What is this about?

Here I'll explain the various methods you can use to run homebrew code on the Nintendo DS, and provide links to some useful resources to help you along the way with your homebrew project.

As you are probably aware, the Nintendo DS has security which is supposed to stop you from running homebrew code - however there are bugs that allow us around that!

You should invest in a GBA flash cartridge - without one you can't really do very much. But then, you probably have one already if you are reading this page.

The security (aka: why we can't normally use a flashcart)

Unlike with the GBA we can't just stick a flashcart in and hope for the best. DS cards are encrypted - and as the method isn't understood fully yet, there are no DS flashcards (it is however possible to dump them, but that's another story, and I am not going to tell you how to dump a card for legal reasons, and I don't know anyway).

What about DS download play? RSA signature checks. Since the Nintendo private key is not known, we can't sign our homebrew code. The DS checks for the signature and stops the homebrew from running.

GBA cart? The DS will only run GBA carts after switching into GBA mode. There is no way to switch back to DS mode.

However, due to bugs there are ways to run homebrew code.

The methods

Currently there are 3 methods to run homebrew code on the Nintendo DS:

WifiMe - DS download play hack
FlashMe - replacement firmware
PassMe and PassMe2

I'll explain each method in detail.

WifiMe - DS download play hack

WifiMe exploits a bug in the "DS Download Play" feature of the Nintendo DS, allowing unsigned code to be uploaded and executed. You do not need to modify your DS, and you do not need a flash cartridge.

You do need a wireless network card with a specific RALink chipset to use the Wireless Multiboot (WMB) utility. There are no plans to support other chipsets at the moment. The WMB program comes with a set of custom drivers that are required to send and receive "ni-fi" packets.

If your DS has an older firmware or FlashMe firmware, you can use WMB to send the WifiMe hack - which will cause the DS to start executing code from the cartridge in the GBA port - in DS mode! If you have a newer firmware, you can only use WMB to send official signed demos, you will not be able to run homebrew.

Ofcourse, you can also upload homebrew code using WMB without needing a flashcart, but this is less useful due to memory constraints, and you need to have FlashMe firmware to disable the RSA signature check.

Getting ready:

Find out if you have a wireless card with the supported chipset - this page is very useful
Download "Nintendo DS - Wireless Multiboot Application", "Custom driver for Ralink RT2560 based cards" and "Wireless Multiboot Data - WifiMe" from the official WMB website
Unpack the WMB application into a folder on your computer
Copy the "Wireless Multiboot Data" zip file into the data/ directory (under where you unpacked the WMB application)
Open a command prompt window (Start -> Run -> "cmd" [OK]) and navigate to the directory you unpacked WMB into (CD c:\folder)

Now, if you have an older firmware and want to make your DS boot code from a GBA cart, enter the following in the command prompt window:

wmb -data wifime

WMB should tell you that it is sending beacons. Insert your flashcart into your DS, power it up, select download play. Wait until you see "WifiMe" in the applications list. Select, and enjoy homebrew on your DS!

No matter what firmware version you have, you can send official RSA signed demos to your DS. To do that, in the command prompt window:

wmb -data filename.nds

That's all there is to it!

Advantages:

No need to modify the DS hardware or firmware
You don't need to buy a flashcart or special hardware

Disadvantages:

Requires a wireless network card with a specific chipset
Requires FlashMe firmware if you want to upload homebrew code directly without a flashcart
Tedious if you are testing often

Links:

FlashMe - replacement firmware

FlashMe is one of best ways to run homebrew code right now, however there is a slight risk involved with it, and it will void your warranty.

The replacement firmware will disable the RSA signature check and allow you to run homebrew code over wireless directly, will allow you to run homebrew code from a GBA cart, and will install a recovery block into the protected portion of the firmware. The recovery block will allow you to reinstall the firmware if your NDS is "bricked" by a bad piece of homebrew code.

There are 2 flavours of FlashMe - one flavour disables the health+safety screen, the other flavour does not. Other than this and the previously mentioned differences, the FlashMe firmware looks and behaves the same as the original firmware. You still have pictochat and such.

I recommend FlashMe to people seriously interested in homebrew development on the NDS, as it is very quick and easy to run homebrew code after, and allows you recover from bricking.

IMPORTANT: My instructions are currently for the old style NDS, not the DS lite. There is an important issue with the DS lite which may cause you to destroy your DS lite if you are not careful, please read on to find out what you should do if you have a DS lite. I WILL NOT BE HELD RESPONSIBLE FOR ANY DAMAGE THAT HAPPENS TO YOUR NINTENDO DS/DS LITE. YOU PROCEED AT YOUR OWN RISK. There is a very real chance of destroying your DS permanently if something goes wrong - the procedure is quite safe but please be careful!

Getting ready:

Obtain a GBA flash cart - a small one will work fine but if you have not purchased one yet I recommend a 256 or 512mbit cart.
Find a metal screwdriver with a flat tip about 3mm across, or a nail with a flat head that is around 3mm in diameter.
Download the flashme installer from this website and write it to the GBA flashcart raw - do not write a menu or bootloader like pogoshell. If you want the flavour with the health+safety screen enabled, download this instead
Prepare one of the other methods to run homebrew code such as WifiMe or PassMe/PassMe2
Plug in your NDS's charger

The firmware in the NDS has the first portion protected. You will need to create a short between 2 contact points under the DS battery cover. Open up the battery cover and remove the square dotted sticker - THIS WILL VOID YOUR WARRANTY. You will see a hole under it, the 2 contact points are at the end. I have included a picture for your benefit, with the contact points marked.

bbcode image

RED: These are the 2 LCD screen voltage adjustments - do not alter them or you may damage the LCD screens. The average voltage across the display is supposed to be 0V. If you adjust them you will never be able to put them back to the correct setting, since you will not have the required test equipment.

GREEN: The 2 metal contact points inside the hole, you should just about be able to see them in the picture.

Now I suggest you tape the battery down so that it does not fall out by accident during the firmware upgrade - if the battery falls out your DS will be bricked (but if the recovery block has been written you can recover). Please connect the DS charger to your DS, even if the battery is not low. It may save you if the battery falls out (im not sure if the DS can run without the battery but it may be able to).

With the battery door still removed, power up your DS and start the FlashMe program using WifiMe or PassMe. Once it starts, read the screen.

Short out SL1 (the 2 contacts inside the hole) with a screwdriver, nail head or another metal object, and press the combination of buttons that it asks you to press. The progress indicator will count up to 100 - DO NOT POWER OFF YOUR DS OR REMOVE THE BATTERY.

If you accidentally lose the SL1 connection, do not panic. FlashMe will constantly retry so all you need to do is wiggle your screwdriver/nail/etc around until the connection is back again, maybe you should also try a different screwdriver.

Once it reaches 100%, congratulations! You have installed FlashMe. Restart your DS and confirm it works properly.

If you mess up somehow and your DS will no longer power up, please try the firmware recovery built into FlashMe. That page is also useful if your DS is ever bricked, so bookmark it.

Nintendo DS Lite?

The procedure is similiar. FlashMe now supports the DS Lite. However there is an important thing to be aware of.

Both flavours of DS include a fuse which will open if you short out the power supply section of the board. The fuse is designed to protect the console from bad cartridges (as far as others can tell).

In the DS Lite, next to the 2 contact points you need to short, there is a 3rd contact point. If you short that 3rd contact point to any of the other ones, you actually short out the power supply! If you are very unlucky (you don't remove your metal object quickly enough) you will blow the fuse and turn your DS Lite into an expensive house brick. The fuse is difficult to replace.

Please examine your DS Lite carefully to find this 3rd contact and cover it with tape or use some other method to ensure you don't accidentally short it out.

What now?

Now that you (hopefully) have FlashMe installed on your DS, starting homebrew is easy. For a generic flashcart and programs of 256mbit or less the procedure is:

Check if the homebrew comes with a loader or not. Most do not. If it does not, append NDSLOADER.BIN to the beginning with copy /b ndsloader.bin+file.ext newfile.ext. TODO: Add download
Write the file to your generic flashcart raw with no menu
Insert the flashcart into the DS and power it on
The homebrew should start instantly without the DS welcome screen

DS shows black/white screen: FlashMe recognised the homebrew ROM on the GBA cart but it didn't boot correctly. You might want to try NDSLOADER.BIN but this likely will not work (unless you used the A+B+X+Y button combination to start the ROM and get this problem - then you probably need to add a bootloader!). Maybe the homebrew is designed to be sent wirelessly using WMB instead?

DS shows normal startup screen: The homebrew ROM might not have a bootloader. You can force FlashMe to start the homebrew anyway by holding A+B+X+Y while switching on your DS. If this causes a black/white screen, then the loader is definately missing.

You have no need to run programs bigger than 256mbit unless you are going to pirate DS software so I will not explain the procedure for that - and the bankswitching method for big flashcarts is always proprietary so you would need a special loader for your cart.

Some flashcarts now come with a DS bootloader/menu tool, if your flashcart comes with this you can write homebrew to the flashcart without appending NDSLOADER.BIN and have a menu. One example is the Extreme Flash Advance cartridge, which I use myself and I recommend it. Keep in mind that even if your flashcart has software to do this, you must write FlashMe to the cartridge raw without this menu.

Advantages:

You can start homebrew programs from a GBA flashcart or with the wireless multiboot tool (WMB) quickly without effort
You can remove the health and safety screen if you dislike it, myself I would leave it intact
No need to have a laptop or PassMe adaptor handy to run homebrew

Disadvantages:

No more warranty on your DS
If you screw up your DS could be very difficult to repair
This is probably too scary for some people

Links:

PassMe and PassMe2

These are hardware devices that force the DS to start code on the GBA cartridge in DS mode. You insert the device into the DS card slot, insert a real DS card into the device, insert a GBA cartridge with your homebrew and power on your DS.

PassMe v1 only works with older DS's - newer DS's have a later firmware with the exploit patched. For newer DS's you require PassMe v2 which is more tricky to use.

More information about PassMe coming soon.