Line 149: |
Line 149: |
| | | |
| == Bootcode Exploits: == | | == Bootcode Exploits: == |
| + | |
| These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's ''title.tmd''. At the moment, nocash's exploit, ''Unlaunch'' is the only known exploit. | | These exploits gain full SCFG_EXT access rights immediately after powering on the system (right before starting the launcher). These exploits are significantly rare and concrete targets can be the launcher's ''title.tmd''. At the moment, nocash's exploit, ''Unlaunch'' is the only known exploit. |
| + | |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| ! Name | | ! Name |
Line 160: |
Line 162: |
| | NoCash | | | NoCash |
| | [https://problemkaputt.de/unlaunch.htm Install & Writeup] | | | [https://problemkaputt.de/unlaunch.htm Install & Writeup] |
| + | |- |
| + | | ARM7 boot ROM code execution |
| + | | A method of dumping the ARM7 boot ROM by obtaining unsigned code execution while the ARM7 boot ROM is running, inspired by the [https://www.3dbrew.org/wiki/3DS_System_Flaws#Hardware vector-glitch hack on the 3DS], which has the same vulnerability. Not applicable to the ARM9, sadly. |
| + | | PoroCYon |
| + | | [https://events.hackerspace.gent/en/newline2021/public/events/72 Presentation] |
| |} | | |} |
− |
| |
− | == DSi-mode exploits ==
| |
− | Team Twiizers released a DSi-mode exploit called [[Sudokuhax]] that loads homebrew from the SD card in DSi-mode. The exploit requires that you have purchased EA's Sudoku game. More details and download: [http://hackmii.com/2011/01/sudokuhax-release/]. Additionally more DSiWare savegame exploits were released for the last time: [http://hackmii.com/2011/08/final-dsiwarehax/]. Copying these savegame exploits to NAND via system settings is [[System_Menu_1.4.2#Global_Update|blocked]] on the latest system version.
| |
− |
| |
− | shutterbug2000 has created an exploit for Flipnote Studio, which uses a modified flipnote that you have to paste 122 times exactly. The exploit can be used with fwtool to downgrade the dsi to be able to use [[Sudokuhax]] or things like it. wintermute and fincs simple 1 paste exploit can be found here [https://davejmurphy.com/%CD%A1-%CD%9C%CA%96-%CD%A1/].
| |
− |
| |
− | ChampionLeake has released an exploit for UNO, a regular DSiWare savegame exploit. Instructions to installing the exploit are here: [https://github.com/ChampionLeake/UNO-pwn#installing-unopwn]
| |
− |
| |
− | The source of the majority of the old dsiware exploits can be found on yellows8's github page [https://github.com/yellows8/dsi]
| |
− |
| |
− | An incomplete list of all DSi exploits are here: [[List of DSi Exploits]]
| |
− |
| |
− | == DSi Enhanced exploits ==
| |
− | Team Twiizers also have found a DSi-mode exploit in cooking coach and have managed to use it to run DSi-mode homebrew. However it has not yet been released. More details at: [http://hackmii.com/2009/07/dsi-mode-homebrew-anyone/] The additional hardware is just required to get a connection to a computer so that things like ram dumps can be created.
| |
− |
| |
− | Wintermute has made available an open source DSi hack. The exploit works on DSi enhanced games, allowing you to run custom code from a save file. Instructions for using the exploit can be found here: [http://davejmurphy.com/dslink/]
| |
− |
| |
− | The cooking coach and classic word games savegame exploits are [[System_Menu_1.4.4|blocked]] on the latest system version. Therefore, the only way to get DSi-mode homebrew running with the latest system version, is with a hardware workaround for the blocked DSi-mode gamecard exploits. Additionally, one could solder the NAND [[Hardware#NAND_pinout|pins]] to a MMC reader/writer, then extract dev.kp for DSiWareHax.
| |
− |
| |
− | It is also possible for homebrew to be loaded through an Action Replay DSi flashcart. If an nds file is saved onto a micro SD card, and then that micro SD is inserted into the Action Replay, the file can be executed by going to the Files menu.
| |
− |
| |
− | New flipnote studio lennyface exploit released allowing someone to run the new custom firmware Hiya CFW allowing people to run homeprew software from their SD card.
| |
− |
| |
− | == DS-mode exploits ==
| |
− |
| |
− | This type of exploit is undesirable because all DSi functionality, such as usage of the [[cameras]], is unavailable to homebrew.
| |
− |
| |
− | Gericom has exploited the "DS Download Station" application which works on all DS family consoles. Runs commercial homebrew via download station. [https://gbatemp.net/threads/haxxstation-ds-download-station-exploit.473648/ Here] you can have the details about it.
| |
− |
| |
− | Blasteh (Blasty) has posted a [http://www.youtube.com/watch?v=7QHO7ctWuZ8 video on Youtube] showing code being run in DS mode on the DSi using [http://en.wikipedia.org/wiki/Fifa_08 Fifa '08].
| |