Added Wii, NDS and some more posts.
BIN
assets/battery_cutplace.jpg
Normal file
After Width: | Height: | Size: 75 KiB |
BIN
assets/battery_normal.jpg
Normal file
After Width: | Height: | Size: 36 KiB |
BIN
assets/battery_opened.jpg
Normal file
After Width: | Height: | Size: 44 KiB |
BIN
assets/battery_pcbbend.jpg
Normal file
After Width: | Height: | Size: 34 KiB |
BIN
assets/cyclodsevo.jpg
Normal file
After Width: | Height: | Size: 73 KiB |
BIN
assets/ez3in1.jpg
Normal file
After Width: | Height: | Size: 27 KiB |
BIN
assets/nintendo_ds_lite.jpg
Normal file
After Width: | Height: | Size: 14 KiB |
BIN
assets/s93c56scheme.png
Normal file
After Width: | Height: | Size: 4.1 KiB |
BIN
assets/samsung_se-t084m.jpg
Normal file
After Width: | Height: | Size: 13 KiB |
20
know-how/hacking/_posts/2008-12-05-sony-playstation-2.md
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
title: Sony PlayStation 2
|
||||
language: en
|
||||
layout: default
|
||||
created: 2008-12-05 00:31:49 +0100
|
||||
updated: 2008-12-05 00:31:49 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- sony
|
||||
- playstation
|
||||
- pstwo
|
||||
---
|
||||
<ul>
|
||||
{% for page in site.categories.sony-playstation-2 %}
|
||||
<li><a href="{{ page.url }}">{{ page.title }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
64
know-how/hacking/_posts/2009-02-02-samsung-sgh-z300.md
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
title: Samsung SGH-Z300/ZM60
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-02-02 18:44:27 +0100
|
||||
updated: 2009-02-02 18:51:02 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- samsung
|
||||
- phone
|
||||
---
|
||||
I got a Samsung ZM-60 from T-Mobile (incl. SIMlock). The first shock came after switching it on for the first time:
|
||||
Everything was in the T-Mobile magenta color. After some research, I found out, that it's originally a `SGH-Z300`.
|
||||
|
||||
|
||||
Firmware flashing
|
||||
=================
|
||||
|
||||
Instructions on how to flash a new firmware are on [handy-faq.de](http://www.handy-faq.de/forum/showthread.php?t=13916).
|
||||
There also was a nice collection of firmware images on [anvi.it](http://www.anvi.it/forum/index.php?showtopic=20637),
|
||||
but seems to be down for now.
|
||||
|
||||
The best firmware seems to be the `Z300AIEK1`, since it is only slightly branded by *TIM* (an Italian provider?) and
|
||||
contains everything the original Samsung-Firmwares do.
|
||||
|
||||
You can use the supplied cable to flash the phone.
|
||||
|
||||
1. run the *Downloader Z300-Z500*
|
||||
1. find your desired firmware file
|
||||
1. power off the phone, hold the <kbd>9</kbd> key and power it on so that the outer display shows "Download" on red
|
||||
background
|
||||
1. initiate the transfer
|
||||
|
||||
The flashing takes about 12 minutes and after that, you have the original Z300 Samsung theme.
|
||||
|
||||
|
||||
SIMlock
|
||||
=======
|
||||
|
||||
To remove the SIMlock, there's a manual at [gsmhosting.com](http://forum.gsmhosting.com/vbb/showthread.php?t=239111).
|
||||
You need the *Qualcomm Unlocker* and a PC with a `COM1:` port where you need to short the Pins #2 and #3. Then it's a
|
||||
thing of 20 seconds to get rid of the SIMlock.
|
||||
|
||||
|
||||
Downloading jar files
|
||||
=====================
|
||||
|
||||
The phone accepts `.jar` files from any server if it sends the content type `application/java-archive` instead of
|
||||
`application/octet-stream`. This is easily accomplished by adding a `.htaccess` file with the line
|
||||
|
||||
AddType application/java-archive .jar
|
||||
|
||||
to the directory where the `.jar` files are on your server.
|
||||
|
||||
|
||||
Phone identification
|
||||
====================
|
||||
|
||||
The phone sends the following User-Agent to websites:
|
||||
|
||||
SGH-Z300 SHP/VPP/R5 SMB3.1 SMM-MMS/1.2.0 profile/MIDP-2.0
|
18
know-how/hacking/_posts/2009-02-02-siemens-a55.md
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
title: Siemens A55
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-02-02 22:30:48 +0100
|
||||
updated: 2009-02-02 22:30:48 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- siemens
|
||||
- phone
|
||||
---
|
||||
A friend visited me bringing two A55 with SIMlock. Both were from the same provider and both didn't accept the
|
||||
unlocking code from the provider for some reason. After trying the usual tools without luck, we used the [testpoint method](http://www.allsiemens.com/testpoints/siemens-A55.htm).
|
||||
Using very sharp tweezers, we scratched away the protective from the desired trace and cut it. Now we were able to use
|
||||
*Freia* without any problems. (set to "Bootcore Bug")
|
69
know-how/hacking/_posts/2009-02-02-siemens-gigaset.md
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
title: SIEMENS Gigaset
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-02-02 02:15:29 +0100
|
||||
updated: 2009-02-02 22:27:14 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- siemens
|
||||
- phone
|
||||
---
|
||||
Service mode
|
||||
============
|
||||
|
||||
Hold keys **1**, **4** and **7** while turning on the phone. You will see the display test.
|
||||
|
||||
|
||||
Service menu
|
||||
============
|
||||
|
||||
Power-on the phone into service mode and type `76200` (4000er series) or `46395`[^1] (2000er and 3000er series) to get
|
||||
to the service menu.
|
||||
|
||||
There you can check some options and on the next regular power-on, you'll see the checked infos on the display. To get
|
||||
everything back to normal, repeat the procedure to uncheck these options.
|
||||
|
||||
|
||||
Factory reset
|
||||
=============
|
||||
|
||||
Power the phone on into service mode and type `4685463` to reset the phone to factory settings - **completely**, i.e.
|
||||
incl. all phonebook entries. (The normal factory reset keeps them!)
|
||||
|
||||
|
||||
Phone code
|
||||
==========
|
||||
|
||||
If you forgot the phone code, there seem to be 2 ways:
|
||||
|
||||
**1.** Get into the service menu and type: `4#`, push *OK*, `*R#R`, *OK*, `8#9*` and the red button.
|
||||
|
||||
**2.** Get into the service menu, move the selection to the menu separator (`---------`) and type: `89376200`.
|
||||
|
||||
|
||||
EEPROM patcher
|
||||
==============
|
||||
|
||||
:warning: Doesn't work for all phones!
|
||||
|
||||
Get into service mode and type `337766`. This is useful to prepare older *SL74* models for MMS sending:
|
||||
|
||||
1. get into the EEPROM patcher
|
||||
1. Type part #1: `63508 65443 32604` and confirm with *OK*
|
||||
1. Type part #2: `58644 58028 59475` and *OK*
|
||||
1. power off the phone and power on again
|
||||
|
||||
|
||||
Approval test
|
||||
=============
|
||||
|
||||
Hold **1**, **3** and **0** while powering on the phone. (**1**, **5**, **9** and **0** should also work)
|
||||
|
||||
Seems to be a mode where the phone sends data all the time so that you can test radiation.
|
||||
|
||||
|
||||
[^1]: Zip code of *Bocholt* where the Gigasets are/were built
|
54
know-how/hacking/_posts/2009-02-02-siemens-m65.md
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
title: Siemens M65
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-02-02 21:39:52 +0100
|
||||
updated: 2009-02-02 22:26:57 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- siemens
|
||||
- phone
|
||||
---
|
||||
A M65 of my in-laws seemed broken so I took it home to play around with my `DCA-510`-cable.
|
||||
|
||||
It showed firmware rev. 15 … the current one was rev. 58. I read somewhere that older firmware WILL produce problems so
|
||||
I was glad that it might be a software problem instead of a hardware one.
|
||||
|
||||
|
||||
Upgrading firmware
|
||||
==================
|
||||
|
||||
So I got the latest firmware from [allsiemens.com](http://www.allsiemens.com/flash/M65.htm) and tried to flash the
|
||||
phone. Damn! The M65 was from Vodafone and thus the ID was `M6V` instead of `M65`. Since I hate brandings, I needed a
|
||||
way to change that value.
|
||||
|
||||
After some experiments I found instructions at [gsm-multifund.de](http://www.gsm-multifund.de/board/showthread.php?t=8864)
|
||||
(which seems to be offline now).
|
||||
|
||||
I needed *[x65flasher](http://www.allsiemens.com/soft/flashers-1.htm)* and since I updated the phone to [M6V v50](http://www.allsiemens.com/flash/M6V.htm)
|
||||
before, I needed the supplied Java-Midlet `px75v1` to calculate the Hash and ESN for my phone. This needed around 3-5
|
||||
minutes. After that, I was able to download a backup of the phone's firmware and then chose *Advanced* → *Change phone
|
||||
model* to change it to `M65`. After writing it back to the phone, I did a *FFSinit* (see allsiemens.com) and was
|
||||
finally able to flash the rev. 58 using *WinSwup*.
|
||||
|
||||
Also a nice page with many tips and instructions: [gsm-free.com](http://www.gsm-free.com/index.htm).
|
||||
|
||||
|
||||
Patching the firmware
|
||||
=====================
|
||||
|
||||
You can use [Smelter](http://www.allsiemens.com/soft/flashers-1.htm) to generate a list with possible patches for the
|
||||
supplied firmware file which you can then apply using [V_KLay](http://www.allsiemens.com/soft/flashers-2.htm). There
|
||||
are patches to e.g. disable some debugging (which makes the phone a bit faster) or enable the network monitor
|
||||
(aka. *Develop. setup*) in the "My Menu".
|
||||
|
||||
|
||||
Internal Filesystem
|
||||
===================
|
||||
|
||||
If you want to get rid of the "Load games", "Load Ringtones", etc. menus, just use the [VSOFS-Plugin](http://www.totalcmd.net/plugring/vsofs.html)
|
||||
for [Total Commander](http://www.ghisler.com/) to delete the file `\\M65\Config\Default\MagicLinks\MagicLinks.xml` and
|
||||
the directory on the phone.
|
47
know-how/hacking/_posts/2009-02-02-teac-mp380.md
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
title: TEAC MP-380 / entryx EM850
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-02-02 22:49:04 +0100
|
||||
updated: 2009-02-02 22:49:04 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- teac
|
||||
- entryx
|
||||
- mp3player
|
||||
---
|
||||
A local discounter offered a MP4-player *[entryx EM850](http://www.entryx.de/deutsch/produkte/mp3player/2gb_mediaplayer_mp3.html)*
|
||||
some time ago. The supplied firmware has some severe problems, e.g. the devices powers off while playing without touching it.
|
||||
|
||||
After some research, I found some thread at [discountfan.de](http://www.discountfan.de/forumneu/read.php?8,161599,162423)
|
||||
which mentions that the device is originally built by [YIFANG](http://www.yifangdigital.com/Product/EM850.htm) and is
|
||||
OEM'ed as [Meizu M6](http://en.wikipedia.org/wiki/M6_Mini_Player) or [TEAC MP-380](http://www.teac-shop.de/product_info.php/info/p151_MP-380-2GB-Flash-MP3-Player.html).
|
||||
|
||||
The TEAC firmware is brand new and thus fixes the problems of the entryx version. Since you can't download the firmware
|
||||
from the TEAC homepage, you have to get it from [rapidshare.com](http://rapidshare.com/files/49786276/TEM850RB_PCB1.4_002_1.7.17_new.rar.html).
|
||||
|
||||
All other files you can get directly from YIFANG: On the [download page](http://rapidshare.com/files/49786276/TEM850RB_PCB1.4_002_1.7.17_new.rar.html)
|
||||
further down you'll find a [EM850RB driver package](http://www.yifangdigital.com/download/driver/audio/em850rb.rar)
|
||||
which also contains the firmware-updater and drivers for the Rock-chip (both contained in the *ConsumerUpdate* inside
|
||||
the RAR archive). You have to unpack the ConsumerUpdate and install it.
|
||||
|
||||
Now do the following:
|
||||
|
||||
1. unplug the MP4-player from your PC
|
||||
1. hold the <kbd>M</kbd> key while plugging it in and hold the <kbd>M</kbd> key for some more seconds
|
||||
* the PC should show a new device and ask for drivers
|
||||
1. choose manually selection of drivers and point it to the directory where you installed the ConsumerUpdate to
|
||||
1. when the drivers are installed, run the `Consumer.exe` (for English language, change the `Consumer.ini` and set
|
||||
`UILanguage` to `ENG` instead of `CH_S`)
|
||||
1. choose the firmware file (`.rfw`) and click on *Update*
|
||||
1. 3 minutes later, everything should be done, exit the Updater
|
||||
1. unplug the device and power it on
|
||||
* the upgrade should be launched
|
||||
|
||||
After the upgrade completed, you might have to format the internal storage for the player to recognize it.
|
||||
|
||||
Some little bonus: After the upgrade, you'll find a Tetris game as well as a FM-Tuner. But the latter one doesn't have
|
||||
any reception - maybe they didn't add an antenna, although the IC would support it.
|
39
know-how/hacking/_posts/2009-02-02-zyxel-660hw67.md
Normal file
@ -0,0 +1,39 @@
|
||||
---
|
||||
title: ZyXEL Prestige 660HW-67
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-02-02 20:55:24 +0100
|
||||
updated: 2009-02-02 20:55:24 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- zyxel
|
||||
- prestige
|
||||
- router
|
||||
---
|
||||
The 660HW-67 was distributed in Germany as the "WLAN Modem 100" through the Arcor ISP. It came with the firmware `QD.7`
|
||||
which seems to be originally made for AOL.
|
||||
|
||||
To get the router ready for ADSL2+, I needed the `QQ.7` firmware which is the original one.
|
||||
|
||||
|
||||
Firmware crossgrade
|
||||
===================
|
||||
|
||||
**Manual:** [dslrouter-hilfe.de](http://www.dslrouter-hilfe.de/forum/showthread.php?t=16411)
|
||||
|
||||
The big problem is that the `rom-0` of the original firmware is 48 KiB whereas that of the AOL firmware is only
|
||||
*16 KiB*. Usually, you make an upgrade by updating the `rom-0` file (which contains default settings) and then update
|
||||
the firmware itself which then reads the new default settings upon the next boot. Since the router didn't accept the
|
||||
new settings, it stuck after the reboot.
|
||||
|
||||
This is how it works (using the serial connector on the PCB and a terminal program):
|
||||
|
||||
1. upload the new firmware file completely
|
||||
* the router will complain that the `rom-0` doesn't match and ask you to upload a new firmware
|
||||
1. upload the new firmware again but cancel the upload after about 600 KiB (~12 min at 9600 baud)
|
||||
* the router will boot into a debug mode
|
||||
1. upload the new `rom-0` file
|
||||
1. upload the new firmware file
|
32
know-how/hacking/_posts/2009-03-10-nintendo-ds.md
Normal file
@ -0,0 +1,32 @@
|
||||
---
|
||||
title: Nintendo DS
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-10 00:43:19 +0100
|
||||
updated: 2009-03-10 01:13:42 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
(DS = Dual Screen)
|
||||
|
||||
![]({{ site.url }}/assets/nintendo_ds_lite.jpg)
|
||||
|
||||
<ul>
|
||||
{% for page in site.categories.nintendo-ds %}
|
||||
<li><a href="{{ page.url }}">{{ page.title }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
|
||||
* also see: [Nintendo Wii]({% post_url 2009-03-10-nintendo-wii %})
|
||||
|
||||
|
||||
Links
|
||||
=====
|
||||
|
||||
* [Nintendo DS homebrew](http://en.wikipedia.org/wiki/Nintendo_DS_homebrew)
|
||||
* [Hacking Nintendo DS](http://doc.kodewerx.org/hacking_nds.html) --- list of ActionReplay code structure and some generic assembler codes
|
28
know-how/hacking/_posts/2009-03-10-nintendo-wii.md
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: Nintendo DS
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-10 00:43:19 +0100
|
||||
updated: 2009-03-10 01:13:42 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
<ul>
|
||||
{% for page in site.categories.nintendo-wii %}
|
||||
<li><a href="{{ page.url }}">{{ page.title }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
|
||||
* also see: [Nintendo DS]({% post_url 2009-03-10-nintendo-ds %})
|
||||
|
||||
|
||||
Links
|
||||
=====
|
||||
|
||||
* [The Homebrew Channel](http://hbc.hackmii.com/)
|
||||
* [WiiBrew Wiki](http://wiibrew.org/wiki/Main_Page)
|
23
know-how/hacking/_posts/2009-05-16-msi-rg54se.md
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
title: MSI RG54SE
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-05-16 22:20:01 +0200
|
||||
updated: 2009-05-16 22:20:01 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- msi
|
||||
- router
|
||||
---
|
||||
Sold under following names:
|
||||
|
||||
* CC&C WA-2204A
|
||||
* Blanc BW54R11
|
||||
* Bluecomm WA-2204A
|
||||
* Canyon WF514v2
|
||||
* GigaFast WF719-CAPR
|
||||
* ZCOMAX WA-2204A
|
||||
* Zonet ZSR1114WE
|
46
know-how/hacking/_posts/2009-10-26-samsung-se-t084m.md
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
title: Samsung SE-T084M
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-05-15 15:59:19 +0200
|
||||
updated: 2009-10-26 21:41:59 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- samsung
|
||||
- drive
|
||||
---
|
||||
The SE-T084M is an external USB burner with everything but BluRay burning.
|
||||
|
||||
![]({{ site.url }}/assets/samsung_se-t084m.jpg)
|
||||
|
||||
|
||||
Firmware
|
||||
========
|
||||
|
||||
* there are different models - some with *TruDirect*, some without
|
||||
* the *TruDirect* models have firmwares `TD00`..`TD02`
|
||||
* the non-TruDirect models have firmwares `TS00`..`TS02`
|
||||
* [US firmware downloads](http://www.samsung.com/us/support/download/supportDown.do?group=&type=opticaldiscdrives&subtype=dvdwriter&model_nm=SE-T084M&language=&cate_type=all&dType=D&mType=FM&vType=&prd_ia_cd=05050500&disp_nm=SE-T084M&model_cd=&menu=download) *old Tx00 version*
|
||||
* [Samsung Optical Disc Drive Division](http://www.samsungodd.com/eng/Firmware/FWDownload/FWDownload.asp?FunctionValue=view&no=614&SearchWord=&SearchMode=&PageNumber=1&product_code=&os_no=) *latest TD02 veresion*
|
||||
|
||||
|
||||
RPC1
|
||||
====
|
||||
|
||||
*RPC1* means removing the region code or region-switching lock from the drive. Normally the DVD drive is set to your
|
||||
region (1..5) so that you can only play DVDs from your region. You can change this region 5 times with the last change
|
||||
being permanently.
|
||||
|
||||
RPC1 means removing this limit. Also you can sometimes set your drive to region code **0** which will allow you to play
|
||||
DVDs of any region.
|
||||
|
||||
You can enable *RPC1* by using [MCSE](http://forum.rpc1.org/viewtopic.php?f=2&t=41228&st=0&sk=t&sd=a&start=125).
|
||||
|
||||
<p><div class="noteclassic" markdown="1">
|
||||
Windows XP will continue to show a *X changes left* in the region settings. But this is a software lock. Open *RegEdit*
|
||||
and go to `HKEY_LOCAL_MACHINE\Software\Microsoft`. There you'll find a key with strange characters (something like `';t-z%`)
|
||||
which contains a single REG_QWORD value. Delete the whole key and you'll be back at *5 changes left*.
|
||||
</div></p>
|
188
know-how/hacking/_posts/2010-01-11-sony-psp.md
Normal file
@ -0,0 +1,188 @@
|
||||
---
|
||||
title: SONY PlayStation Portable
|
||||
language: en
|
||||
layout: default
|
||||
created: 2010-01-08 08:47:41 +0100
|
||||
updated: 2010-01-11 21:39:20 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- sony
|
||||
- playstation
|
||||
- psp
|
||||
---
|
||||
* **Model:** PSP Slim (PSP-2004)
|
||||
* **Battery:** PSP-S110
|
||||
|
||||
<p><div class="noteclassic" markdown="1">
|
||||
Please note that these things only work for PSP-1xxx and PSP-2xxx with a date code (found behind battery!) of `8B` or
|
||||
less. If you have a newer PSP or a PSP-3xxx, you will most likely have a **TA-88v3** mainboard and destroy it by trying
|
||||
the things described here.
|
||||
</div></p>
|
||||
|
||||
|
||||
PSP-S110 Pandora Battery
|
||||
========================
|
||||
|
||||
* <http://board.gulli.com/thread/865045-pandora-pandora-batterie-ohne-hombrew-psp-erstellen/12/>
|
||||
|
||||
The original shipped battery of type `PSP-S110` can be made a Pandora-battery which enables developer features on the PSP.
|
||||
|
||||
|
||||
Opening the battery
|
||||
-------------------
|
||||
|
||||
![]({{ site.url }}/assets/battery_normal.jpg)
|
||||
|
||||
The housing of the battery is glued together around the side. **DO NOT TRY TO OPEN IT WITH A SCREWDRIVER** as you can
|
||||
easily produce shorts which may even make the battery explode or destroy it forever.
|
||||
|
||||
The best way is to use your fingernails and a stronger guitar pick (or something else non-conducting material).
|
||||
|
||||
After opening, it will look like this:
|
||||
|
||||
![]({{ site.url }}/assets/battery_opened.jpg)
|
||||
|
||||
Now carefully bend over the PCB.
|
||||
|
||||
![]({{ site.url }}/assets/battery_pcbbend.jpg)
|
||||
|
||||
|
||||
Identify target
|
||||
---------------
|
||||
|
||||
Identify the small 8-pin IC with the label `S93C56` near the **`IC04`** printed on the PCB - this is an EEPROM which
|
||||
holds information about the battery. We want to stop it sending that information to the PSP.
|
||||
|
||||
Looking at a [data sheet](http://www.alldatasheet.com/view.jsp?sSearchword=S93C56), we will find this picture:
|
||||
|
||||
![]({{ site.url }}/assets/s93c56scheme.png)
|
||||
|
||||
Now there are 2 ways to interfere: We can disconnect the `CS` pin which indicates when a new command is about to be
|
||||
sent to the IC or we can short the `DO` (data output) pin to `Vcc` so that there will be no readable output from the IC.
|
||||
|
||||
If you regularly need a Pandora battery, you can even solder a switch instead of cutting/shorting the points.
|
||||
|
||||
### Disconnect CS
|
||||
|
||||
* <http://www.psp-forum.com/tutorials-guides/10453-tutorial-make-pandora-battery-stick-no-cfw-psp.html>
|
||||
|
||||
The CS line is used to tell the EEPROM when it has to listen for commands. By cutting this line, the EEPROM won't be
|
||||
able to work anymore and thus you will have a Pandora battery. If you do it right, then you can undo the cut with a
|
||||
normal pencil (the lead in the pencil is conductive).
|
||||
|
||||
Find the line with the **`19`** printed nearby. It is the one going from the top right pin of the IC. Use a razor knife
|
||||
to cut it at this point (marked red):
|
||||
|
||||
![]({{ site.url }}/assets/battery_cutplace.jpg)
|
||||
|
||||
That was it! Just assemble everything back and use some adhesive tape to hold the battery together. If you put it into
|
||||
your PSP (with AC adaptor unplugged), the green *Power*-LED should automatically turn on without doing anything else.
|
||||
|
||||
Congratulations. You now have a Pandora battery.
|
||||
|
||||
<p><div class="notetip">
|
||||
If you want to make it a normal battery later, use a lead pencil and draw along the cut a few times. Check that the PSP
|
||||
doesn't turn on when inserting the battery. If everything works as you want, you can also glue the battery together again.
|
||||
</div></p>
|
||||
|
||||
|
||||
### Short DO and VCC
|
||||
|
||||
* <http://www.psp-hacks.com/2007/10/22/one-wire-pandora-battery-no-software-required/>
|
||||
|
||||
|
||||
Magic MemoryStick
|
||||
=================
|
||||
|
||||
A *Magic MemoryStick* contains a special boot-code which provides means to update the firmware of the PSP. There are
|
||||
different tools to create one:
|
||||
|
||||
* [Ultimate Pandora Magic Stick](http://www.psp-hacks.com/file/1326)
|
||||
* [TotalNewbi Installer](http://www.megaupload.com/?d=gvzi5ne4)
|
||||
* [PSPGrader v008](http://pspslimhacks.com/psp-grader-v008/)
|
||||
* [Rain's UltraLite MMS Maker](http://pspslimhacks.com/rains-ultralite-mms-maker-for-500-m33-4/)
|
||||
|
||||
These are all mostly self-explanatory.
|
||||
|
||||
After some playing around with my 120MB *MemoryStick Duo* without luck, I came to the conclusion, that you **really need
|
||||
a *Pro Duo*** for this thing to work. The limit for sticks up to 2GB is gone. You can use any stick - mine was a *8GB
|
||||
MemoryStick Pro Duo Mark 2*. Be sure to backup all files first.
|
||||
|
||||
Using *PSPGrader* and *Rain's UltraLite MMS Maker* didn't work in the first place (tried both with the *Format
|
||||
MemoryStick* option). The latter one gave the *["IPL failed to inject"](http://www.psp-hacks.com/forums/archive/index.php/t-232186.html)*
|
||||
error. I then used the `mspformat.exe` from the *TotalNewbi Installer* to format the USB stick. After that, using
|
||||
*Rain's* (without the *Format* option checked) finally worked and I had a *Magic MemoryStick*.
|
||||
|
||||
|
||||
Using the Magic MemoryStick
|
||||
---------------------------
|
||||
|
||||
To make the PSP load the custom file from the MemoryStick, you have two options:
|
||||
|
||||
1. without the MemoryStick in the slot and without AC adapter plugged, put the Pandora battery into
|
||||
1. the green *Power*-LED should turn on, anything other stays off
|
||||
1. hold the <kbd>L</kbd> shoulder button while inserting the MMS
|
||||
1. now the *WIFI*- and *M*-LEDs should flicker and boot the file
|
||||
|
||||
you can also do it the other way around:
|
||||
|
||||
1. without AC adapter plugged and without battery inserted, put the MMS into the slot
|
||||
1. hold the <kbd>L</kbd> shoulder button while inserting the Pandora battery
|
||||
1. the green *Power*-LED should turn on and the *WLAN*- and *M*-LEDs should start to flicker
|
||||
|
||||
If only the green *Power*-LED comes on with none of the other LEDs flickering, your Magic MemoryStick mostly doesn't
|
||||
work. In some rare cases you might have a PSP with the newer mainboard (TA-88v3). Find out [here](http://www.dcemu.co.uk/vbulletin/showthread.php?t=183671).
|
||||
You might also try [this](http://www.qj.net/psp/homebrew-applications/dark-alex-releases-ta-088v3-identifier-find-out-if-your-psp-is-unhackable.html).
|
||||
|
||||
|
||||
Flashing custom firmware
|
||||
========================
|
||||
|
||||
* <http://forums.gametrailers.com/thread/the-official-psp-custom-firmwa/785993?page=31>
|
||||
* <http://www.pspmod.com/forums/psp-software-guides/45253-how-install-psp-custom-firmware.html>
|
||||
* [Team GEN Forums](http://www.pspgen.com/forums/) (mostly French, but one is English)
|
||||
* [List of all CFWs incl. some background info](http://alek.dark-alex.org/pspwiki/index.php/Custom_Firmwares)
|
||||
|
||||
After using the MMS and selecting the first option *Flash install 5.00M33-4*, you will have *Dark Alex*'s firmware on
|
||||
your PSP. Upgrade it to the latest version by following the steps [here](http://www.atmaxplorer.com/2008/10/psp-custom-firmware-500-m33-is-released/2/).
|
||||
Just download the *5.00 M33-5*, install it as described there then do the same with the *5.00 M33-6*.
|
||||
|
||||
Now you have the choice of switching over to *Team GEN*'s firmware which should support all the latest games. To do
|
||||
this, use the *XGen Updater* as described [here](http://www.atmaxplorer.com/2009/12/install-psp-custom-firmware-5-50-gen-d3/).
|
||||
The firmware file is also available [here](http://www.psp-hacks.com/file/1873). Newer versions can then be found in the
|
||||
Downloads section of [psp-hacks.com](http://www.psp-hacks.com/category/39).
|
||||
|
||||
<p><div class="noteimportant" markdown="1">
|
||||
**ATTENTION!** If you have problems with corrupted savegames or UMD titles not starting, please use the [5.50GEN-D2 Quick Updater](http://dl.qj.net/psp/homebrew-applications/cfw-550gen-d2-quick-updater.html)
|
||||
to downgrade to that version until 5.50GEN-D4 is out. You might also try [these steps](http://www.pspgen.com/forums/interesting-tidbit-for-those-haveing-trouble-t192838.html)
|
||||
before doing the downgrade.
|
||||
|
||||
If you don't have a backup of your saves, try [this](http://www.maxconsole.net/forums/showpost.php?s=a3670fea1205db04755ba1c6f42f65aa&p=1122026&postcount=3)
|
||||
to possibly recover them.
|
||||
</div></p>
|
||||
|
||||
|
||||
Backup your games
|
||||
=================
|
||||
|
||||
* <http://forums.exophase.com/showthread.php?t=4440>
|
||||
* <http://www.stylemo.com/2007/11/06/how-to-create-iso-backups-of-your-psp-games/>
|
||||
|
||||
After you made a backup, copy the resulting `ISO` file into a folder `ISO` on your PSP's MemoryStick. It will then
|
||||
appear in the game menu under *MemoryStick*.
|
||||
|
||||
|
||||
Homebrew Apps
|
||||
=============
|
||||
|
||||
* [CWCheat System](http://cwcheat.consoleworld.org/index.php)
|
||||
|
||||
|
||||
Links
|
||||
=====
|
||||
|
||||
* <http://forums.afterdawn.com/thread_view.cfm/591203>
|
||||
* <http://www.pspmod.com/forums/psp-hardware-guides/28603-guide-using-pandoras-battery-easy-way-but-you-must-have-cfw.html>
|
@ -0,0 +1,48 @@
|
||||
---
|
||||
title: Backup Savegames on Nintendo DS
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-15 14:34:37 +0100
|
||||
updated: 2009-03-15 22:16:40 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
To backup savegames from your cartridges (e.g. for use with a ROM dump on a card like the
|
||||
[CycloDS Evolution]({% post_url 2009-03-22-cyclods-evolution %})) there are two ways.
|
||||
|
||||
|
||||
EZFlash 3in1 method
|
||||
===================
|
||||
|
||||
You'll need a Slot1-homebrew launcher (like the [CycloDS]({% post_url 2009-03-22-cyclods-evolution %})) and the [EZFlash 3in1]({% post_url 2009-03-15-ezflash-3in1 %})
|
||||
Slot2-Flash-Expansion (*EZFlash Plus* might not work!).
|
||||
|
||||
1. Download and install (on your microSD) the *NDS Backup Tool 3in1* from [Rudolph](http://www009.upp.so-net.ne.jp/rudolph/nds/Backup/)
|
||||
1. Make sure the EZFlash 3in1 is in your Slot2 and the CycloDS containing the card with the *NDS Backup Tool* is in Slot1
|
||||
1. Launch CycloDS and use it to run the backup tool
|
||||
1. Make sure you are in the **Save Backup** mode (if not, press <kbd>L</kbd> until you are)
|
||||
1. Press <kbd>B</kdb> to create a new savegame dump
|
||||
1. You are prompted to remove the current Slot1 card (CycloDS) and put in the card of the game … do so!
|
||||
1. Press <kbd>A</kbd> when ready
|
||||
1. Now the savegame data will be copied to the Flash of the EZFlash 3in1 card
|
||||
1. You are prompted to turn off the DS and re-run the *NDS Backup Tool*
|
||||
1. Turn off the NDS (or press <kbd>A</kbd>), remove the game cartridge and insert the CycloDS cartridge again
|
||||
1. When loading CycloDS, hold <kbd>L-R</kbd> to automagically re-run the backup tool
|
||||
1. Confirm the copy process by pressing <kbd>A</kbd>
|
||||
1. Now the savegame data will be copied from the EZFlash to your microSDHC card
|
||||
1. You're done. The savegame will be in a folder `/NDS_Backup/` on your microSDHC card.
|
||||
1. (You might have to rename the savegame file to the same name as the backup ROM of the game.)
|
||||
|
||||
|
||||
Wi-Fi method
|
||||
============
|
||||
|
||||
I did not test this method, but it needs a working Wi-Fi-connection from your NDS to your Access Point and some PC in
|
||||
your network. You'll have to setup a FTP server. Download the *NDS Backup Tool WiFi* from [Rudolph](http://www009.upp.so-net.ne.jp/rudolph/nds/Backup/),
|
||||
unpack to your microSD and modify the file `NDS_Backup_Tool_Wifi.ini` and enter the IP, Port, Username and Password of
|
||||
your FTP server. The rest of the process should be similar to the above (despite of the switching cartridges).
|
@ -0,0 +1,35 @@
|
||||
---
|
||||
title: EZFlash 3in1
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-15 15:49:39 +0100
|
||||
updated: 2009-03-15 22:17:41 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
<img src="{{ site.url }}/assets/ez3in1.jpg" alt="" width="200" />
|
||||
|
||||
* **Homepage:** [ezflash.cn](http://www.ezflash.cn/home.htm)
|
||||
* **Detailed specs:** [gbatemp.net](http://wiki.gbatemp.net/wiki/index.php/3_in_1_Expansion_Pack_for_EZ-Flash_V)
|
||||
* **Specs and some tutorials:** [cyclods.theta.in](http://cyclods.theta.in/wiki/EZFlash_V_3-in-1)
|
||||
|
||||
|
||||
The EZFlash 3in1 is a GBA-cartridge for the Slot2 of the NDS which provides the following features:
|
||||
|
||||
* RAM expansion (e.g. for *DS Opera Browser*)
|
||||
* Rumble pack
|
||||
* 32 MiB Flash memory
|
||||
* 16 MiB SRAM
|
||||
* 512 KiB battery powered SRAM for savegame data
|
||||
|
||||
|
||||
*[DS]: Dual Screen
|
||||
*[RAM]: Random Access Memory
|
||||
*[NDS]: Nintendo Dual Screen
|
||||
*[GBA]: Nintendo GameBoy Advance
|
||||
*[SRAM]: Static Random Access Memory
|
@ -0,0 +1,23 @@
|
||||
---
|
||||
title: Wii Downloads
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-10 00:51:47 +0100
|
||||
updated: 2009-03-15 22:18:54 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
The *Nintendo Channel* on the [Nintendo Wii]({% post_url 2009-03-10-nintendo-wii %}) allows you to download Demo
|
||||
versions of NDS games right to your NDS to play. Just do the following:
|
||||
|
||||
1. go to the *Nintendo Channel*
|
||||
1. go to the video overview
|
||||
1. click "Categories" on top
|
||||
1. select **DS Download Service**
|
||||
1. just select a game, wait for it to download
|
||||
1. follow the on-screen instructions
|
137
know-how/hacking/nintendo-ds/_posts/2009-03-16-ndstool.md
Normal file
@ -0,0 +1,137 @@
|
||||
---
|
||||
title: ndstool
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-16 00:48:30 +0100
|
||||
updated: 2009-03-16 00:48:30 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
The `ndstool` can show header information of ROM files as well as extract the game logo or even the whole ROM contents.
|
||||
It also can recombine the extracted ROM contents to a working ROM again.
|
||||
|
||||
* **Homepage:** [darkfader.net](http://darkfader.net/ds/) (scroll down to *DS development tools*)
|
||||
* **Blog:** [ndsdev.blogspot.com](http://ndsdev.blogspot.com/)
|
||||
* **SVN:** [devkitpro.svn.sourceforge.net](http://devkitpro.svn.sourceforge.net/viewvc/devkitpro/trunk/tools/nds/ndstool/)
|
||||
* **Linux binary:** [codinglab.blogspot.com](http://codinglab.blogspot.com/2007/07/nintendo-ds-homebrew-under-linux-ubuntu.html)
|
||||
* **Python clone:** [jmoiron.net](http://dev.jmoiron.net/rom-seimei/) (limited functionality, but does UTF8)
|
||||
|
||||
|
||||
Example output
|
||||
==============
|
||||
|
||||
This is from the Linux binary (see above):
|
||||
|
||||
~~~
|
||||
Nintendo DS rom tool 1.36 - Jul 31 2007 23:26:46
|
||||
by Rafael Vuijk, Dave Murphy, Alexei Karpenko
|
||||
Header information:
|
||||
0x00 Game title BANDBROS DX
|
||||
0x0C Game code AXBJ (NTR-AXBJ-JPN)
|
||||
0x10 Maker code 01 (Nintendo)
|
||||
0x12 Unit code 0x00
|
||||
0x13 Device type 0x00
|
||||
0x14 Device capacity 0x09 (512 Mbit)
|
||||
0x15 reserved 1 000000000000000000
|
||||
0x1E ROM version 0x00
|
||||
0x1F reserved 2 0x00
|
||||
0x20 ARM9 ROM offset 0x4000
|
||||
0x24 ARM9 entry address 0x2000800
|
||||
0x28 ARM9 RAM address 0x2000000
|
||||
0x2C ARM9 code size 0xADBB4
|
||||
0x30 ARM7 ROM offset 0x172000
|
||||
0x34 ARM7 entry address 0x2380000
|
||||
0x38 ARM7 RAM address 0x2380000
|
||||
0x3C ARM7 code size 0x26F28
|
||||
0x40 File name table offset 0x198F28
|
||||
0x44 File name table size 0xBFF1
|
||||
0x48 FAT offset 0x1A4F1C
|
||||
0x4C FAT size 0x4BA8
|
||||
0x50 ARM9 overlay offset 0xB1BC0
|
||||
0x54 ARM9 overlay size 0x2E0
|
||||
0x58 ARM7 overlay offset 0x0
|
||||
0x5C ARM7 overlay size 0x0
|
||||
0x60 ROM control info 1 0x00416657
|
||||
0x64 ROM control info 2 0x081808F8
|
||||
0x68 Icon/title offset 0x1A9C00
|
||||
0x6C Secure area CRC 0xD9F8 (OK, decrypted)
|
||||
0x6E ROM control info 3 0x0D7E
|
||||
0x70 ARM9 ? 0x2000AAC
|
||||
0x74 ARM7 ? 0x2380188
|
||||
0x78 Magic 1 0x00000000
|
||||
0x7C Magic 2 0x00000000
|
||||
0x80 Application end offset 0x036DF558
|
||||
0x84 ROM header size 0x00004000
|
||||
0x88 ? 0x00004BA0
|
||||
0x15C Logo CRC 0xCF56 (OK)
|
||||
0x15E Header CRC 0xF657 (OK)
|
||||
|
||||
Banner CRC: 0x2934 (OK)
|
||||
English banner text, line 1: _______
|
||||
English banner text, line 2: ________DX
|
||||
English banner text, line 3: Nintendo
|
||||
|
||||
ARM9 footer found.
|
||||
|
||||
Security data CRC (0x1000-0x2FFF) 0x6FFF
|
||||
Segment3 CRC (0x3000-0x3FFF) 0x0000 (INVALID)
|
||||
~~~
|
||||
|
||||
This is from the Python version:
|
||||
|
||||
~~~
|
||||
Header Information:
|
||||
0x00 Game title BANDBROS DX
|
||||
0x0C Game code AXBJ (NTR-AXBJ-JPN)
|
||||
0x10 Maker code 01 (Nintendo)
|
||||
0x12 Unit code 0x00
|
||||
0x13 Device type 0x00
|
||||
0x14 Device capacity 0x09 (512 Mbit)
|
||||
0x15 Reserved 1 000000000000000000
|
||||
0x1E ROM Version 0x00
|
||||
0x1F Reserved 2 0x00
|
||||
0x20 ARM9 ROM offset 0x4000
|
||||
0x24 ARM9 entry address 0x2000800
|
||||
0x28 ARM9 RAM address 0x2000000
|
||||
0x2C ARM9 code size 0xADBB4
|
||||
0x30 ARM7 ROM offset 0x172000
|
||||
0x34 ARM9 entry address 0x2000800
|
||||
0x38 ARM7 RAM address 0x2380000
|
||||
0x3C ARM7 code size 0x26F28
|
||||
0x40 File name table offset 0x198F28
|
||||
0x44 File name table size 0xBFF1
|
||||
0x48 FAT offset 0x1A4F1C
|
||||
0x4C FAT size 0x4BA8
|
||||
0x50 ARM9 overlay offset 0xB1BC0
|
||||
0x54 ARM9 overlay size 0x2E0
|
||||
0x58 ARM7 overlay offset 0x00
|
||||
0x5C ARM7 overlay size 0x00
|
||||
0x60 ROM control info 1 0x00416657
|
||||
0x64 ROM control info 2 0x081808F8
|
||||
0x6E ROM control info 3 0x0D7E
|
||||
0x68 Icon/Title offset 0x1A9C00
|
||||
0x6C Secure area CRC 0xD9F8 (OK, decrypted)
|
||||
0x70 ARM9? 0x02000AAC
|
||||
0x74 ARM7? 0x02380188
|
||||
0x78 Magic 1 0x00000000
|
||||
0x7C Magic 2 0x00000000
|
||||
0x80 Application end offset 0x036DF558
|
||||
0x84 ROM header size 0x00004000
|
||||
0x15C Logo CRC 0xCF56 (OK)
|
||||
0x15E Header CRC 0xF657 (OK)
|
||||
|
||||
Banner CRC: 0x2934 (OK)
|
||||
Japanese banner text, line 1: だいがっそう!
|
||||
Japanese banner text, line 2: バンドブラザーズDX
|
||||
Japanese banner text, line 3: Nintendo
|
||||
|
||||
ARM9 footer found.
|
||||
|
||||
Security data CRC (0x1000-0x2FFF) 0x6FFF
|
||||
Segment3 CRC (0x3000-0x3FFF) (NYI)
|
||||
~~~
|
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: Extract Sound from ROMs
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-17 20:41:05 +0100
|
||||
updated: 2009-03-17 20:41:05 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
To extract sounds (or graphics) from a ROM, you'll need the [ndstool]({% post_url 2009-03-16-ndstool %})
|
||||
and [ndssndext](http://www.4shared.com/file/68276816/8092229e/ndssndext_v04.html).
|
||||
|
||||
First extract the game data from ROM:
|
||||
|
||||
ndstool -x -d data <filename>.nds
|
||||
|
||||
This will create a new directory `data` containing all the game data. In there you'll most probably find a file `*.sdat`
|
||||
somewhere. This is a sound archive format. Now run this through the `ndssndext` (I had to use *WinE*):
|
||||
|
||||
wine ndssndext.exe sound_data.sdat
|
||||
|
||||
This creates a new folder which contains more folders with the actual contents from the `.sdat`-file. These can be MIDI
|
||||
files and/or (converted) WAV files.
|
@ -0,0 +1,42 @@
|
||||
---
|
||||
title: CycloDS Evolution
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-10 01:04:17 +0100
|
||||
updated: 2009-03-22 13:01:57 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
<img src="{{ site.url }}/assets/cyclodsevo.jpg" alt="" width="200" />
|
||||
|
||||
* **Homepage:** [cyclopsds.com](http://www.cyclopsds.com/)
|
||||
* **Firmware:** [cyclopsds.com](http://www.cyclopsds.com/cgi-bin/cyclods/engine.pl?page=support)
|
||||
* **Comparison:** [joystiq.com](http://nintendo.joystiq.com/2008/05/20/ds-fanboys-semi-ultimate-homebrew-guide/)
|
||||
* **Review:** [gameboy-advance.net](http://www.gameboy-advance.net/ds-lite/cyclods.htm)
|
||||
* **Buy one:** [chipmonkey.de](http://chipmonkey.de/) (Germany)
|
||||
|
||||
The *CycloDS Evolution* is a cartridge for the NDS which adds homebrew capabilities. You can then run various homebrewed
|
||||
titles from a miniSDHC card on the NDS. You can even play [backups of your own games]({% post_url 2009-03-23-dump-games %})
|
||||
and thus take them all with you in a single cartridge.
|
||||
|
||||
|
||||
Cheats Database
|
||||
===============
|
||||
|
||||
The CycloDS Evo supports ActionReplay(tm) compatible cheat codes. The *Evolution Tools* (downloadable on their [Support page](http://www.cyclopsds.com/cgi-bin/cyclods/engine.pl?page=support))
|
||||
supports downloading cheats from [codejunkies.com](http://codejunkies.com). After the processing is done, you get a
|
||||
~600 KiB `user.evoCheats` file.
|
||||
|
||||
According to the [forums](http://www.teamcyclops.com/forum/showthread.php?t=1580), `codejunkies.com` is missing several
|
||||
cheats for newer games, so you might want to download the database from [gbatemp.net](http://cheats.gbatemp.net/) which
|
||||
is ~1,7 MiB. There's even a direct link to the latest version of the file:
|
||||
|
||||
* <http://cheats.gbatemp.net/latest/user.evoCHEATS.zip>
|
||||
|
||||
You might also want to trim your `default.evoCheats` file down to 0 Bytes and make it read-only so that only the newer
|
||||
cheats database is used.
|
59
know-how/hacking/nintendo-ds/_posts/2009-03-23-dump-games.md
Normal file
@ -0,0 +1,59 @@
|
||||
---
|
||||
title: Dump Games
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-15 14:41:43 +0100
|
||||
updated: 2009-03-23 01:04:47 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
Dumping game cartridges is done the same way like [dumping savegames]({% post_url 2009-03-15-backup-savegames %}).
|
||||
|
||||
|
||||
EZFlash 3in1 method
|
||||
===================
|
||||
|
||||
The only difference here is that you might have to swap the cartridges more often since the Flash memory of the [EZFlash 3in1]({% post_url 2009-03-15-ezflash-3in1 %})
|
||||
is only 32 MiB and some games are up to 128 MiB in size.
|
||||
|
||||
There's a nice tutorial with pictures at [monroeworld.com](http://www.monroeworld.com/myfaq/index.php?action=artikel&cat=7&id=129&artlang=en).
|
||||
|
||||
Here are some estimated times for dumping different sized game cartridges (copied from that page):
|
||||
|
||||
| Game size | Number of passes | est. time needed |
|
||||
|----------:|:-----------------|-----------------:|
|
||||
| 4 MiB | 1 pass | 2min 30sec |
|
||||
| 8 MiB | 1 pass | 3min 15sec |
|
||||
| 16 MiB | 1 pass | 4min 45sec |
|
||||
| 32 MiB | 1 pass | 9min 30sec |
|
||||
| 64 MiB | 2 passes | 14min 15sec |
|
||||
| 128 MiB | 4 passes | 19min 00sec |
|
||||
| 256 MiB | 8 passes | 38min 00sec |
|
||||
|
||||
|
||||
Wi-Fi method
|
||||
============
|
||||
|
||||
Be warned that the Wi-Fi transfer speed is somewhat "limited". Dumping a 128 MiB game takes almost **2 hours**. So make
|
||||
sure your NDS is connected to its power adaptor.
|
||||
|
||||
|
||||
ROM Trimming
|
||||
============
|
||||
|
||||
Game cartridges have the typical memory ICs in binary sizes (8, 16, 32, 64, 128, 256 MiB) although the game often
|
||||
doesn't occupy the whole memory. That means if a game is 35 MiB in size, it is shipped on a 64 MiB cartridge. When
|
||||
dumping, you'll dump the whole 64 MiB although the last 29 MiB are empty (filled with `0x00`). So you can save a lot of
|
||||
space if you trim a ROM down to the real size.
|
||||
|
||||
<p><div class="notewarning">
|
||||
Games which use the WiFi feature mostly store their connection info in this empty space so using the wrong program to trim a ROM will break online capability of games.
|
||||
</div></p>
|
||||
|
||||
A good trimmer is [NDSTokyoTrim](http://techsuki.net/nintendo-ds-rom-trimmer/) which can detect WiFi-games and leaves
|
||||
the space for their settings.
|
@ -0,0 +1,24 @@
|
||||
---
|
||||
title: Favourite NDS Games
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-23 00:34:05 +0100
|
||||
updated: 2009-10-28 02:04:10 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- gaming
|
||||
---
|
||||
Here's a list of my favorite games:
|
||||
|
||||
| Game | Genre | Comment |
|
||||
|:---------------|:---------:|:-------------------------------|
|
||||
| Rittai Picross | Puzzle | very addictive |
|
||||
| Time Hollow | Adventure | great story, great soundtrack |
|
||||
| Another Code | Adventure | almost as great as Time Hollow |
|
||||
| Korg DS-10 | Music | |
|
||||
| Crosswords DS | Puzzle | |
|
||||
| Picross | Puzzle | |
|
@ -0,0 +1,26 @@
|
||||
---
|
||||
title: Wii Twilight Hack
|
||||
language: en
|
||||
layout: default
|
||||
created: 2008-07-18 22:44:40 +0200
|
||||
updated: 2008-07-18 22:44:40 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
The Twilight Hack is described at [Code Retard](http://www.coderetard.com/2008/05/07/install-wii-virtual-console-game-channels-with-wad-installer/).
|
||||
It works by using a bug in *Zelda - Twilight Princess*. In short is goes like this:
|
||||
|
||||
1. get [WAD Installer 2.1](http://www.coderetard.com/wp-content/uploads/2008/05/wad-installer_v21.zip) and copy the
|
||||
`wad-installer.elf` to the root directory of your SD-card and name it `boot.elf`
|
||||
1. get the [Twilight Hack Beta](http://www.coderetard.com/wp-content/uploads/2008/06/twilight-hack-v01-beta1.zip) (for
|
||||
the Wii 3.3 firmware) and copy the `rzdp.bin` as `data.bin` to `/private/wii/title/RZDP` (P for PAL).
|
||||
1. copy all wanted games (`*.wad`-files) to a directory `/wad` on your SD card (4MiB ~ 59 blocks)
|
||||
1. get *Zelda - Twilight Princess*, run it at least once on your Wii to create the savegame slot
|
||||
1. insert SD card, delete savegame on your Wii and copy the Twilight Hack savegame from your SD card
|
||||
1. now run *Zelda*, load game, walk towards the guy and talk to him
|
||||
1. the screen goes black and shows the WAD Installer which installs all files found in `/wad`
|
@ -0,0 +1,27 @@
|
||||
---
|
||||
title: Wii Savegame Editing
|
||||
language: en
|
||||
layout: default
|
||||
created: 2008-07-23 21:31:36 +0200
|
||||
updated: 2008-07-23 21:31:58 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
Savegames, as well as almost all other files, are encrypted using some crypto magic. The keys were found and now there
|
||||
are some tools to decrypt and recrypt the savegames called [Segher's Wii.git](http://wiibrew.org/wiki/Segher's_Wii.git).
|
||||
|
||||
To compile them, you need to also compile OpenSSL, add the `include`-directory of OpenSSL to the search path for gcc and
|
||||
also point the `ld` to the compiled libcrypto.a.
|
||||
|
||||
After that, find the 3 interesting keys on [HackMii](http://hackmii.com/2008/04/keys-keys-keys/), which are `md5-blanker`,
|
||||
`sd-iv` and `sd-key`.
|
||||
|
||||
Create a directory `~/.wii` and put the 3 keys in ***binary*** form in there. (No text file with the values as numbers
|
||||
and letters but binary files with exactly 16 Bytes per file. Use `ghex2` or such.)
|
||||
|
||||
If everything is correct, you can uncompress savegames data.bin using `tachtig` and recompress them using `twintig`.
|
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: MPlayer and Samba
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-01-18 23:26:15 +0100
|
||||
updated: 2009-01-18 23:26:15 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
The [MPlayer Christmas Edition](http://www.elotrolado.net/hilo_mplayer-christmas-edition_1157252) for Wii supports SMB
|
||||
browsing. You can configure the login data of the desired SMB share through the `smb.conf` on the SD card as follows:
|
||||
|
||||
~~~
|
||||
ip=192.168.1.100
|
||||
share=Public
|
||||
user=wii
|
||||
pass=somethingelse
|
||||
port=445
|
||||
~~~
|
||||
|
||||
For it to work, you **MUST** use a dedicated user in Samba. Guest shares won't work. Also make sure you have
|
||||
**`security=user`** set in your Linux `smb.conf`. For more information see
|
||||
[this thread](http://www.tehskeen.com/forums/showpost.php?p=48403&postcount=76) as tehskeen.com.
|
@ -0,0 +1,40 @@
|
||||
---
|
||||
title: Nintendo Wii Encryption Keys
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-01-30 12:56:51 +0100
|
||||
updated: 2009-01-30 13:00:54 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
To use these keys with e.g. [Segher's Wii.git](http://wiibrew.org/wiki/Segher's_Wii.git), you have to put them in binary
|
||||
files, i.e. use a Hex-Editor and paste these keys so that you get a 16 Byte long file for each key. Segher's tools
|
||||
expect them to be located in `~/.wii/<keyname>`, e.g. `~/.wii/common-key`.
|
||||
|
||||
common-key
|
||||
==========
|
||||
|
||||
ebe42a225e8593e448d9c5457381aaf7
|
||||
|
||||
|
||||
sd-key
|
||||
======
|
||||
|
||||
ab01b9d8e1622b08afbad84dbfc2a55d
|
||||
|
||||
|
||||
sd-iv
|
||||
=====
|
||||
|
||||
216712e6aa1f689f95c5a22324dc6a98
|
||||
|
||||
|
||||
md5-blanker
|
||||
===========
|
||||
|
||||
0e65378199be4517ab06ec22451a5793
|
@ -0,0 +1,24 @@
|
||||
---
|
||||
title: Favourite Wii Games
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-23 00:38:45 +0100
|
||||
updated: 2009-03-23 00:38:45 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
Here's a list of my favorite Wii games:
|
||||
|
||||
| Game | Genre | Comment |
|
||||
|:-----------------------|:---------:|:-----------|
|
||||
| Red Steel | FPS | great soundtrack, nice story; hate the swordfights though |
|
||||
| Metroid Prime 3 | FPS | nice graphics |
|
||||
| Onslaught (WiiWare) | FPS | lots of fun playing this plain and straight forward shooter |
|
||||
| World of Goo (WiiWare) | Puzzle | very addictive |
|
||||
| Okami | Adventure | really great graphics, nice gameplay |
|
||||
| NfS: Undercover | Racing | made a lot of fun playing it with the GC controller |
|
23
know-how/hacking/nintendo-wii/_posts/2009-05-22-mii-to-ds.md
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
title: Mii to NDS Transfer
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-03-10 01:08:20 +0100
|
||||
updated: 2009-05-22 00:16:54 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
The *Mii Channel* has a hidden **Transfer to DS** option. According to [cubed3.com](http://www.cubed3.com/news/11049)
|
||||
the only NDS game using this for now is the Japanese title *Aruite Wakaru Seikatsu Rhythm DS*. To enable the feature,
|
||||
do this:
|
||||
|
||||
1. go to the *Mii Channel*
|
||||
1. push <kbd>A</kbd> once
|
||||
1. push <kbd>B</kbd> once
|
||||
1. push <kbd>1</kbd> once
|
||||
1. hold <kbd>2</kbd>
|
@ -0,0 +1,27 @@
|
||||
---
|
||||
title: Wii Homebrew Channel
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-10-07 22:46:34 +0200
|
||||
updated: 2009-10-07 22:48:41 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
Install on 4.2e
|
||||
===============
|
||||
|
||||
* Download the [bannerbomb v2](http://bannerbomb.qoid.us/index.new.php) and unzip the file to your SD-Card (make sure
|
||||
to remove ANY OTHER Wii data from the `private` directory otherwise it will NOT work!)
|
||||
* Download the [HackMii Installer](http://bootmii.org/download/) and put the `boot.dol` in the root of the SD-Card
|
||||
* Start the Wii, remove any disc
|
||||
* select the SD-Channel (bottom left)
|
||||
* insert the prepared SD-Card and wait for the *Start boot.dol?*-prompt (if it freezes, hold Power-button to reboot the
|
||||
Wii then try again)
|
||||
* select *Yes*
|
||||
* follow the instructions (you most probably want to install all 3 options - try to install BootMii as boot2, if it
|
||||
doesn't work, install as IOS)
|
@ -0,0 +1,27 @@
|
||||
---
|
||||
title: USBLoader GX
|
||||
language: en
|
||||
layout: default
|
||||
created: 2010-05-08 12:47:47 +0200
|
||||
updated: 2010-05-08 12:47:47 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
* **Homepage:** <http://usbloadergx.koureio.net/>
|
||||
|
||||
|
||||
Foreign games settings
|
||||
======================
|
||||
|
||||
(for PAL TVs)
|
||||
|
||||
* If the game appears all in red, activate the *VidMode: AutoPatch* setting.
|
||||
* If `Error #02` appears, activate the *Error 02 Fix*
|
||||
* If you only see a black screen after launching the game, make sure, the Game is not Japanese- or English-only. If so,
|
||||
change the *Game language* setting to match that of the game. (Some games don't have a fall-back setting for their
|
||||
language, so they will crash if the Wii is set to another language than supported.)
|
@ -0,0 +1,110 @@
|
||||
---
|
||||
title: Backup games to USB HDD
|
||||
language: en
|
||||
layout: default
|
||||
created: 2009-05-24 19:35:29 +0200
|
||||
updated: 2010-11-14 16:05:02 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- nintendo
|
||||
- wii
|
||||
---
|
||||
* [mikeandheth.com](http://www.mikeandheth.com/games/97-connect-wii-usb-hard-drive.html)
|
||||
* [gbatemp.net](http://wiki.gbatemp.net/wiki/index.php?title=USB_Loader_Releases) --- List of USB Loader programs for the Wii
|
||||
* [gbatemp.net](http://wiki.gbatemp.net/wiki/index.php?title=WBFS_Managers) --- List of WBFS Managers (programs to copy game ISO files to USB via your PC)
|
||||
* [usbloadergx.koureio.net](http://usbloadergx.koureio.net/) --- USBLoader GX homepage
|
||||
* [gbatemp.net](http://gbatemp.net/index.php?showtopic=144844) --- Linux WBFS Manager ([updated version](http://gbatemp.net/index.php?showtopic=145747&hl=cojiro))
|
||||
* [Wiithon](https://launchpad.net/wiithon) --- Python WBFS Manager (best for Linux!)
|
||||
* [code.google.com](http://code.google.com/p/linux-wbfs-manager/) --- another Linux WBFS Manager
|
||||
* [gbatemp.net](http://gbatemp.net/index.php?showtopic=146731&hl=linux) --- FUSE module for WBFS (unstable)
|
||||
|
||||
|
||||
System Menu 4.2
|
||||
===============
|
||||
|
||||
<p><div class="notewarning" markdown="1">
|
||||
Only backup games you really own. **DO NOT BACKUP BORROWED GAMES OR DOWNLOAD THEM FROM THE INTERNET!** If nobody
|
||||
actually buys Wii games then the creators won't make any more games. (Also you wouldn't want to end up like [this](http://youtube.com/watch?v=ALZZx1xmAzg),
|
||||
would you?) However backing up games not only prevents your discs from damage but also makes the games load faster.
|
||||
</div></p>
|
||||
|
||||
<p><div class="noteimportant" markdown="1">
|
||||
Keep in mind that you could brick your Wii. Only do these steps if you want to take this risk. These steps worked for
|
||||
me but **I can not be held responsible if they don't work for you or even damage your Wii**.
|
||||
</div></p>
|
||||
|
||||
To patch *System Menu 4.2* to allow backup (and playing of these backups) of games, follow the instructions at [wiihacks.com](http://www.wiihacks.com/recommended-faqs-guides-tutorials-only/24630-full-hacking-guide-4-2-system-menus-79.html).
|
||||
|
||||
1. Install the [HomeBrew Channel, DVDX and BootMii]({% post_url 2009-10-07-wii-homebrew-channel %})
|
||||
* make a backup of your NAND flash using BootMii
|
||||
1. after switching on your Wii, you'll be in the BootMii menu (4 icons)
|
||||
1. use <kbd>Power</kbd> to select the gears on the right
|
||||
1. use <kbd>Reset</kbd> to choose the gears
|
||||
1. the first icon (green arrow pointing from IC to SD-Card) should be highlighted
|
||||
1. use <kbd>Reset</kbd> to choose this one
|
||||
1. follow the instructions to backup the NAND (don't wonder about the bad blocks. Some Wii have up to 80!)
|
||||
1. Use one of the packages from *Part B* of the wiihacks-guide to uninstall ios249
|
||||
1. prepare and insert SD card
|
||||
1. boot your Wii, the *WAD Manager* should run (alternatively: Go to HBC and launch BootMii from there)
|
||||
1. in the IOS-selection, select **ios36** (others like 249, 250 might also work, but froze my Wii)
|
||||
1. select SD-card as source, press <kbd>A</kbd>
|
||||
1. select `IOS249.WAD`, press <kbd>A</kbd>
|
||||
1. change action to **Uninstall WAD**, press <kbd>A</kbd>
|
||||
* if it gives errors at this point, try one of the other packages
|
||||
1. Use one of the packages from *Part C* of the wiihacks-guide to install cios38rev14
|
||||
1. prepare and insert SD card
|
||||
1. boot your Wii, the *cios38-Installer* should run (alternatively: Go to HBC and launch BootMii from there)
|
||||
1. in the IOS-selection, keep pressing <kbd>Left</kbd> until **Do not reload IOS** is shown, press <kbd>A</kbd> (might try other IOSes, but it worked fine this way)
|
||||
1. if you have a working Internet connection, select **Network install**, otherwise use **WAD install** and press <kbd>A</kbd>
|
||||
* if you chose **WAD install**, select the `IOS38-64-v3610.wad` on your SD card
|
||||
1. Proceed with the installation and you are done
|
||||
|
||||
After this procedure you will be able to use a USB Launcher to make and play backups or a DVD Launcher to play backup DVDs.
|
||||
|
||||
<p><div class="noteclassic" markdown="1">
|
||||
For [some games](http://wiki.gbatemp.net/wiki/index.php?title=USB_Loader_v1.x_Game_Compatibility) it might be needed to
|
||||
install *Hermes' cIOS* as well. See [wii-homebrew.com](http://www.wii-homebrew.com/download/nintendo-wii-downloads/firmware-und-hacks/originale/hermes-cios)
|
||||
for instructions. (In German, sorry!)
|
||||
</div></p>
|
||||
|
||||
|
||||
Shop Channel Update
|
||||
===================
|
||||
|
||||
On October, 21st 2009, Nintendo released a Shop Channel Update. [This post](http://forum.wiibrew.org/read.php?21,38699)
|
||||
implies that it may be safe to do this update if you are already on 4.2. After I made this update, the *USBLoader GX*
|
||||
rev. 799 crashed after showing the startup logo. So be sure to make a backup using *BootMii*.
|
||||
|
||||
**UPDATE:** The official update seems to reset the IOS249 (and maybe other IOSes). So you either have to repatch your
|
||||
Wii after the update or use *[WiiSCU](http://wiibrew.org/wiki/WiiSCU)* to update the *Shop Channel* and *IOS61*
|
||||
(**Note:** Use `-trucha` setting) only.
|
||||
|
||||
|
||||
Burn backups to DVD
|
||||
===================
|
||||
|
||||
You can use any WBFS Manager tool to transfer the backups to your PC (as a ISO file) and burn them onto a DVD. You can
|
||||
then play the games from DVD using a DVD Launcher such as [NeoGamma](http://www.gbatemp.net/index.php?showtopic=158884).
|
||||
|
||||
Make sure, your burning program keeps the book type of **DVD-ROM**. In *Nero* you have to go to the *Choose Recorder*
|
||||
dialog, *Advanced options* to set the book-type from **Auto** to **DVD-ROM**. Also burn with the slowest speed possible.
|
||||
|
||||
|
||||
Media
|
||||
-----
|
||||
|
||||
| Type | Works |
|
||||
|:--------------------------|:-----:|
|
||||
| Intenso DVD+R LightScribe | - |
|
||||
| SONY DVD+R Ver. 1.3 | X |
|
||||
| PHILIPS DVD+R LightScribe | X |
|
||||
|
||||
|
||||
Play Call of Duty: Black Ops
|
||||
============================
|
||||
|
||||
To play CoD:BO (and not get stuck in the *"Loading…"*-screen), you'll need the cIOS rev20b found [here](http://filetrip.net/f12411-cIOS-Installer-Xr20b.html).
|
||||
Install using IOS249 from base 57 into slot 249. After that, the game should work.
|
@ -0,0 +1,17 @@
|
||||
---
|
||||
title: DMS4Pro
|
||||
language: en
|
||||
layout: default
|
||||
created: 2008-12-05 00:31:21 +0100
|
||||
updated: 2008-12-05 00:31:21 +0100
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- sony
|
||||
- playstation
|
||||
- pstwo
|
||||
- dms4pro
|
||||
---
|
||||
**Firmware:** [sksapps.com](http://www.sksapps.com/index.php?page=dms4.html) (Latest is 0.41)
|
74
know-how/hacking/windows-mobile/_posts/2008-09-12-oggsync.md
Normal file
@ -0,0 +1,74 @@
|
||||
---
|
||||
title: OggSync for Windows Mobile
|
||||
language: en
|
||||
layout: default
|
||||
created: 2008-09-12 22:19:31 +0200
|
||||
updated: 2008-09-12 22:19:31 +0200
|
||||
toc: false
|
||||
tags:
|
||||
- know-how
|
||||
- hacking
|
||||
- hardware
|
||||
- microsoft
|
||||
- windowsmobile
|
||||
---
|
||||
**Tested Version:** 4.19
|
||||
|
||||
OggSync connects to `https://oggsync.com/r/r` or `https://oggsync.com/r/e` and sends the entered info (PayPal eMail or
|
||||
Registration Code) along with some other info. You can find these URLs in cleartext Unicode inside the `ogsync.exe`.
|
||||
The relevant fields of a `$_SERVER` dump are those:
|
||||
|
||||
**PayPal:** (I entered `anon@anon.com` as eMail address.)
|
||||
|
||||
~~~
|
||||
[CONTENT_TYPE] => application/x-www-form-urlencoded
|
||||
[HTTP_A] => 2008-09-10 3:58 PM
|
||||
[HTTP_B] => 419
|
||||
[HTTP_C] => 9465c02d-d768-4892-bc4d-45ea13c042dc
|
||||
[HTTP_D] => your-gmail@gmail.com
|
||||
[HTTP_E] =>
|
||||
[HTTP_F] => 9/12/2008 8:03 PM
|
||||
[HTTP_G] => 49e744a1-ff3b-40f7-baf0-a96239fa0830
|
||||
[HTTP_H] => PayPal
|
||||
[HTTP_I] => anon@anon.com
|
||||
[HTTP_K] => W. Europe Daylight Time
|
||||
[HTTP_L] =>
|
||||
[HTTP_M] => mobile
|
||||
[CONTENT_LENGTH] => 22
|
||||
[HTTP_CONNECTION] => Close
|
||||
[HTTP_EXPECT] => 100-continue
|
||||
~~~
|
||||
|
||||
**Registration Code:** (The `12345` is the code I entered.)
|
||||
|
||||
~~~
|
||||
[CONTENT_TYPE] => application/x-www-form-urlencoded
|
||||
[HTTP_A] => 2008-09-10 3:58 PM
|
||||
[HTTP_B] => 419
|
||||
[HTTP_C] => 9465c02d-d768-4892-bc4d-45ea13c042dc
|
||||
[HTTP_D] => your-gmail@gmail.com
|
||||
[HTTP_E] =>
|
||||
[HTTP_F] => 9/12/2008 8:01 PM
|
||||
[HTTP_G] => c4781924-a538-41e8-8cb6-624e02b8d271
|
||||
[HTTP_H] => Registration
|
||||
[HTTP_I] => 12345
|
||||
[HTTP_K] => W. Europe Daylight Time
|
||||
[HTTP_L] =>
|
||||
[HTTP_M] => mobile
|
||||
[CONTENT_LENGTH] => 22
|
||||
[HTTP_CONNECTION] => Close
|
||||
[HTTP_EXPECT] => 100-continue
|
||||
~~~
|
||||
|
||||
The first UUID in `HTTP_C` might be a unique code to identify your device. The second one changes with every try to
|
||||
register. There was a post in the [PPCWarez-Forum](http://forum.ppcwarez.org/) that *OggSync* expects the server to
|
||||
answer with "Pro" if the registration data is correct. Any other answer will be interpreted as failure.
|
||||
|
||||
Knowing this, you might wonder what happens if you use your favourite hex-editor, change the URLs to point to a server
|
||||
you own and put this totally complicated PHP script onto it:
|
||||
|
||||
{% highlight php %}
|
||||
<?php
|
||||
echo 'Pro';
|
||||
?>
|
||||
{% endhighlight %}
|