so thank you for pointing this out! At least I learned something.
MelonMan says:
Nov 6th 2019
If anyone was wondering, dsi-1.mmc is the same as nand.bin. It does have the string "DSi eMMC CID/CPU".
RocketRobz says:
Nov 9th 2019
Do you happen to know what the Digest checking code looks like?
Because nds-bootstrap patches functions needed for DS/DSi games to run from the SD card, the digest check trips, and causes the game to not boot in DSi mode.
So I want to try to patch out the checking code.
MelonMan says:
Nov 10th 2019
RocketRobz: Who are you asking? If you're asking me, I have no idea
MelonMan says:
Nov 17th 2019
Question - can you run dsidumper and dsbf dump from a flashcart (R4i or Acekard 2) on a Dsi with no CFW or any other modding.
Post a comment
Name:
DO NOT TOUCH