Views: 1,609,373 | Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search | 11-22-24 01:49 AM |
Guest: |
0 users reading Wifi/User Settings on SPI bus FLASH | 1 bot |
Main - Reverse-engineering - Wifi/User Settings on SPI bus FLASH | Hide post layouts | New reply |
nocash |
| ||
Normal user Level: 20 Posts: 21/77 EXP: 38999 Next: 3440 Since: 10-09-15 Last post: 2098 days ago Last view: 2013 days ago |
Did anybody already dump the SPI bus FLASH memory on newer DSi consoles (with AR6013G wifi chip), or on 3DS consoles?
The original DSi (with AR6002G wifi chip) used 128Kbyte FLASH chips (ST 45PE10V6, with chip ID 20h,40h,11h). Later DSi's are said to have "less" than 128Kbyte, but as far I know, it isn't yet know how much memory they have, nor which chip ID they have. There are probably also some differences in the header region. The byte at offset 1FDh appears indicate the wifi hardware version: 01h = DWM-W015 with AR6002G (old DSi)
02h = DWM-W024 with AR6013G (newer DSi) unknown = DWM-W028 with AR6014G (3DS) unknown = New3DS And the byte at offset 01Dh seems to indicate the console type: FFh=Nintendo DS
20h=Nintendo DS-lite 57h=Nintendo DSi 43h=iQueDS 63h=iQueDS-lite unknown=3DS unknown=New3DS There might be some further differences to be expected. For example the wifi/channel calibration might consist of dummy values (assuming that newer AR60xx chips are merely emulating the old NDS-style channel selecting, without actually containing a real Mitsumi chip on die). NB. I've also found a copy of the new I2C bus EEPROM calibration data whem dumping the AR6002G chip's RAM, the data is 300h bytes in size (leaving extra 100h bytes unused). Haven't yet figured out the meaning of the calibration values, but it's also containing a copy of the 48bit MAC address; the same value as found in SPI bus FLASH chip). |
Dazzozo |
| ||
Member Dev of "the best software that almost nobody will ever use" Level: 9 Posts: 4/13 EXP: 2761 Next: 401 Since: 05-21-15 Last post: 3161 days ago Last view: 2994 days ago |
On 3DS, the console type byte is still 0x57. The wifi hardware revision is 0x03 (even on New3DS it seems).
The flash has been dumped by many people, and in fact was used in an exploit a while back, see: http://3dbrew.org/wiki/3DS_Userland_Flaws#System_applications |
Main - Reverse-engineering - Wifi/User Settings on SPI bus FLASH | Hide post layouts | New reply |
Page rendered in 0.011 seconds. (2048KB of memory used) MySQL - queries: 26, rows: 65/65, time: 0.005 seconds. Acmlmboard 2.064 (2018-07-20) © 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |