Difference between revisions of "DSi exploits"
(Add more links, many red but they should probably have pages) |
|||
Line 12: | Line 12: | ||
! Source | ! Source | ||
|- | |- | ||
− | | FIFA NDS | + | | [[FIFA NDS]] |
| Every single FIFA game on the Nintendo DS has been exploited. | | Every single FIFA game on the Nintendo DS has been exploited. | ||
| Everyone | | Everyone | ||
| [https://github.com/CTurt/Dara CTurt's Source Code] | | [https://github.com/CTurt/Dara CTurt's Source Code] | ||
|- | |- | ||
− | | Bangai-O-Sploit | + | | [[Bangai-O-Sploit]] |
| A ''primary'' entrypoint for the game, ''Bangai-O Spirit'', on the Nintendo DS. This game was successfully exploit through sound. | | A ''primary'' entrypoint for the game, ''Bangai-O Spirit'', on the Nintendo DS. This game was successfully exploit through sound. | ||
| smealum | | smealum | ||
| [https://github.com/smealum/bangai-o-sploit Install] | | [https://github.com/smealum/bangai-o-sploit Install] | ||
|- | |- | ||
− | | NDS-ILH-Save-Exploit | + | | [[NDS-ILH-Save-Exploit]] |
| "I Love Horses" Nintendo DS save exploit | | "I Love Horses" Nintendo DS save exploit | ||
| [https://github.com/mojobojo/ mojobojo] | | [https://github.com/mojobojo/ mojobojo] | ||
| [https://github.com/mojobojo/NDS-ILH-Save-Exploit Install] | | [https://github.com/mojobojo/NDS-ILH-Save-Exploit Install] | ||
|- | |- | ||
− | | ABR-NDS-SaveExploit | + | | [[ABR-NDS-SaveExploit]] |
| A stack smash savegame exploit for the game "Asterix Brain Trainer" | | A stack smash savegame exploit for the game "Asterix Brain Trainer" | ||
| [https://github.com/WemI0/ Weml0] | | [https://github.com/WemI0/ Weml0] | ||
| [https://github.com/WemI0/ABR-NDS-SaveExploit Install] | | [https://github.com/WemI0/ABR-NDS-SaveExploit Install] | ||
|- | |- | ||
− | | HaxxStation | + | | [[HaxxStation]] |
| DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application. | | DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application. | ||
| shutterbug2000, Gericom, and Apache Thunder | | shutterbug2000, Gericom, and Apache Thunder | ||
| [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ See Here] | | [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ See Here] | ||
|- | |- | ||
− | | BreakingNews | + | | [[BreakingNews]] |
| A stack smash savegame exploit for the game "The New York Times: Crossword" resulting from stack buffer overflow (profile slot names). | | A stack smash savegame exploit for the game "The New York Times: Crossword" resulting from stack buffer overflow (profile slot names). | ||
| [[User:ChampionLeake|ChampionLeake]] | | [[User:ChampionLeake|ChampionLeake]] | ||
Line 53: | Line 53: | ||
! Source | ! Source | ||
|- | |- | ||
− | | The Biggest Losers | + | | [[The Biggest Losers]] |
| Exploit for The Biggest Loser which runs in DSi mode if you use a real cartridge on a DSi or 3DS system, otherwise, it runs in DS mode. | | Exploit for The Biggest Loser which runs in DSi mode if you use a real cartridge on a DSi or 3DS system, otherwise, it runs in DS mode. | ||
| st4rk | | st4rk | ||
Line 59: | Line 59: | ||
[https://davejmurphy.com/dslink/ WinterMute's dslink] | [https://davejmurphy.com/dslink/ WinterMute's dslink] | ||
|- | |- | ||
− | | Cookhack | + | | [[Cookhack]] |
| DSi Cooking Coach exploit | | DSi Cooking Coach exploit | ||
| WinterMute | | WinterMute | ||
Line 65: | Line 65: | ||
[https://davejmurphy.com/dslink/ dslink] | [https://davejmurphy.com/dslink/ dslink] | ||
|- | |- | ||
− | | Classichack | + | | [[Classichack]] |
| DSi Classic Word Games exploit | | DSi Classic Word Games exploit | ||
| WinterMute | | WinterMute | ||
Line 71: | Line 71: | ||
[https://davejmurphy.com/dslink/ dslink] | [https://davejmurphy.com/dslink/ dslink] | ||
|- | |- | ||
− | | SystemFlaaw | + | | [[SystemFlaaw]] |
| The first DSi exclusive cartridge title to be exploited for the game, SystemFlaw | | The first DSi exclusive cartridge title to be exploited for the game, SystemFlaw | ||
| zoogie | | zoogie | ||
Line 141: | Line 141: | ||
! Source | ! Source | ||
|- | |- | ||
− | | RocketLauncher | + | | [[RocketLauncher]] |
| One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4! | | One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4! | ||
| ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt | | ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt | ||
Line 158: | Line 158: | ||
! Source | ! Source | ||
|- | |- | ||
− | | Unlaunch | + | | [[Unlaunch]] |
| Possibly one of the first bootcode exploit for the Nintendo DSi! This exploit deals with taking advantage of the launcher's "title.tmd" size as it's not checked, allowing esculated permissions! | | Possibly one of the first bootcode exploit for the Nintendo DSi! This exploit deals with taking advantage of the launcher's "title.tmd" size as it's not checked, allowing esculated permissions! | ||
| NoCash | | NoCash | ||
| [https://problemkaputt.de/unlaunch.htm Install & Writeup] | | [https://problemkaputt.de/unlaunch.htm Install & Writeup] | ||
|} | |} |
Revision as of 05:35, 20 December 2022
This page is dedicated to the listing of exploits for the Nintendo DSi. Anyone may contribute to this list. This page my not, however be deleted in any way, this ensures that that development of this page is not slowed down. Due to the fact that this page has not changed for over a year due to resets, no more resets.
Type of exploits
Here is a general list of all the different types/terms of exploits to know. This is to know the differences of each exploit.
NTR/NDS-Mode Exploits
These are ARM9 exploits that takes over a NDS-mode cartridge. These cartridges (on the back) are labeled as NTR. These type of exploits are very limited since there's no SD or NAND access. They can be used to run a small binary payload making these exploits almost useless.
Name | Description | Author | Source |
---|---|---|---|
FIFA NDS | Every single FIFA game on the Nintendo DS has been exploited. | Everyone | CTurt's Source Code |
Bangai-O-Sploit | A primary entrypoint for the game, Bangai-O Spirit, on the Nintendo DS. This game was successfully exploit through sound. | smealum | Install |
NDS-ILH-Save-Exploit | "I Love Horses" Nintendo DS save exploit | mojobojo | Install |
ABR-NDS-SaveExploit | A stack smash savegame exploit for the game "Asterix Brain Trainer" | Weml0 | Install |
HaxxStation | DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application. | shutterbug2000, Gericom, and Apache Thunder | See Here |
BreakingNews | A stack smash savegame exploit for the game "The New York Times: Crossword" resulting from stack buffer overflow (profile slot names). | ChampionLeake | Install |
TWL/DSi-Enhanced Cart Exploits
These are ARM9 exploits that take over a enhanced DSi-mode cartridge. These cartridges (on the back) are labeled as TWL. Unfortunately they don't have SD or NAND access but can be used to gather console information and maybe find other vulnerabilities. These exploits can also be used for dslink, which can load homebrew applications via internet connections.
Name | Description | Author | Source |
---|---|---|---|
The Biggest Losers | Exploit for The Biggest Loser which runs in DSi mode if you use a real cartridge on a DSi or 3DS system, otherwise, it runs in DS mode. | st4rk | Install |
Cookhack | DSi Cooking Coach exploit | WinterMute | PoC |
Classichack | DSi Classic Word Games exploit | WinterMute | PoC |
SystemFlaaw | The first DSi exclusive cartridge title to be exploited for the game, SystemFlaw | zoogie | Install |
DSiWare (True DSi-Mode) Exploits
These are ARM9 exploits that take over a DSiWare title. They run in the same context that the DSi-Enhanced games do, but with additional SD and NAND access. These exploits are valuable since they can be used to downgrade the console firmware to older versions, or install a persistent exploit such as Unlaunch. You can also run commercial homebrew applications from the SD card. However this doesn't allow any cartridge access.
Name | Description | Author | Source |
---|---|---|---|
Sudokuhax | One of the first DSiWare exploits for the Nintendo DSi on the game SUDOKU by EA. (You must have the 1st version of this game in order to use the exploit as it was patched. | TeamTwiizer, yellows8 | Install |
grtpwn | A Gameloft DSiWare savegame exploit for the game, Guitar Rock Tour! | yellows8 | Install |
exidiahax | A Gameloft DSiWare savegame exploit for the game, Legend of Exidia! | yellows8 | Install |
fieldrunhax | A Subatomic Studios DSiWare savegame exploit for the game, FIELDRUNNERS! | yellows8 | Install |
4swordhax | A DSiWare savegame exploit for the game, The Legend of Zelda: Four Swords Anniversary Edition! | yellows8 | Install |
Flipnote ( ͡° ͜ʖ ͡°) and ugopwn | A Primary entrypoint for the DSiWare Application, Flipnote Studio! This exploit was first exploit by shutterbug2000. Later, WinterMute and fincs released a stable version of the exploit. | shutterbug2000, WinterMute, fincs, zoogie | Install |
UNO*pwn | A DSiWare savegame exploit for the game, UNO, that involves a simple stack buffer overflow within the player's username with the settings functionality of the game! | ChampionLeake | Install |
Memory Pit | A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit. | shutterbug2000 | See Here |
petit-compwner | The last string argument of interpreter command "COLSET" is not bounds checked, thus a trivial stack smash can occur if the string is overly long. | zoogie | Release |
ARM7 Exploits
These exploits take over the ARM7 processor. In the DSi, these processor handles critical operations and cryptography operations, among other things. These exploits are extremely rare and there's no concrete targets. The DSi menu (The Launcher) is known to run in the ARM7 context. At the moment there's only one exploit known as RocketLauncher. These exploits allow FULL ACCESS with the DSi launcher.
Name | Description | Author | Source |
---|---|---|---|
RocketLauncher | One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4! | ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt | Writeup |
Bootcode Exploits:
These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's title.tmd. At the moment, nocash's exploit, Unlaunch is the only known usable exploit.
Name | Description | Author | Source |
---|---|---|---|
Unlaunch | Possibly one of the first bootcode exploit for the Nintendo DSi! This exploit deals with taking advantage of the launcher's "title.tmd" size as it's not checked, allowing esculated permissions! | NoCash | Install & Writeup |