DSiBrew - User contributions [en]

Hardware

2022-10-29T14:38:19Z

Mha: Reverted edits by Project BreakBrew (talk) to last revision by Auri

== Specifications ==
* [[Cameras|Includes (2) 0.3 Megapixel VGA Cameras]]
* 240MB(+16MB probably reserved for wear leveling purposes (e.g. replacing bad blocks)) Internal Flash Memory - Samsung kmapf0000m-S998 MOVI [[NAND]] - MMC Interface
* 16MB RAM - NEC uPD 46128512AF1 - DDR SRAM or a Fujitsu 128-Mbit FCRAM 82DBS08164D-70L (datasheet: http://edevice.fujitsu.com/fj/DATASHEET/e-ds/e511454.pdf mirror:[[Media:E511454.pdf]]
* (2) 256 x 192 3.25 Inch Displays, one of which has a resistive touch screen
* Backwards compatible with Nintendo DS games but not GBA games due to the lack of a gameboy cartridge port.
* Integrated ARM7/ARM9 cores clocked at 133mhz in real mode and downclocked to 66mhz for compatibility mode.
* PAIC3000D Sound Chip - possibly a TI codecs: AIC3 ????
* Mitsumi (MM3317A) or TI 72071B0 - Power supply and charger circuit ????
* SD/SDHC Card slot
* [[WiFi_Module]] with integrated 128KB SPI Flash for [[NVRAM]], WiFi settings

== Hardware Revisions ==
== DSi ==
** board C/TWL-CPU-01 (Original rev, all pictures below)
** CPU: TWL. The latest date code picture I could find online was "0836 1m" as shown below, however other pictures with CPU covered show the NAND codes as late as 916, so...
** Suspect this is the only board where WiFi chip is available in Hybrid games like CookingCoach
** Wireless card DWM-W015

== DSi RevA ==
** board C/TWL-CPU-10 (Newer model, can someone provide a date or serial # range?)
** CPU: TWL A. Mine is "0940 2m". My US Serial # is ~ TW71848???[5]. If yours is earlier, please update this.
[[Image:TWL-CPU-10.png]]

== DSi XL ==
** board C/UTL-CPU-01
** CPU is TWL A
** Wireless card DWM-W024

== Images ==
== Front ==
[[Image:Twl_front.jpg]]
[[Image:Twl_front_traces.jpg|600px]]

The socket to the left of the ARM processor is the wifi chip socket.

TWL CPU pinout map: [[File:Twl_cpu_pinout.pdf]] (WIP)

== Back ==
[[Image:Twl_back.jpg]]

== NAND Pinout ==
[[Image:Dsi_nand.jpg|600px]]
[[Image:Dsi_nanddat.png|600px]]

== NAND Pinout With Conventional Markings ==
=== DSi ===
[[Image:NAND_Compressed.jpg|600px]]

=== DSi XL ===
[[Image:Side_B_Marked_Compressed.png|600px]]

== PCB Overlay ==
[[Image:Nintendo DSi PCB Layered.jpg|600px]]

== CPU with New RAM ==
[[Image:CPUv2.jpg]]

== Glamor Shot ==
[[Image:Nintendo-dsi-Glamor-Shot.jpg]]

== References ==
* http://en.wikipedia.org/wiki/Nintendo_DSi
* http://insidetronics.blogspot.com/2008/11/new-nintendo-dsi-teardown.html
* http://techon.nikkeibp.co.jp/english/NEWS_EN/20081111/161077/
* http://games.gearlive.com/playfeed/article/q408-nintendo-dsi-announced-larger-screens-dual-cameras-dsi-shop-store/
* http://www.ifixit.com/Guide/First-Look/Nintendo-DSi/714/1

Nintendo Software

2022-10-29T14:37:55Z

Mha: Reverted edits by Project BreakBrew (talk) to last revision by Teopless

This article links to information about all Nintendo created software.Software mentioned here are either pre-installed on the system or can be downloaded via DSi Shop or System Update.

== System ==

*[[System Menu]] (DSi Menu)

== DSi applications ==

*[[Title list]]
*[[Nintendo DSi Browser]]
*[[Nintendo DSi Calculator]]
*[[Nintendo DSi Camera]]
*[[Nintendo DSi Clock]]
*[[Nintendo DSi Shop]]
*[[Nintendo DSi Sound]]
*[[DS Download Play]]
*[[Pictochat]]

MediaWiki:Cookiewarning-ok-label

2022-06-07T20:33:06Z

Mha: Created page with "I CONSENT"

I CONSENT

MediaWiki:Cookiewarning-info

2022-06-07T20:31:41Z

Mha: Created page with "By entering this site you need to consent to the use of cookies and their functional use according to this privacy policy. Cookies help us to provide the functional services o..."

By entering this site you need to consent to the use of cookies and their functional use according to this privacy policy. Cookies help us to provide the functional services of the website. Kindly read the below message of use and consent to the use.

The following cookies are stored and shared when accessing this website:
- Internal cookies for the MediaWiki site. This is used for user authentication and article modifications.
- Third-party cookies from Google providing services for Google AdSense and Google Analytics

We will never use data collected outside of the above scope.

User talk:Mha

2020-01-05T12:28:11Z

Mha: /* Request */

Thank you for looking into my email issue. My email address has been confirmed and I can now edit this wiki.--[[User:Winmaster|Winmaster]] 04:31, 27 May 2011 (CEST)

== Main Page ==

Hey,
For the past couple months i have maintained both this site and the integrety of the main page. Is it possible that i could gain the privlidges to edit that so as to let me continue to keep this site amazing?

Thanks

:Hey, you have recovered the main page... but without the "Navigation II" section from the latest (spam-free) edit: http://www.dsibrew.org/w/index.php?title=Main_Page&oldid=10281 can you repair that? Or best, merge "Navigation II" with "Navigation" (I wasn't able to do that because Navigation was locked against editing). Or, could I get me access rights to edit the main page myself? Anyways, glad that this page isn't totally dead! --[[User:Nocash|Nocash]] 13:44, 13 March 2014 (CET)
::Or, another idea. Is it possible to restore the while dsibrew to the state of '''01 August 2013'''? My latest edit was on 28 July 2013, http://www.dsibrew.org/wiki/Special:Contributions/Nocash - and at that time the wiki was almost spam-free, ie. http://www.dsibrew.org/wiki/Special:AllPages was containing only 5 or 10 spam pages (which were all marked for deletion) (and around 90 legit pages). It would be really nice to get that spam-free state restored. Of course, I can't promise that nobody has contributed useful info after August 2013 (but my impression was that there wasn't much activity recently, other than spam).--[[User:Nocash|Nocash]] 14:00, 13 March 2014 (CET)
::PS. If that is possible: It would be nice to delete all users whom haver never edited any pages, or whom have edited only their own user/talk pages (that would help to get rid of the fake identities that did exist at 01 August 2013, ie. at that time the spammers did have created only fake identities with fake user pages, although that have still left the wiki content pages intact).--[[User:Nocash|Nocash]] 14:15, 13 March 2014 (CET)

== Welcome template ==
Hello, I have made an awesome welcome template for this wiki. How does it look? --[[User:Auri|Auri]] ([[User talk:Auri|talk]]) 04:25, 4 January 2020 (CET)

{{Welcome}} --[[User:Auri|Auri]] ([[User talk:Auri|talk]]) 04:25, 4 January 2020 (CET)

== Request ==
Hello, I would like to request adminship so that I can bypass the annoying CAPTCHA. --[[User:Auri|Auri]] ([[User talk:Auri|talk]]) 04:47, 4 January 2020 (CET)

=> How can I reach you?

Main Page

2014-01-09T11:44:26Z

Mha: Protected "Main Page" ([edit=sysop] (indefinite) [move=sysop] (indefinite))

{{:Main Page/Header}}
{{:Main Page/Welcome}}
{{:Main Page/Current events}}
{{:Main Page/Navigation}}
__NOTOC____NOEDITSECTION__

Main Page

2014-01-09T11:42:40Z

Mha: Reverted edits by FrancescoInnes (talk) to last revision by Dsihaxx

{{:Main Page/Header}}
{{:Main Page/Welcome}}
{{:Main Page/Current events}}
{{:Main Page/Navigation}}
__NOTOC____NOEDITSECTION__

DSiWare VulnList

2011-05-31T16:17:57Z

Mha:

This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata.

Since system update 1.4.2 blocks copying *all* dsiwarehax, do not contact us about your dsiware anymore at all.
If you know of DSiWare that has English-only string(high-scores, player name, high-scores that use username from system settings, etc) input, mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com.
Before you contact anyone about your dsiware, please make sure your dsiware is _not_ listed on this page anywhere.
Don't bother if all you care about is warez and don't care at all about homebrew: DSiWareHax SD card loader will never load warez directly, only homebrew.

It would be nice to target DSiWare that are listed under the DSi Shop most popular search: Nintendo would have a lot of difficultly removing DSiWare from that list without ticking off a lot of non-homebrewer customers. Targets not on that list will suffer the same fate as Sudoku,(removed quickly and patched eventually) if exploits for those were released.

DSiWare savedata is extracted and modified with these tools: https://github.com/neimod/dsi save_extract and save_adjust both require sd_key, but we will not redistribute this key.

For these lists status "None" means code reversing engineering for the DSiWare wasn't started. Status "Started" means code reversing engineering for that DSiWare was started. Status "Done" means code reverse engineering was finished.

== Total listed DSiWare ==

Total DSiWare in below lists.

{| class="wikitable" border="1"
|-
! List
! Total
|-
| Incomplete
| 20
|-
| Done
| 18
|-
| DSiWare which probably aren't exploitable
| 59
|-
| Already have
| 3
|-
| All total
| 100
|}

== DSiWare with incomplete analysis ==

{| class="wikitable" border="1"
|-
! Name
! Input type(s)
! Status
! Description
|-
| Academy: Tic-Tac-Toe
| Player name
| None
| Has an UCS-2 player name. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
|-
| Advanced Circuits
| Profile names
| Started
| Save slots are obfuscated, the algorithm is understood for all but the first save slot. The checksum calculation is unknown.
|-
| Arcade Bowling
| High-Scores
| None
| The checksum seemed to be identical to arcade hoops, but when save modification was attempted the game appeared to reset the high-scores?
|-
| Art Academy: First Semester
| None?
| None
| Has some ASCII strings in savedata, but they seem to be from the game binary not user input?
|-
| Bejeweled Twist
| High-scores
| None
| Checksum is unknown, save has ASCII strings.
|-
| Bounce & Break
| High-scores
| Started
| Has ASCII high-scores. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
|-
| Card games
| Player name
| None
| Has ASCII player names, checksum is unknown.
|-
| Chess Challenge
| Profile names
| None
| Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
|-
| Crazy Sudoku
| Player name
| None
| Has ASCII strings for player name.
|-
| Crystal Monsters
| Player name
| Started
| Has ASCII player name. Not sure if this can be exploited somehow, it crashes /w array-index out-of-bounds fail.
|-
| Elemental Masters
| Player name?
| None
| Has ASCII strings but the checksum is unknown.
|-
| Faceez
| Player name?
| None
| Has ASCII string but the checksum is unknown.
|-
| Field Runners
| High-Scores
| Started
| The xml .plist the game uses for storing savedata contains high-scores strings.
|-
| Guitar Rock Tour
| High-Scores
| Started
| Has ASCII high-scores.
|-
| Legends of Exidia
| Player name
| Started
| Has ASCII player name.
|-
| Lets golf
| Player name
| None
| Has ASCII player name checksum is unknown.
|-
| Mixed Messages
| Player name and other text
| None
| Uses ASCII for player name and other text input, but the checksum is unknown.
|-
| Number Battle
| Player name
| None
| Uses ASCII strings, the value of each char is - 0x20 of the actual ASCII value. The checksum is unknown.
|-
| Pop Superstar: Road to celebrity
| Player name
| None
| Has ASCII strings.
|-
| UNO
| Player name and high-scores
| Started
| Has ASCII text. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
|}

== DSiWare with finished analysis ==

{| class="wikitable" border="1"
|-
! Name
! Input type(s)
! Description
|-
| 5 in 1 Solitaire
| Profile names
| Game didn't crash with a long profile string.
|-
| Airport Mania: Non Stop Flights
| High-Scores
| Has ASCII high-scores with null terminated strings. string bugs only corrupted the display, making the game unplayable.
|-
| Arcade Hoops Basketball
| High-Scores, names via settings
| Has ASCII high-scores with null terminated strings, no string bugs.
|-
| Army Defender
| High-scores
| Has ASCII strings for high-scores, game didn't crash with modified high-scores.
|-
| Bloons
| Profile names
| Has some profile names but they're all in one tiny savfile.
|-
| Bookworm
| High-scores and word list
| Has ASCII null-terminated high-score list names and null-terminated word list strings. ( No crash, just nice very high scores, and very long words displayed. )
|-
| Dark Void Zero
| High-Scores
| No limit on length of drawn record names, no vuln with high-scores. Although this game can be crashed it isn't exploitable.
|-
| Digger Dan & Kaboom
| Player name
| Save has ASCII playername, but there's <10KB free in the savimage anyway.
|-
| Dracula
| No manual input
| Savedata contains ASCII high-scores from DSi username, and ASCII perks/powerups. High-scores doesn't have string bugs.
|-
| Escapee Go
| None
| Has high-scores without names, scores are ASCII null-terminated strings. Managed to semi-crash this, but system reset still worked so this probably isn't exploitable.
|-
| Frogger Returns
| High-Scores
| Has ASCII high-scores. strcpys to a static buffer from savedata, unknown if this is exploitable but there's only <10KB free space available(way too low for a payload) so meh.
|-
| Mario Calculator
| None
| No savedata at all in the tad.
|-
| Paul's Shooting Adventure
| High-Scores
| Records are entered when you complete the game, names are ASCII strings null-terminated. Not exploitable.
|-
| Prehistorik Man
| Password text
| Has some ASCII password text for continuing, but there's less than 10KB free.
|-
| Primrose
| High-scores
| Has English-only high-scores and a trivial checksum, not exploitable.
|-
| Soul of Darkness
| Player name
| Has ASCII player name with 3 profiles.
|-
| Sudoku
| Player name
| Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name. The game has already been exploited through [[Sudokuhax]].
|-
| Rayman
| Player name
| No overflow, with a long string the game only displays one extra character.
|}

== DSiWare that probably don't have vulnerabilities ==

{| class="wikitable" border="1"
|-
! Name
! Input type(s)
! Description
|-
| 24/7 Solitaire
| None
| No high-scores or string input.
|-
| Absolute Reversi
| None
| No strings in savedata.
|-
| A Little Bit of... All-Time Classics: Card Classics
| None
| No strings
|-
| A Little Bit of... All-Time Classics: Family Games
| None
| No strings
|-
| A Little Bit of... All-Time Classics: Strategy Games
| None
| No strings
|-
| Alpha Bounce
| None
| No strings
|-
| Asphalt 4
| None
| No strings
|-
| Aquia: Art Style Series
| None
| No strings
|-
| Aura Aura Climber
| None
| No strings
|-
| Birds & Beans
| No strings
| No strings in savedata.
|-
| Boom Boom Squaries
| No strings
| No strings in savedata.
|-
| Bomberman Blitz
| Name
| Has UCS-2 strings.
|-
| Boxlife
| None
| No strings.
|-
| Blackjack
| None
| No strings.
|-
| Brain Age Express: Arts & Letters
| None
| No strings in savedata.
|-
| Brain Age Express: Math
| None
| No strings in savedata.
|-
| Brain Drain
| None
| No strings in save.
|-
| Castle of Magic
| None
| No strings
|-
| Cave Story
| None
| No strings
|-
| Countdown Calender
| None
| No user strings. There's many "ANIV" tokens in the save and some embedded bmp files.
|-
| Crash Course Domo
| None
| No strings.
|-
| Chronos Twins
| None
| No strings.
|-
| Dictionary 6 in 1
| None
| No strings in savedata.
|-
| DIGIDRIVE: Art Style Series
| None
| No strings.
|-
| DodoGo! Robo
| None
| No strings
|-
| Dr. Mario Express
| None
| No strings.
|-
| Earthworm Jim
| None
| No strings.
|-
| Extreme Hangman
| None
| No strings in savedata.
|-
| Little Red Riding Hood's Zombie BBQ
| None
| No strings
|-
| FIZZ
| High-scores
| Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely.
|-
| Flipper
| None
| No strings.
|-
| Frenzic
| High-scores
| Has UCS-2 high-scores.
|-
| Gene Labs
| None
| Small savedata with no strings.
|-
| Glory Days - Tactical Defense
| No strings
| Saves only scores not strings.
|-
| GO Series: 10 Second Run
| None
| No strings.
|-
| Metal Torrent
| Player name
| Uses a UCS-2 string.
|-
| Master of Illusion Express: Psychic Camera
| None
| Tiny savfile no strings.
|-
| My Notebook: Blue
| None
| No strings.
|-
| My Notebook: Pearl
| None
| No strings.
|-
| My Sims: Camera
| None
| No strings.
|-
| Mighty Flip Champs
| None
| No strings.
|-
| My Exotic Farm
| Player name
| Not exploitable, there's a 0x01 byte immediately after the string not null-terminated.
|-
| Paper Airplane Chase
| None
| The size of both files in the savedata are only 8 bytes, no strings.
|-
| PiCOPiCT: Art Style series
| None
| No strings.
|-
| PiCTOBiTS: Art Style series
| None
| No strings.
|-
| Plants Vs. Zombies
| None
| No strings, uses system user name for player name.
|-
| Pop Island
| None
| No strings.
|-
| Pyoro
| None
| 16-byte savedata no strings.
|-
| Photo Clock
| None
| Small savedata, no strings at all.
|-
| Photo Dojo
| Handwritten character name via stylus
| Savedata only contains .jpg files and some tiny "save"/"info" files.
|-
| Shantae: Risky's Revenge
| None
| Has 3 save slots but no string input.
|-
| Simply Minesweeper
| None
| No strings.
|-
| Sokomania
| None
| No strings.
|-
| Sparkle Snapshots
| None
| No strings.
|-
| Starship Defense
| None
| No strings.
|-
| Tetris Party Live
| None
| Zero text input.
|-
| WarioWare: Snapped
| None
| No high-scores or string input.
|-
| ZENGAGE: Art Style Series
| None
| No strings.
|-
| Zenonia
| None
| No strings.
|}

== DSiWare that were already obtained for analysis ==
Do not contact us about the DSiWare in this list, we already have them. We had these for ages, and never managed to find any vulns.

{| class="wikitable" border="1"
|-
! Name
! Text format
|-
| Flipnote Studio
| UCS-2
|-
| Mario Vs. Donkey Kong: Minis March Again
| UCS-2
|-
| Opera
| Nothing interesting in savedata.
|}

DSiWare VulnList

2011-05-31T16:17:48Z

Mha:

DSiWare VulnList

2011-05-31T15:48:19Z

Mha:

DSiWare VulnList

2011-05-31T15:44:48Z

Mha:

DSiWare VulnList

2011-05-31T15:44:24Z

Mha:

DSiWare VulnList

2011-05-31T15:43:51Z

Mha:

DSiWare VulnList

2011-05-31T15:39:09Z

Mha:

DSiWare VulnList

2011-05-31T15:38:47Z

Mha:

DSiWare VulnList

2011-05-31T15:36:14Z

Mha:

DSiWare VulnList

2011-05-31T15:36:07Z

Mha:

DSiWare VulnList

2011-05-31T15:35:42Z

Mha:

DSiWare VulnList

2011-05-31T15:35:35Z

Mha:

DSiWare VulnList

2011-05-31T15:23:29Z

Mha:

DSiWare VulnList

2011-05-31T15:23:19Z

Mha:

DSiWare VulnList

2011-05-31T15:23:07Z

Mha:

DSiWare VulnList

2011-05-31T15:19:38Z

Mha:

DSiWare VulnList

2011-05-31T15:12:53Z

Mha:

DSiWare VulnList

2011-05-31T15:12:37Z

Mha:

MediaWiki:Sitenotice

2010-02-22T18:01:52Z

Mha:

MediaWiki:Sitenotice

2009-12-24T22:20:40Z

Mha: New page: <adsense>2</adsense></center>

Wiki/MediaWiki:Sitenotice

2009-12-24T19:52:27Z

Mha: Removing all content from page

Wiki/MediaWiki:Sitenotice

2009-12-24T19:50:40Z

Mha: New page: <center>k<adsense>2</adsense></center>

Main Page

2009-01-16T19:12:53Z

Mha:

We think that you should install yourself a nice new shiny t-shirt!

We imported most of your [http://www.wiibrew.org wiibrew] accounts, so that you should seemlessly be able to log on here and document your findings.

[[Image:Dscat.jpg]]

... and probably eat a lot of candy. so that you will want to play more.

ToC:
{{Special:AllPages}}

#include <stdio.h>

int main(void)
{
int *pointer, penis; /* initialize the penis and pointer */
penis = 20; /* set penis length to 20 cm */
pointer = &penis; /* assign the pointer to point to the penis */
printf("%d", *pointer); /* display the penis length */
return 0;
}

Main Page

2009-01-16T19:12:43Z

Mha:

File:Dsibrew.jpg

2009-01-10T23:05:19Z

Mha: uploaded a new version of "Image:Dsibrew.jpg"

File:Dsibrew.jpg

2009-01-10T23:03:20Z

Mha: uploaded a new version of "Image:Dsibrew.jpg"

File:Dsibrew.jpg

2009-01-10T23:00:01Z

Mha:

Main Page

2009-01-10T17:54:35Z

Mha:

Main Page

2009-01-10T17:52:33Z

Mha:

We think that you should install yourself a nice new shiny t-shirt!

[[Image:Dscat.jpg]]

... and probably eat a lot of candy. so that you will want to play more.

Main Page

2009-01-10T14:24:22Z

Mha:

We think that you should install yourself a nice new shiny t-shirt!

... and probably eat a lot of candy. so that you will want to play more.

Main Page

2009-01-10T13:59:12Z

Mha:

We think that you should install yourself a nice new shiny t-shirt!