1.3 Refactor

* Added DSOnei kernel to included nds files for Stage2 menu.
* Added N-Card rom dump to included nds files for Stage2 menu.
* Added CycloDS, and DSTWo bootloader dumps to included nds files for
Stage2 menu.
* DSTwo now boots correctly from cart launcher.
* R4 SDHC Gold and other similar DEMON time bomb DSTTi clones now boot
correctly from cart launcher.
* Added back option for enabling/disabling TWL ram.
* Added fixes to allow DS only carts to run with TWL ram enabled.
* Initial modcrypt code added for TWL carts. Currently works in
emulation however TWL carts will fail to boot on hardware (when twl
mode, ram, etc is enabled).
* If TWL mode and ram is enabled, cart loader will now load the DSi
extended binaries into ram. Currently however they will only boot in
emulation. Have not resolved why it's not working on hardware yet.
* Stage2 menu now allowed to load dsi extended binaries of SRLs if TWL
mode and TWL ram is enabled. Booting rom dumps as a method of booting
into TWL carts is confirmed working. At least for System Flaw it does.
:D
* Despite the improvents Acekard 2i still appears to require using the
stage2 menu to boot into.
* Fixes that allowed Demon timebomb carts to boot from cart
launcher/autoboot may allow other non working carts to work. Further
testing needed.

.gitignore

@@ -2,6 +2,8 @@
 *.app
 *.exe
 *.cia
+*.rar
+*.zip
 /*.nds
 *.app
 *.tmd

BootLoader/Makefile

@@ -14,8 +14,8 @@ endif
 #---------------------------------------------------------------------------------
 TARGET		:=	load
 BUILD		:=	build
-SOURCES		:=	source source/patches 
-INCLUDES	:=	build ../include
+SOURCES		:=	source source/patches source/modcrypt
+INCLUDES	:=	build ../include source/modcrypt
 DATA		:=	../data
 SPECS		:=  specs
 
@@ -24,10 +24,9 @@ SPECS		:=  specs
 #---------------------------------------------------------------------------------
 ARCH	:=	-mthumb-interwork -march=armv4t -mtune=arm7tdmi
 
-CFLAGS	:=	-g -Wall -O2 \
+CFLAGS	:=	-g -Wall -Wextra -Werror -O2 \
 			-fomit-frame-pointer \
 			-ffast-math \
-			-Wall -Wextra -Werror \
 			$(ARCH)
 
 CFLAGS	+=	$(INCLUDE) -DARM7

BootLoader/load.ld

@@ -3,10 +3,8 @@ OUTPUT_ARCH(arm)
 ENTRY(_start)
 
 MEMORY {
-
 	vram	: ORIGIN = 0x06020000, LENGTH = 128K
-	/* arm9ram	: ORIGIN = 0x026FD800, LENGTH = 4K		Used for the ARM9's functions */
-	arm9ram	: ORIGIN = 0x027FC800, LENGTH = 4K		/* Used for the ARM9's functions */
+	arm9ram	: ORIGIN = 0x02FFD000, LENGTH = 4K		/* Used for the ARM9's functions */
 }
 
 __vram_start	=	ORIGIN(vram);

BootLoader/source/clear_cache.arm9.s

@@ -41,5 +41,28 @@ BEGIN_ASM_FUNC arm9_clearCache
 	mcr p15, 0, r3, c7, c6, 0		@ Flush DCache
 	mcr p15, 0, r3, c7, c10, 4		@ empty write buffer
 
+	mcr p15, 0, r3, c3, c0, 0		@ disable write buffer       (def = 0)
+
+	mcr p15, 0, r3, c2, c0, 0		@ disable DTCM and protection unit
+
+	mcr p15, 0, r3, c6, c0, 0		@ disable protection unit 0  (def = 0)
+	mcr p15, 0, r3, c6, c1, 0		@ disable protection unit 1  (def = 0)
+	mcr p15, 0, r3, c6, c2, 0 		@ disable protection unit 2  (def = 0)
+	mcr p15, 0, r3, c6, c3, 0		@ disable protection unit 3  (def = 0)
+	mcr p15, 0, r3, c6, c4, 0		@ disable protection unit 4  (def = ?)
+	mcr p15, 0, r3, c6, c5, 0		@ disable protection unit 5  (def = ?)
+	mcr p15, 0, r3, c6, c6, 0		@ disable protection unit 6  (def = ?)
+	mcr p15, 0, r3, c6, c7, 0		@ disable protection unit 7  (def = ?)
+
+	mcr p15, 0, r3, c5, c0, 3		@ IAccess
+	mcr p15, 0, r3, c5, c0, 2		@ DAccess
+
+	mov r3, #0x00800000
+	add r3, r3, #0x00A
+	mcr p15, 0, r3, c9, c1, 0		@ DTCM base  (def = 0x0080000A) ???
+
+	mov r3, #0x0000000C
+	mcr p15, 0, r3, c9, c1, 1		@ ITCM base  (def = 0x0000000C) ???
+
 	bx lr
 

BootLoader/source/common.h

@@ -25,54 +25,46 @@
 
 #define resetCpu() \
 		__asm volatile("swi 0x000000")
-
-typedef struct sLauncherSettings {
-	u8 language;
-	u8 scfgUnlock;
-	u8 twlMode;
-	u8 twlCLK;
-	u8 twlVRAM;
-	u8 debugMode;
-	u8 fastBoot;
-	u8 unused2;
-} tLauncherSettings;
-
-extern volatile tLauncherSettings* launchData;
-extern volatile int language;
-extern volatile bool scfgUnlock;
-extern volatile bool twlMode;
-extern volatile bool twlCLK;
-extern volatile bool debugMode;
-
-#define CartHeaderCopy 0x02000000
-#define CartChipIDCopy 0x02000180
-
-enum ERROR_CODES {
-	ERR_NONE = 0x00,
-	ERR_STS_CLR_MEM = 0x01,
-	ERR_STS_LOAD_BIN = 0x02,
-	ERR_STS_HOOK_BIN = 0x03,
-	ERR_STS_START = 0x04,
+
+#include "../../arm9/common/launcherData.h"
+
+ALIGN(4) extern volatile u16 arm9_errorCode;
+ALIGN(4) extern volatile tLauncherSettings* launchData;
+ALIGN(4) extern volatile u16 language;
+ALIGN(4) extern volatile u16 scfgUnlock;
+ALIGN(4) extern volatile u16 twlMode;
+// ALIGN(4) extern volatile u16 twlVRAM;
+ALIGN(4) extern volatile u16 twlRAM;
+ALIGN(4) extern volatile u16 twlCLK;
+ALIGN(4) extern volatile u16 isTWLSRL;
+ALIGN(4) extern volatile u16 debugMode;
+
+ALIGN(4) enum ERROR_CODES {
+	ERR_NONE = (u16)0x00,
+	ERR_STS_STARTBIN = (u16)0x01,
+	ERR_STS_CLR_MEM = (u16)0x02,
+	ERR_STS_LOAD_BIN = (u16)0x03,
+	ERR_STS_START = (u16)0x04,
 	// initCard error codes:
-	ERR_LOAD_NORM = 0x11,
-	ERR_LOAD_OTHR = 0x12,
-	ERR_SEC_NORM = 0x13,
-	ERR_SEC_OTHR = 0x14,
-	ERR_LOGO_CRC = 0x15,
-	ERR_HEAD_CRC = 0x16,
-	ERR_STS_STARTBIN = 0x21,
+	ERR_LOAD_NORM = (u16)0x05,
+	ERR_LOAD_OTHR = (u16)0x06,
+	ERR_SEC_NORM = (u16)0x07,
+	ERR_SEC_OTHR = (u16)0x08,
+	ERR_HEAD_CRC = (u16)0x09,
+	ERR_UNKNOWN = (u16)0x10,
+	ERR_UNKNOWN2 = (u16)0x11
 };
 
 // Values fixed so they can be shared with ASM code
-enum ARM9_STATE {
+ALIGN(4) enum ARM9_STATE {
 	ARM9_BOOT = 0,
 	ARM9_START = 1,
 	ARM9_RESET = 2,
 	ARM9_READY = 3,
 	ARM9_MEMCLR = 4
 };
 
-enum ARM7_STATE {
+ALIGN(4) enum ARM7_STATE {
 	ARM7_BOOT = 0,
 	ARM7_START = 1,
 	ARM7_RESET = 2,
@@ -84,27 +76,152 @@ enum ARM7_STATE {
 	ARM7_ERR = 8
 };
 
-extern volatile u32 arm9_errorCode;
-
-static inline void dmaFill(const void* src, void* dest, uint32 size) {
+ALIGN(4) static inline void dmaFill(const void* src, void* dest, uint32 size) {
 	DMA_SRC(3)  = (uint32)src;
 	DMA_DEST(3) = (uint32)dest;
 	DMA_CR(3)   = DMA_COPY_WORDS | DMA_SRC_FIX | (size>>2);
 	while(DMA_CR(3) & DMA_BUSY);
 }
 
-static inline void copyLoop (u32* dest, const u32* src, size_t size) {
+ALIGN(4) static inline void copyLoop (u32* dest, const u32* src, size_t size) {
 	do { *dest++ = *src++; } while (size -= 4);
 }
 
-static inline void ipcSendState(uint8_t state) {
+ALIGN(4) static inline void ipcSendState(uint8_t state) {
 	REG_IPC_SYNC = (state & 0x0f) << 8;
 }
 
-static inline uint8_t ipcRecvState(void) {
+ALIGN(4) static inline uint8_t ipcRecvState(void) {
 	return (uint8_t)(REG_IPC_SYNC & 0x0f);
 }
 
+typedef struct sTWLHeader {
+	char gameTitle[12];			//!< 12 characters for the game title.
+	char gameCode[4];			//!< 4 characters for the game code.
+	char makercode[2];			//!< identifies the (commercial) developer.
+	u8 unitCode;				//!< identifies the required hardware.
+	u8 deviceType;				//!< type of device in the game card
+	u8 deviceSize;				//!< capacity of the device (1 << n Mbit)
+	u8 reserved1[7];
+	u8 twlHeaderSettings;
+	u8 jumpSettings;
+	u8 romversion;				//!< version of the ROM.
+	u8 flags;					//!< bit 2: auto-boot flag.
+
+	u32 arm9romOffset;			//!< offset of the arm9 binary in the nds file.
+	void *arm9executeAddress;		//!< adress that should be executed after the binary has been copied.
+	void *arm9destination;		//!< destination address to where the arm9 binary should be copied.
+	u32 arm9binarySize;			//!< size of the arm9 binary.
+
+	u32 arm7romOffset;			//!< offset of the arm7 binary in the nds file.
+	void *arm7executeAddress;		//!< adress that should be executed after the binary has been copied.
+	void *arm7destination;		//!< destination address to where the arm7 binary should be copied.
+	u32 arm7binarySize;			//!< size of the arm7 binary.
+
+	u32 filenameOffset;			//!< File Name Table (FNT) offset.
+	u32 filenameSize;			//!< File Name Table (FNT) size.
+	u32 fatOffset;				//!< File Allocation Table (FAT) offset.
+	u32 fatSize;				//!< File Allocation Table (FAT) size.
+
+	u32 arm9overlaySource;		//!< File arm9 overlay offset.
+	u32 arm9overlaySize;		//!< File arm9 overlay size.
+	u32 arm7overlaySource;		//!< File arm7 overlay offset.
+	u32 arm7overlaySize;		//!< File arm7 overlay size.
+
+	u32 cardControl13;			//!< Port 40001A4h setting for normal commands (used in modes 1 and 3)
+	u32 cardControlBF;			//!< Port 40001A4h setting for KEY1 commands (used in mode 2)
+	u32 bannerOffset;			//!< offset to the banner with icon and titles etc.
+
+	u16 secureCRC16;			//!< Secure Area Checksum, CRC-16.
+
+	u16 readTimeout;			//!< Secure Area Loading Timeout.
+
+	u32 unknownRAM1;			//!< ARM9 Auto Load List RAM Address (?)
+	u32 unknownRAM2;			//!< ARM7 Auto Load List RAM Address (?)
+
+	u32 bfPrime1;				//!< Secure Area Disable part 1.
+	u32 bfPrime2;				//!< Secure Area Disable part 2.
+	u32 romSize;				//!< total size of the ROM.
+
+	u32 headerSize;				//!< ROM header size.
+	u32 zeros88[14];
+	u8 gbaLogo[156];			//!< Nintendo logo needed for booting the game.
+	u16 logoCRC16;				//!< Nintendo Logo Checksum, CRC-16.
+	u16 headerCRC16;			//!< header checksum, CRC-16.
+
+	u32 debugRomSource;			//!< debug ROM offset.
+	u32 debugRomSize;			//!< debug size.
+	u32 debugRomDestination;	//!< debug RAM destination.
+	u32 offset_0x16C;			//reserved?
+
+	u8 zero[0x10];
+
+	u32 arm9MBK1;
+	u32 arm9MBK2;
+	u32 arm9MBK3;
+	u32 arm9MBK4;
+	u32 arm9MBK5;
+	u32 arm9MBK6;
+	u32 arm9MBK7;
+	u32 arm9MBK8;
+	u32 arm7MBK6;
+	u32 arm7MBK7;
+	u32 arm7MBK8;
+	u32 arm9MBKMaster;
+
+	u32 region;
+	u32 accessControl;
+	u32 arm7SCFGSettings;
+	u16 dsi_unk1;
+	u8 dsi_unk2;
+	u8 dsi_flags;
+
+	u32 arm9iromOffset;			//!< offset of the arm9 binary in the nds file.
+	u32 arm9iexecuteAddress;
+	u32 arm9idestination;		//!< destination address to where the arm9 binary should be copied.
+	u32 arm9ibinarySize;		//!< size of the arm9 binary.
+
+	u32 arm7iromOffset;			//!< offset of the arm7 binary in the nds file.
+	u32 deviceListDestination;
+	u32 arm7idestination;		//!< destination address to where the arm7 binary should be copied.
+	u32 arm7ibinarySize;		//!< size of the arm7 binary.
+
+	u8 zero2[0x20];
+
+	// 0x200
+	// TODO: More DSi-specific fields.
+	u32 dsi1[0x10/4];
+	u32 twlRomSize;
+	u32 dsi_unk3;
+	u32 dsi_unk4;
+	u32 dsi_unk5;
+
+	u32 modCrypt1Offset;
+	u32 modcrypt1Size;
+	u32 modcrypt2Offset;
+	u32 modcrypt2Size;
+
+	u32 dsi_tid;
+	u32 dsi_tid2;
+	u32 pubSavSize;
+	u32 prvSavSize;
+
+	u8 reserved3[176];
+	u8 age_ratings[0x10];
+
+	unsigned char hmac_arm9[16];
+	unsigned char hmac_arm7[16];
+	u8 hmac_digest_master[0x14];
+	u8 hmac_icon_title[0x14];
+	u8 hmac_arm9i[0x14];
+	u8 hmac_arm7i[0x14];
+	u8 reserved4[0x28];
+	u8 hmac_arm9_no_secure[0x14];
+	u8 reserved5[0xA4C];
+	u8 debug_args[0x180];
+	u8 rsa_signature[0x80];
+} tTWLHeader;
+
 
 #endif // _COMMON_H
 

BootLoader/source/encryption.c

@@ -18,7 +18,9 @@
 
 #include <string.h>
 #include "encryption.h"
-#include "read_bios.h"
+#include "key1.h"
+#include "key2.h"
+#include "tonccpy.h"
 
 #define KEYSIZE 0x1048
 
@@ -84,7 +86,7 @@ void apply_keycode (u32 modulo) {
 
 	crypt_64bit_up (&keycode[1]);
 	crypt_64bit_up (&keycode[0]);
-	memset (scratch, 0, 8);
+	toncset (scratch, 0, 8);
 
 	for (i = 0; i < 0x12; i+=1) {
 		keybuf[i] = keybuf[i] ^ bswap_32bit (keycode[i % modulo]);
@@ -96,8 +98,8 @@ void apply_keycode (u32 modulo) {
 	}
 }
 
-void init_keycode (u32 idcode, u32 level, u32 modulo) {
-	readBios ((u8*)keybuf, 0x30, KEYSIZE);
+void init_keycode (u32 idcode, u32 level, u32 modulo, int iCardDevice) {
+	tonccpy ((u8*)keybuf, (iCardDevice ? gEncrDataTwl : gEncrData), KEYSIZE);
 	keycode[0] = idcode;
 	keycode[1] = idcode/2;
 	keycode[2] = idcode*2;

BootLoader/source/encryption.h

@@ -20,7 +20,7 @@
 #define ENCRYPTION_H
 
 #include <nds/ndstypes.h>
-void init_keycode (u32 idcode, u32 level, u32 modulo);
+void init_keycode (u32 idcode, u32 level, u32 modulo, int iCardDevice);
 void crypt_64bit_down (u32* ptr);
 void crypt_64bit_up (u32* ptr);