DSiBrew

DSi exploits: Difference between revisions

← Older edit
Pk11 (talk | contribs)
150 edits
Add more links, many red but they should probably have pages
 
(8 intermediate revisions by 5 users not shown)
Line 35: Line 35:
| DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application.
| DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application.
| shutterbug2000, Gericom, and Apache Thunder
| shutterbug2000, Gericom, and Apache Thunder
| [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ See Here]
| [https://github.com/Gericom/dspatch See Here]
|-
|-
| [[BreakingNews]]
| [[BreakingNews]]
Line 41: Line 41:
| [[User:ChampionLeake|ChampionLeake]]
| [[User:ChampionLeake|ChampionLeake]]
| [https://github.com/ChampionLeake/BreakingNews/ Install]
| [https://github.com/ChampionLeake/BreakingNews/ Install]
|-
| [[NDS-FC2008-Save-Exploit]]
| A savegame exploit for the game "Führerschein Coach 2008".
| [https://github.com/toombaumarkt/ toombaumarkt]
| [https://github.com/toombaumarkt/NDS-FC2008-Save-Exploit Install]
|-
| [[WordJong-Overflow]]
| A buffer overflow exploit for the game WordJong DS (U).
| [https://github.com/Borgars/ Borgars]
| [https://github.com/Borgars/WordJong-Overflow Install]
|-
| [[CorruptedClues]]
| A stack smash savegame exploit for the game "Cate West: The Vanishing Files", resulted by unchecked string sizes from the highscore data.
| [[User:ChampionLeake|ChampionLeake]]
| [https://github.com/ChampionLeake/CorruptedClues Install]
|}
|}


== TWL/DSi-Enhanced Cart Exploits ==
== TWL/DSi-Enhanced Cart Exploits ==
Line 125: Line 139:
| A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit.
| A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit.
| shutterbug2000
| shutterbug2000
| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432/ See Here]
| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432 Install], [https://github.com/ChampionLeake/BrokenPit Open-source]
|-
|-
| [[petit-compwner]]
| [[petit-compwner]]
Line 131: Line 145:
| zoogie
| zoogie
| [https://github.com/zoogie/petit-compwner/releases Release]
| [https://github.com/zoogie/petit-compwner/releases Release]
|-
| [[stylehax]]
| A primary entrypoint, using a use-after-free in Opera 9.50 (which uses WebKit under the hood).
| @0x1337cafe
| [https://github.com/nathanfarlow/stylehax Release], [https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser Writeup]
|}
|}


Line 144: Line 163:
| One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4!
| One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4!
| ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt
| ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt
| [https://gbatemp.net/threads/announcing-rocketlauncher-the-first-exploit-with-unlocked-arm7.476288/ Writeup]
| [https://github.com/ApacheThunder/RocketLauncher source]
|}
|}




== Bootcode Exploits: ==
== Bootcode Exploits ==


These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's ''title.tmd''. At the moment, nocash's exploit, ''Unlaunch'' is the only known usable exploit.
These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's ''title.tmd''. At the moment, nocash's exploit, ''Unlaunch'' is the only known usable exploit.
Line 162: Line 181:
| NoCash
| NoCash
| [https://problemkaputt.de/unlaunch.htm Install & Writeup]
| [https://problemkaputt.de/unlaunch.htm Install & Writeup]
|-
| Unnamed modchip
| A modchip that exlploits the bootROMs of the Nintendo DSi. It enables code execution on both cores before boot ROM lockout.
| PoroCYon
| [https://media.ccc.de/v/37c3-11736-nintendo_hacking_2023_2008 37c3 talk], [https://icosahedron.website/@pcy/111676158956228552 video], [https://github.com/dsi-modchip/guide DIY guide]
|}
|}
Retrieved from "https://dsibrew.org/wiki/DSi_exploits"