Views: 1,526,328 Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search 07-22-24 07:24 AM

0 users reading Wifi/User Settings on SPI bus FLASH | 1 bot

Main - Reverse-engineering - Wifi/User Settings on SPI bus FLASH Hide post layouts | New reply

Posted on 10-25-15 03:49 PM (rev. 5 of 10-25-15 03:52 PM) Link | #560
Did anybody already dump the SPI bus FLASH memory on newer DSi consoles (with AR6013G wifi chip), or on 3DS consoles?

The original DSi (with AR6002G wifi chip) used 128Kbyte FLASH chips (ST 45PE10V6, with chip ID 20h,40h,11h).
Later DSi's are said to have "less" than 128Kbyte, but as far I know, it isn't yet know how much memory they have, nor which chip ID they have.

There are probably also some differences in the header region. The byte at offset 1FDh appears indicate the wifi hardware version:
01h = DWM-W015 with AR6002G (old DSi)
02h = DWM-W024 with AR6013G (newer DSi)
unknown = DWM-W028 with AR6014G (3DS)
unknown = New3DS

And the byte at offset 01Dh seems to indicate the console type:
FFh=Nintendo DS
20h=Nintendo DS-lite
57h=Nintendo DSi

There might be some further differences to be expected. For example the wifi/channel calibration might consist of dummy values (assuming that newer AR60xx chips are merely emulating the old NDS-style channel selecting, without actually containing a real Mitsumi chip on die).

NB. I've also found a copy of the new I2C bus EEPROM calibration data whem dumping the AR6002G chip's RAM, the data is 300h bytes in size (leaving extra 100h bytes unused). Haven't yet figured out the meaning of the calibration values, but it's also containing a copy of the 48bit MAC address; the same value as found in SPI bus FLASH chip).

Posted on 10-25-15 04:49 PM Link | #561
On 3DS, the console type byte is still 0x57. The wifi hardware revision is 0x03 (even on New3DS it seems).

The flash has been dumped by many people, and in fact was used in an exploit a while back, see: http://3dbrew.org/wiki/3DS_Userland_Flaws#System_applications

Main - Reverse-engineering - Wifi/User Settings on SPI bus FLASH Hide post layouts | New reply

Page rendered in 0.018 seconds. (2048KB of memory used)
MySQL - queries: 26, rows: 65/65, time: 0.009 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.