Difference between revisions of "DSi exploits"
m |
WinterMute (talk | contribs) |
||
| (24 intermediate revisions by 10 users not shown) | |||
| Line 1: | Line 1: | ||
This page is dedicated to the listing of exploits for the Nintendo DSi. Anyone may contribute to this list. This page my not, however be deleted in any way, this ensures that that development of this page is not slowed down. Due to the fact that this page has not changed for over a year due to resets, no more resets. | This page is dedicated to the listing of exploits for the Nintendo DSi. Anyone may contribute to this list. This page my not, however be deleted in any way, this ensures that that development of this page is not slowed down. Due to the fact that this page has not changed for over a year due to resets, no more resets. | ||
| + | |||
| + | == Type of exploits == | ||
| + | Here is a general list of all the different types/terms of exploits to know. This is to know the differences of each exploit. | ||
| + | *'''NTR/NDS-Mode Exploits:''' | ||
| + | These are ARM9 exploits that takes over a NDS-mode cartridge. These cartridges are labeled as ''NTR''. These type of exploits are very limited since there's no SD or NAND access. They can be used to run a small payload. These exploits are almost useless. | ||
| + | *'''TWL/DSi-Enhanced Cart Exploits:''' | ||
| + | These are ARM9 exploits that take over a enhanced DSi mode cartridge. These cartridges are labled as ''TWL''. Unfortunately they don't have SD or NAND access, so you cannot use the SD card or downgrade. They can be used to gather console information and maybe find other vulnerabilities. These exploits can also be used for dslink, which can load homebrew apps in DSi-Mode via internet connections. | ||
| + | *'''DSiWare(True DSi-Mode) Exploits:''' | ||
| + | These are ARM9 exploits that take over a DSiWare title. They run in the same context that Enhanced games do, but with the addition of SD and NAND access. These exploits are valuable since can be used to downgrade the console firmware to older versions. You can also run commercial homebrew off of the SD card with these exploits. However this doesn't allow any cartridge access. | ||
| + | *'''ARM7 Exploits:''' | ||
| + | These exploits take over the ARMv7 processor. In the DSi, these processor handles critical operations and cryptography operations, among other things. These exploits are extremely rare and there's no concrete targets. The DSi menu (The Launcher) is known to run in the ARM7 context. At the moment there's only one exploit known, RocketLauncher. These exploits allow FULL ACCESS with the DSi launcher. | ||
== DSi-mode exploits == | == DSi-mode exploits == | ||
| − | Team Twiizers | + | Team Twiizers released a DSi-mode exploit called [[Sudokuhax]] that loads homebrew from the SD card in DSi-mode. The exploit requires that you have purchased EA's Sudoku game. More details and download: [http://hackmii.com/2011/01/sudokuhax-release/]. Additionally more DSiWare savegame exploits were released for the last time: [http://hackmii.com/2011/08/final-dsiwarehax/]. Copying these savegame exploits to NAND via system settings is [[System_Menu_1.4.2#Global_Update|blocked]] on the latest system version. |
| − | + | shutterbug2000 has created an exploit for Flipnote Studio, which uses a modified flipnote that you have to paste 122 times exactly. The exploit can be used with fwtool to downgrade the dsi to be able to use [[Sudokuhax]] or things like it. wintermute and fincs simple 1 paste exploit can be found here [https://davejmurphy.com/%CD%A1-%CD%9C%CA%96-%CD%A1/]. | |
| + | The source of the majority of the old dsiware exploits can be found on yellows8's github page [https://github.com/yellows8/dsi] | ||
| − | + | == DSi Enhanced exploits == | |
| + | Team Twiizers also have found a DSi-mode exploit in cooking coach and have managed to use it to run DSi-mode homebrew. However it has not yet been released. More details at: [http://hackmii.com/2009/07/dsi-mode-homebrew-anyone/] The additional hardware is just required to get a connection to a computer so that things like ram dumps can be created. | ||
| − | + | Wintermute has made available an open source DSi hack. The exploit works on DSi enhanced games, allowing you to run custom code from a save file. Instructions for using the exploit can be found here: [http://davejmurphy.com/dslink/] | |
| + | |||
| + | The cooking coach and classic word games savegame exploits are [[System_Menu_1.4.4|blocked]] on the latest system version. Therefore, the only way to get DSi-mode homebrew running with the latest system version, is with a hardware workaround for the blocked DSi-mode gamecard exploits. Additionally, one could solder the NAND [[Hardware#NAND_pinout|pins]] to a MMC reader/writer, then extract dev.kp for DSiWareHax. | ||
| + | |||
| + | It is also possible for homebrew to be loaded through an Action Replay DSi flashcart. If an nds file is saved onto a micro SD card, and then that micro SD is inserted into the Action Replay, the file can be executed by going to the Files menu. | ||
== DS-mode exploits == | == DS-mode exploits == | ||
This type of exploit is undesirable because all DSi functionality, such as usage of the [[cameras]], is unavailable to homebrew. | This type of exploit is undesirable because all DSi functionality, such as usage of the [[cameras]], is unavailable to homebrew. | ||
| + | |||
| + | Gericom has exploited the DS Download Play/Sation aaplication which works on all DS family consoles. Runs commercial homebrew via download station. [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ Here] you can have the details about it. | ||
Blasteh (Blasty) has posted a [http://www.youtube.com/watch?v=7QHO7ctWuZ8 video on Youtube] showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08]. | Blasteh (Blasty) has posted a [http://www.youtube.com/watch?v=7QHO7ctWuZ8 video on Youtube] showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08]. | ||
| − | == List of ideas for exploitation/hacking of latest | + | == List of ideas for exploitation/hacking of the latest DSi system version == |
Rules | Rules | ||
| − | + | →Do not remove ideas, only add | |
| + | |||
| + | →Do not delete this section | ||
| − | + | →If your idea is 'Epic' mark it with * [only do this if it will certainly work] | |
| − | + | →You must research whether your idea will work or not | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | Just an idea, but couldn't we make a .gif file that Flipnote could read, then the GIF could crash Flipnote and somehow load up the DSi homebrew? | |
| − | + | We could try to connect to the DSi using the DS Download Play software, like the Wii and other DS can? I suggest connecting a PC via Bluetooth, push over an exploit program and run it.--[[User:Bernd L|Bernd L]] 16:18, 21 February 2017 (CET) | |
| + | : [[User:Bernd L|Bernd L]] Long time, no answer. "Don't worry, there will be an exploit coming soon for Flipnote Studio/DSi Browser that will allow you to downgrade to 1.4." [[User:Abequinn|Abequinn]] 23:46, 14 August 2017 (CEST) | ||
Revision as of 19:18, 1 August 2018
This page is dedicated to the listing of exploits for the Nintendo DSi. Anyone may contribute to this list. This page my not, however be deleted in any way, this ensures that that development of this page is not slowed down. Due to the fact that this page has not changed for over a year due to resets, no more resets.
Type of exploits
Here is a general list of all the different types/terms of exploits to know. This is to know the differences of each exploit.
- NTR/NDS-Mode Exploits:
These are ARM9 exploits that takes over a NDS-mode cartridge. These cartridges are labeled as NTR. These type of exploits are very limited since there's no SD or NAND access. They can be used to run a small payload. These exploits are almost useless.
- TWL/DSi-Enhanced Cart Exploits:
These are ARM9 exploits that take over a enhanced DSi mode cartridge. These cartridges are labled as TWL. Unfortunately they don't have SD or NAND access, so you cannot use the SD card or downgrade. They can be used to gather console information and maybe find other vulnerabilities. These exploits can also be used for dslink, which can load homebrew apps in DSi-Mode via internet connections.
- DSiWare(True DSi-Mode) Exploits:
These are ARM9 exploits that take over a DSiWare title. They run in the same context that Enhanced games do, but with the addition of SD and NAND access. These exploits are valuable since can be used to downgrade the console firmware to older versions. You can also run commercial homebrew off of the SD card with these exploits. However this doesn't allow any cartridge access.
- ARM7 Exploits:
These exploits take over the ARMv7 processor. In the DSi, these processor handles critical operations and cryptography operations, among other things. These exploits are extremely rare and there's no concrete targets. The DSi menu (The Launcher) is known to run in the ARM7 context. At the moment there's only one exploit known, RocketLauncher. These exploits allow FULL ACCESS with the DSi launcher.
DSi-mode exploits
Team Twiizers released a DSi-mode exploit called Sudokuhax that loads homebrew from the SD card in DSi-mode. The exploit requires that you have purchased EA's Sudoku game. More details and download: [1]. Additionally more DSiWare savegame exploits were released for the last time: [2]. Copying these savegame exploits to NAND via system settings is blocked on the latest system version.
shutterbug2000 has created an exploit for Flipnote Studio, which uses a modified flipnote that you have to paste 122 times exactly. The exploit can be used with fwtool to downgrade the dsi to be able to use Sudokuhax or things like it. wintermute and fincs simple 1 paste exploit can be found here [3].
The source of the majority of the old dsiware exploits can be found on yellows8's github page [4]
DSi Enhanced exploits
Team Twiizers also have found a DSi-mode exploit in cooking coach and have managed to use it to run DSi-mode homebrew. However it has not yet been released. More details at: [5] The additional hardware is just required to get a connection to a computer so that things like ram dumps can be created.
Wintermute has made available an open source DSi hack. The exploit works on DSi enhanced games, allowing you to run custom code from a save file. Instructions for using the exploit can be found here: [6]
The cooking coach and classic word games savegame exploits are blocked on the latest system version. Therefore, the only way to get DSi-mode homebrew running with the latest system version, is with a hardware workaround for the blocked DSi-mode gamecard exploits. Additionally, one could solder the NAND pins to a MMC reader/writer, then extract dev.kp for DSiWareHax.
It is also possible for homebrew to be loaded through an Action Replay DSi flashcart. If an nds file is saved onto a micro SD card, and then that micro SD is inserted into the Action Replay, the file can be executed by going to the Files menu.
DS-mode exploits
This type of exploit is undesirable because all DSi functionality, such as usage of the cameras, is unavailable to homebrew.
Gericom has exploited the DS Download Play/Sation aaplication which works on all DS family consoles. Runs commercial homebrew via download station. Here you can have the details about it.
Blasteh (Blasty) has posted a video on Youtube showing code being run in DS mode on the DSi using Fifa '08.
List of ideas for exploitation/hacking of the latest DSi system version
Rules
→Do not remove ideas, only add
→Do not delete this section
→If your idea is 'Epic' mark it with * [only do this if it will certainly work]
→You must research whether your idea will work or not
Just an idea, but couldn't we make a .gif file that Flipnote could read, then the GIF could crash Flipnote and somehow load up the DSi homebrew?
We could try to connect to the DSi using the DS Download Play software, like the Wii and other DS can? I suggest connecting a PC via Bluetooth, push over an exploit program and run it.--Bernd L 16:18, 21 February 2017 (CET)