DSi exploits: Difference between revisions

(10 intermediate revisions by 4 users not shown)

Line 35:

| DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application.

| shutterbug2000, Gericom, and Apache Thunder

| [https://~~gbatemp~~.~~net~~/~~threads/haxxstation-ds-download-station-exploit.473648~~/ See Here]

| [https://github.com/Gericom/dspatch See Here]

|-

| [[BreakingNews]]

Line 41:

| [[User:ChampionLeake|ChampionLeake]]

| [https://github.com/ChampionLeake/BreakingNews/ Install]

|-

| [[NDS-FC2008-Save-Exploit]]

| A savegame exploit for the game "Führerschein Coach 2008".

| [https://github.com/toombaumarkt/ toombaumarkt]

| [https://github.com/toombaumarkt/NDS-FC2008-Save-Exploit Install]

|-

| [[WordJong-Overflow]]

| A buffer overflow exploit for the game WordJong DS (U).

| [https://github.com/Borgars/ Borgars]

| [https://github.com/Borgars/WordJong-Overflow Install]

|-

| [[CorruptedClues]]

| A stack smash savegame exploit for the game "Cate West: The Vanishing Files", resulted by unchecked string sizes from the highscore data.

| [[User:ChampionLeake|ChampionLeake]]

| [https://github.com/ChampionLeake/CorruptedClues Install]

|}

== TWL/DSi-Enhanced Cart Exploits ==

Line 76:

Line 90:

| [https://github.com/zoogie/SystemFlaaw Install]

|}

== DSiWare (True DSi-Mode) Exploits ==

Line 125:

Line 138:

| A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit.

| shutterbug2000

| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432/ ~~See Here~~]

| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432 Install], [https://github.com/ChampionLeake/BrokenPit Open-source]

|-

| [[petit-compwner]]

Line 131:

Line 144:

| zoogie

| [https://github.com/zoogie/petit-compwner/releases Release]

|-

| [[stylehax]]

| A primary entrypoint, using a use-after-free in Opera 9.50 (which uses WebKit under the hood).

| @0x1337cafe

| [https://github.com/nathanfarlow/stylehax Release], [https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser Writeup]

|-

| [[Wrfuxxed]]

| Exploit in a factory test image (WRFU Tester) that communicates with a UART backchannel in a cartridge. Requires a compatible flashcart (currently DSpico only).

| Gericom, XLuma, lifehackerhansol

| [https://github.com/LNH-team/dspico-wrfuxxed Github], [https://github.com/LNH-team/dspico-wrfuxxed/blob/develop/wrfuxxed.md writeup]

|}

Line 144:

Line 167:

| One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4!

| ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt

| [https://~~gbatemp~~.~~net~~/~~threads~~/~~announcing-rocketlauncher-the-first-exploit-with-unlocked-arm7.476288/ Writeup~~]

| [https://github.com/ApacheThunder/RocketLauncher source]

|}

Line 162:

Line 185:

| NoCash

| [https://problemkaputt.de/unlaunch.htm Install & Writeup]

|-

| Unnamed modchip

| A modchip that exlploits the bootROMs of the Nintendo DSi. It enables code execution on both cores before boot ROM lockout.

| PoroCYon

| [https://media.ccc.de/v/37c3-11736-nintendo_hacking_2023_2008 37c3 talk], [https://icosahedron.website/@pcy/111676158956228552 video], [https://github.com/dsi-modchip/guide DIY guide]

|}

@@ Line 35: / Line 35: @@
 | DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application.
 | shutterbug2000, Gericom, and Apache Thunder
-| [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ See Here]
+| [https://github.com/Gericom/dspatch See Here]
 |-
 | [[BreakingNews]]
@@ Line 41: / Line 41: @@
 | [[User:ChampionLeake|ChampionLeake]]
 | [https://github.com/ChampionLeake/BreakingNews/ Install]
+|-
+| [[NDS-FC2008-Save-Exploit]]
+| A savegame exploit for the game "Führerschein Coach 2008".
+| [https://github.com/toombaumarkt/ toombaumarkt]
+| [https://github.com/toombaumarkt/NDS-FC2008-Save-Exploit Install]
+|-
+| [[WordJong-Overflow]]
+| A buffer overflow exploit for the game WordJong DS (U).
+| [https://github.com/Borgars/ Borgars]
+| [https://github.com/Borgars/WordJong-Overflow Install]
+|-
+| [[CorruptedClues]]
+| A stack smash savegame exploit for the game "Cate West: The Vanishing Files", resulted by unchecked string sizes from the highscore data.
+| [[User:ChampionLeake|ChampionLeake]]
+| [https://github.com/ChampionLeake/CorruptedClues Install]
 |}
 == TWL/DSi-Enhanced Cart Exploits ==
@@ Line 76: / Line 90: @@
 | [https://github.com/zoogie/SystemFlaaw Install]
 |}
 == DSiWare (True DSi-Mode) Exploits ==
@@ Line 125: / Line 138: @@
 | A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit.
 | shutterbug2000
-| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432/ See Here]
+| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432 Install], [https://github.com/ChampionLeake/BrokenPit Open-source]
 |-
 | [[petit-compwner]]
@@ Line 131: / Line 144: @@
 | zoogie
 | [https://github.com/zoogie/petit-compwner/releases Release]
+|-
+| [[stylehax]]
+| A primary entrypoint, using a use-after-free in Opera 9.50 (which uses WebKit under the hood).
+| @0x1337cafe
+| [https://github.com/nathanfarlow/stylehax Release], [https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser Writeup]
+|-
+| [[Wrfuxxed]]
+| Exploit in a factory test image (WRFU Tester) that communicates with a UART backchannel in a cartridge. Requires a compatible flashcart (currently DSpico only).
+| Gericom, XLuma, lifehackerhansol
+| [https://github.com/LNH-team/dspico-wrfuxxed Github], [https://github.com/LNH-team/dspico-wrfuxxed/blob/develop/wrfuxxed.md writeup]
 |}
@@ Line 144: / Line 167: @@
 | One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4!
 | ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt
-| [https://gbatemp.net/threads/announcing-rocketlauncher-the-first-exploit-with-unlocked-arm7.476288/ Writeup]
+| [https://github.com/ApacheThunder/RocketLauncher source]
 |}
@@ Line 162: / Line 185: @@
 | NoCash
 | [https://problemkaputt.de/unlaunch.htm Install & Writeup]
+|-
+| Unnamed modchip
+| A modchip that exlploits the bootROMs of the Nintendo DSi. It enables code execution on both cores before boot ROM lockout.
+| PoroCYon
+| [https://media.ccc.de/v/37c3-11736-nintendo_hacking_2023_2008 37c3 talk], [https://icosahedron.website/@pcy/111676158956228552 video], [https://github.com/dsi-modchip/guide DIY guide]
 |}