23
edits
Changes
Jump to navigation
Jump to search
Line 12:
Line 12: − + − + − + − + − + − + − + + + + + + − Line 53:
Line 57: − + Line 59:
Line 63: − + Line 65:
Line 69: − + Line 71:
Line 75: − + Line 78:
Line 82: − + − + Line 87:
Line 91: − + − + − + − + − + − + − + − + − + − + + + + + + + + + + + − Line 137:
Line 150: − + − + − + − + + + Line 152:
Line 167: − + − + + + + + + − − == DSi-mode exploits == − Team Twiizers released a DSi-mode exploit called [[Sudokuhax]] that loads homebrew from the SD card in DSi-mode. The exploit requires that you have purchased EA's Sudoku game. More details and download: [http://hackmii.com/2011/01/sudokuhax-release/]. Additionally more DSiWare savegame exploits were released for the last time: [http://hackmii.com/2011/08/final-dsiwarehax/]. Copying these savegame exploits to NAND via system settings is [[System_Menu_1.4.2#Global_Update|blocked]] on the latest system version. − − shutterbug2000 has created an exploit for Flipnote Studio, which uses a modified flipnote that you have to paste 122 times exactly. The exploit can be used with fwtool to downgrade the dsi to be able to use [[Sudokuhax]] or things like it. wintermute and fincs simple 1 paste exploit can be found here [https://davejmurphy.com/%CD%A1-%CD%9C%CA%96-%CD%A1/]. − − ChampionLeake has released an exploit for UNO, a regular DSiWare savegame exploit. Instructions to installing the exploit are here: [https://github.com/ChampionLeake/UNO-pwn#installing-unopwn] − − The source of the majority of the old dsiware exploits can be found on yellows8's github page [https://github.com/yellows8/dsi] − − An incomplete list of all DSi exploits are here: [[List of DSi Exploits]] − − == DSi Enhanced exploits == − Team Twiizers also have found a DSi-mode exploit in cooking coach and have managed to use it to run DSi-mode homebrew. However it has not yet been released. More details at: [http://hackmii.com/2009/07/dsi-mode-homebrew-anyone/] The additional hardware is just required to get a connection to a computer so that things like ram dumps can be created. − − Wintermute has made available an open source DSi hack. The exploit works on DSi enhanced games, allowing you to run custom code from a save file. Instructions for using the exploit can be found here: [http://davejmurphy.com/dslink/] − − The cooking coach and classic word games savegame exploits are [[System_Menu_1.4.4|blocked]] on the latest system version. Therefore, the only way to get DSi-mode homebrew running with the latest system version, is with a hardware workaround for the blocked DSi-mode gamecard exploits. Additionally, one could solder the NAND [[Hardware#NAND_pinout|pins]] to a MMC reader/writer, then extract dev.kp for DSiWareHax. − − It is also possible for homebrew to be loaded through an Action Replay DSi flashcart. If an nds file is saved onto a micro SD card, and then that micro SD is inserted into the Action Replay, the file can be executed by going to the Files menu. − − New flipnote studio lennyface exploit released allowing someone to run the new custom firmware Hiya CFW allowing people to run homeprew software from their SD card. − − == DS-mode exploits == − − This type of exploit is undesirable because all DSi functionality, such as usage of the [[cameras]], is unavailable to homebrew. − − Gericom has exploited the "DS Download Station" application which works on all DS family consoles. Runs commercial homebrew via download station. [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ Here] you can have the details about it. − − Blasteh (Blasty) has posted a [http://www.youtube.com/watch?v=7QHO7ctWuZ8 video on Youtube] showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08]. − − == List of ideas for exploitation/hacking of the latest DSi system version == − Rules − − →Do not remove ideas, only add − − →Do not delete this section − − →If your idea is 'Epic' mark it with * [only do this if it will certainly work] − − →You must research whether your idea will work or not − − − Just an idea, but couldn't we make a .gif file that Flipnote could read, then the GIF could crash Flipnote and somehow load up the DSi homebrew? − − We could try to connect to the DSi using the DS Download Play software, like the Wii and other DS can? I suggest connecting a PC via Bluetooth, push over an exploit program and run it.--[[User:Bernd L|Bernd L]] 16:18, 21 February 2017 (CET) − : [[User:Bernd L|Bernd L]] Long time, no answer. "Don't worry, there will be an exploit coming soon for Flipnote Studio/DSi Browser that will allow you to downgrade to 1.4." [[User:Abequinn|Abequinn]] 23:46, 14 August 2017 (CEST)
Removing direct links to the pirate forum
! Source
! Source
|-
|-
| FIFA NDS
| [[FIFA NDS]]
| Every single FIFA game on the Nintendo DS has been exploited.
| Every single FIFA game on the Nintendo DS has been exploited.
| Everyone
| Everyone
| [https://github.com/CTurt/Dara CTurt's Source Code]
| [https://github.com/CTurt/Dara CTurt's Source Code]
|-
|-
| Bangai-O-Sploit
| [[Bangai-O-Sploit]]
| A ''primary'' entrypoint for the game, ''Bangai-O Spirit'', on the Nintendo DS. This game was successfully exploit through sound.
| A ''primary'' entrypoint for the game, ''Bangai-O Spirit'', on the Nintendo DS. This game was successfully exploit through sound.
| smealum
| smealum
| [https://github.com/smealum/bangai-o-sploit Install]
| [https://github.com/smealum/bangai-o-sploit Install]
|-
|-
| NDS-ILH-Save-Exploit
| [[NDS-ILH-Save-Exploit]]
| "I Love Horses" Nintendo DS save exploit
| "I Love Horses" Nintendo DS save exploit
| [https://github.com/mojobojo/ mojobojo]
| [https://github.com/mojobojo/ mojobojo]
| [https://github.com/mojobojo/NDS-ILH-Save-Exploit Install]
| [https://github.com/mojobojo/NDS-ILH-Save-Exploit Install]
|-
|-
| ABR-NDS-SaveExploit
| [[ABR-NDS-SaveExploit]]
| A stack smash savegame exploit for the game "Asterix Brain Trainer"
| A stack smash savegame exploit for the game "Asterix Brain Trainer"
| [https://github.com/WemI0/ Weml0]
| [https://github.com/WemI0/ Weml0]
| [https://github.com/WemI0/ABR-NDS-SaveExploit Install]
| [https://github.com/WemI0/ABR-NDS-SaveExploit Install]
|-
|-
| HaxxStation
| [[HaxxStation]]
| DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application.
| DS Download Station exploit, allowing one to run any commercial homebrew over from the DS download play application.
| shutterbug2000, Gericom, and Apache Thunder
| shutterbug2000, Gericom, and Apache Thunder
| [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ See Here]
| [https://github.com/Gericom/dspatch See Here]
|-
|-
| BreakingNews
| [[BreakingNews]]
| A stack smash savegame exploit for the game "The New York Times: Crossword" resulting from stack buffer overflow (profile slot names).
| A stack smash savegame exploit for the game "The New York Times: Crossword" resulting from stack buffer overflow (profile slot names).
| [[User:ChampionLeake|ChampionLeake]]
| [[User:ChampionLeake|ChampionLeake]]
| [https://github.com/ChampionLeake/BreakingNews/ Install]
| [https://github.com/ChampionLeake/BreakingNews/ Install]
|-
| [[NDS-FC2008-Save-Exploit]]
| A savegame exploit for the game "Führerschein Coach 2008".
| [https://github.com/toombaumarkt/ toombaumarkt]
| [https://github.com/toombaumarkt/NDS-FC2008-Save-Exploit Install]
|}
|}
== TWL/DSi-Enhanced Cart Exploits ==
== TWL/DSi-Enhanced Cart Exploits ==
! Source
! Source
|-
|-
| The Biggest Losers
| [[The Biggest Losers]]
| Exploit for The Biggest Loser which runs in DSi mode if you use a real cartridge on a DSi or 3DS system, otherwise, it runs in DS mode.
| Exploit for The Biggest Loser which runs in DSi mode if you use a real cartridge on a DSi or 3DS system, otherwise, it runs in DS mode.
| st4rk
| st4rk
[https://davejmurphy.com/dslink/ WinterMute's dslink]
[https://davejmurphy.com/dslink/ WinterMute's dslink]
|-
|-
| Cookhack
| [[Cookhack]]
| DSi Cooking Coach exploit
| DSi Cooking Coach exploit
| WinterMute
| WinterMute
[https://davejmurphy.com/dslink/ dslink]
[https://davejmurphy.com/dslink/ dslink]
|-
|-
| Classichack
| [[Classichack]]
| DSi Classic Word Games exploit
| DSi Classic Word Games exploit
| WinterMute
| WinterMute
[https://davejmurphy.com/dslink/ dslink]
[https://davejmurphy.com/dslink/ dslink]
|-
|-
| SystemFlaaw
| [[SystemFlaaw]]
| The first DSi exclusive cartridge title to be exploited for the game, SystemFlaw
| The first DSi exclusive cartridge title to be exploited for the game, SystemFlaw
| zoogie
| zoogie
== DSiWare(True DSi-Mode) Exploits ==
== DSiWare (True DSi-Mode) Exploits ==
These are ARM9 exploits that take over a DSiWare title. They run in the same context that the DSi-Enhanced games do, but with additional SD and NAND access. These exploits are valuable since they can be used to downgrade the console firmware to older versions. You can also run commercial homebrew applications from the SD card. However this doesn't allow any cartridge access.
These are ARM9 exploits that take over a DSiWare title. They run in the same context that the DSi-Enhanced games do, but with additional SD and NAND access. These exploits are valuable since they can be used to downgrade the console firmware to older versions, or install a persistent exploit such as Unlaunch. You can also run commercial homebrew applications from the SD card. However this doesn't allow any cartridge access.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Source
! Source
|-
|-
| Sudokuhax
| [[Sudokuhax]]
| One of the first DSiWare exploits for the Nintendo DSi on the game SUDOKU by EA. (You must have the 1st version of this game in order to use the exploit as it was patched.
| One of the first DSiWare exploits for the Nintendo DSi on the game SUDOKU by EA. (You must have the 1st version of this game in order to use the exploit as it was patched.
| TeamTwiizer, yellows8
| TeamTwiizer, yellows8
| [https://github.com/yellows8/dsi/tree/master/exploits/sudokuhax Install]
| [https://github.com/yellows8/dsi/tree/master/exploits/sudokuhax Install]
|-
|-
| grtpwn
| [[grtpwn]]
| A Gameloft DSiWare savegame exploit for the game, Guitar Rock Tour!
| A Gameloft DSiWare savegame exploit for the game, Guitar Rock Tour!
| yellows8
| yellows8
| [https://github.com/yellows8/dsi/tree/master/exploits/grtpwn Install]
| [https://github.com/yellows8/dsi/tree/master/exploits/grtpwn Install]
|-
|-
| exidiahax
| [[exidiahax]]
| A Gameloft DSiWare savegame exploit for the game, Legend of Exidia!
| A Gameloft DSiWare savegame exploit for the game, Legend of Exidia!
| yellows8
| yellows8
| [https://github.com/yellows8/dsi/tree/master/exploits/exidiahax Install]
| [https://github.com/yellows8/dsi/tree/master/exploits/exidiahax Install]
|-
|-
| fieldrunhax
| [[fieldrunhax]]
| A Subatomic Studios DSiWare savegame exploit for the game, FIELDRUNNERS!
| A Subatomic Studios DSiWare savegame exploit for the game, FIELDRUNNERS!
| yellows8
| yellows8
| [https://github.com/yellows8/dsi/tree/master/exploits/fieldrunhax Install]
| [https://github.com/yellows8/dsi/tree/master/exploits/fieldrunhax Install]
|-
|-
| 4swordhax
| [[4swordhax]]
| A DSiWare savegame exploit for the game, The Legend of Zelda: Four Swords Anniversary Edition!
| A DSiWare savegame exploit for the game, The Legend of Zelda: Four Swords Anniversary Edition!
| yellows8
| yellows8
| [https://github.com/yellows8/dsi/tree/master/exploits/4swordhax Install]
| [https://github.com/yellows8/dsi/tree/master/exploits/4swordhax Install]
|-
|-
| Flipnote( ͡° ͜ʖ ͡°) or ugopwn
| [[Flipnote ( ͡° ͜ʖ ͡°)]] and [[ugopwn]]
| A Primary entrypoint for the DSiWare Application, Flipnote Studio! This exploit was first exploit by shutterbug2000. Later, WinterMute and fincs released a stable version of the exploit.
| A Primary entrypoint for the DSiWare Application, Flipnote Studio! This exploit was first exploit by shutterbug2000. Later, WinterMute and fincs released a stable version of the exploit.
| shutterbug2000, WinterMute, fincs, zoogie
| shutterbug2000, WinterMute, fincs, zoogie
| [https://davejmurphy.com/%CD%A1-%CD%9C%CA%96-%CD%A1/ Install]
| [https://davejmurphy.com/%CD%A1-%CD%9C%CA%96-%CD%A1/ Install]
|-
|-
| UNO*pwn
| [[UNO*pwn]]
| A DSiWare savegame exploit for the game, UNO, that involves a simple stack buffer overflow within the player's username with the settings functionality of the game!
| A DSiWare savegame exploit for the game, UNO, that involves a simple stack buffer overflow within the player's username with the settings functionality of the game!
| [[User:ChampionLeake|ChampionLeake]]
| [[User:ChampionLeake|ChampionLeake]]
| [https://github.com/ChampionLeake/UNO-pwn Install]
| [https://github.com/ChampionLeake/UNO-pwn Install]
|-
|-
| MemoryPit
| [[Memory Pit]]
| A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit.
| A primary exploit for the DSi that involves the system application "Camera"! All you need is an SD Card to use this exploit.
| shutterbug2000
| shutterbug2000, [[User:ChampionLeake|ChampionLeake]]
| [https://gbatemp.net/threads/memory-pit-a-new-dsi-exploit-for-dsi-camera.539432/ See Here]
| [https://github.com/ChampionLeake/BrokenPit See Here]
|-
| [[petit-compwner]]
| The last string argument of interpreter command "COLSET" is not bounds checked, thus a trivial stack smash can occur if the string is overly long.
| zoogie
| [https://github.com/zoogie/petit-compwner/releases Release]
|-
| [[stylehax]]
| A primary entrypoint, using a use-after-free in Opera 9.50 (which uses WebKit under the hood).
| @0x1337cafe
| [https://github.com/nathanfarlow/stylehax Release], [https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser Writeup]
|}
|}
== ARM7 Exploits ==
== ARM7 Exploits ==
! Source
! Source
|-
|-
| RocketLauncher
| [[RocketLauncher]]
| One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4!
| One of the first ever unlocked ARM7 DSi exploit involving the DS Cart White list in secton 3. This exploit only works on firmwares v1.4!
| ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt
| ApacheThunder, stuckpixel, NoCash, Gericom, and Normmatt
| [https://gbatemp.net/threads/announcing-rocketlauncher-the-first-exploit-with-unlocked-arm7.476288/ Writeup]
| [https://github.com/ApacheThunder/RocketLauncher source]
|}
|}
== Bootcode Exploits: ==
== Bootcode Exploits ==
These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's ''title.tmd''. At the moment, nocash's exploit, ''Unlaunch'' is the only known exploit.
These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's ''title.tmd''. At the moment, nocash's exploit, ''Unlaunch'' is the only known usable exploit.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Name
! Name
! Source
! Source
|-
|-
| Unlaunch
| [[Unlaunch]]
| Possibly one of the first bootcode exploit for the Nintendo DSi!
| Possibly one of the first bootcode exploit for the Nintendo DSi! This exploit deals with taking advantage of the launcher's "title.tmd" size as it's not checked, allowing esculated permissions!
| NoCash
| NoCash
| [https://problemkaputt.de/unlaunch.htm Install & Writeup]
| [https://problemkaputt.de/unlaunch.htm Install & Writeup]
|-
| Unnamed modchip
| A modchip that exlploits the bootROMs of the Nintendo DSi. It enables code execution on both cores before boot ROM lockout.
| PoroCYon
| [https://media.ccc.de/v/37c3-11736-nintendo_hacking_2023_2008 37c3 talk], [https://icosahedron.website/@pcy/111676158956228552 video], [https://github.com/dsi-modchip/guide DIY guide]
|}
|}