Homebrew [Rumor] Soundhax might be portable to DSi

[Platinum Lucario]

Well to be fair, the DSi is just a DS revisioning, so they patched many DS exploits. But the 3DS is a fresh new complex system with many entry points.

At the same time, the DSi contains many new entry points in it's CPU as well. The DSi has four different kernels, compared to the DS (which only had two). DSi has ARM9, ARM7, ARM9i and ARM7i kernels. The ARM9i and ARM7i are the main kernels that are utilised when running the System NAND, DSi apps, DSiWare, DSi Exclusive and DSi Enhanced games. The TWL_SYSTEM NAND is completely different from the TWL_FIRM section of the 3DS NAND (because TWL_SYSTEM on DSi has ARM7 and ARM7i functions, since the 3DS doesn't have ARM7 or ARM7i kernels, the TWL_FIRM on the 3DS calls for a completely new emulated instruction set called "AGB_FIRM" , which again is not ARM7 or ARM7i).

 

[metroid maniac]

We are all waiting for that! The DSi is the only console which hasn't been fully-hacked with his own mode. I can't understand how a newer console can have thousands of exploits and this console only have a exploit which is not in the system and you must pay for it.

Lack of interest.
Besides, the attack surface for an absolute DSi hack is pretty small.

 

[OctopusRift]

I am all for a revival. Might as well do it before the system loses online support in Feb.

 

[Ryccardo]

I can't understand how a newer console can have thousands of exploits and this console only have a exploit which is not in the system and you must pay for it.

3DS is Nintendo's first handheld with a real operating system, while the DSi has no actual background processes that could be exploited from an "userland" exploit

Like with GBA/DS, all the system functions usable by applications are run directly from the unprotected bootroms or compiled by the sdk into the roms themselves

Security on the DSi works with hardware registers you can't reenable without resetting (like why you must have 2.1 or less to read otp on 3ds), the launcher reads the header of applications to see what permissions they have (nand+sd? slot-1? camera? etc) tl;dr as you already know, you can't get nand access from an iEvolution so to get more permissions we would need to exploit home into accepting a custom title, the thing is that there aren't any public exploits in the boot chain that could lead to signature patching

---

If the SDK can make retail-signed DSiware and roms (never tried) and get a friend at a bootleg game factory, we could create a physical copy of TWLNmenu and install itself (it being likely the only "official" app with both nand and slot1 access) and other tads...

The same would be doable in a more ethical way with an existing DSiware exploit (implemented without #clobberedkeyslots) and a currently nonexisting homebrew title manager...


-----

Lol I really went off on a tangent here.
Simply put: it's an objective fact the 3DS "security system" is more complex and fine grained.
And it's exactly with complexity that the chance of screwing up increases!

 

[Platinum Lucario]

Any application that has ARM9i/ARM7i kernel access (such as Nintendo DSi Sound and Nintendo DSi Camera) should be the ones to be exploited in order to gain full NAND access, as well as the SD card. No one knows where the exploits are, but the best way to find out... is to experiment and find ways it can be accessed.

Any application installed on the NAND and run from the DSi Menu has access to the entire NAND, because otherwise if they didn't, apps like the Nintendo DSi Shop won't be able to install titles (which it installs directly to the internal NAND storage, unlike the 3DS which installs to the SD card only).

The DSi is more of a system that closes one part of the NAND, then opens another section when needed. When running a game from a game card, it switches directly to it and closes the DSi Menu. But an app that's installed to the DSi, the DSi is still accessing the NAND, so it's still in use. Where as the 3DS is a system that runs two or more applications at the same time (eg. the Home Menu and the 3DS application/game). So in a nutshell, the DSi can only run one application, while the 3DS can run two or more applications.

 

[RocketRobz]

what would the best way to dissasemble the .app files be?

because i dont have much experiance with dissasembling files

If you mean what program, IDA Pro will work.

 

[Rubberduckycooly]

If you mean what program, IDA Pro will work.

ok i will look into using that program!

 

[Thunder Hawk]

I hope this becomes something and not another one of those "I tried" threads that don't go anywhere in the end.

 

[Platinum Lucario]

I hope this becomes something and not another one of those "I tried" threads that don't go anywhere in the end.

I really hope so. I'd really like to see an exploit for Nintendo DSi Sound become a reality. Then a tool can be developed for extracting the NAND without having to solder things onto the Nintendo DSi. I honestly can't find any DSi NAND dump anywhere online, no matter how many times I've searched using Google. Not even one that's decrypted or encrypted.

 

[Flashed]

Maybe asking people who did a NAND Dump in this thread: https://gbatemp.net/threads/dsi-downgrading-the-complete-guide.393682/ via PM?
I don't have a DSi now because it's broken (I broke the motherboard connector and I have tried to solder but it's a bit difficut). I will try to have a working DSi until DSiShop shutdown. Can I still buy dsi points via cc?

 

[windwakr]

Can I still buy dsi points via cc?

No, you haven't been able to buy points since October. You can only spend points already in your account.

 

[Flashed]

Do we have any news about this? I'm considering the idea to buy a DSi, because mine is not working (I broke the motherboard power connection). The problem is that I have no time due to exams and all that...

We have no time to lose! Once April 1st, 2017 deadline comes by, the DSi Shop will be closed and we won't be able to find any more titleIDs of applications anymore. And if we don't do something to preserve everything that is available on the Nintendo DSi Shop (including titleIDs), it will be all lost in history! D:

 

[Rubberduckycooly]

Do we have any news about this? I'm considering the idea to buy a DSi, because mine is not working (I broke the motherboard power connection). The problem is that I have no time due to exams and all that...

i am still looking at it, and i will tell you if i find anything!

 

[Mr Objection]

Is this useful for something?

 

[Platinum Lucario]

Is this useful for something?

Yes, because it will give people easy access to dumping their DSi NAND. And to enable further DSi exclusive Homebrew. After all, we need our NANDs for using on an emulator, such as No$GBA (which is the only emulator that supports DSi NAND emulation).

 

[Mr Objection]

Yes, because it will give people easy access to dumping their DSi NAND. And to enable further DSi exclusive Homebrew. After all, we need our NANDs for using on an emulator, such as No$GBA (which is the only emulator that supports DSi NAND emulation).

great, I would love to see dsi exclusive emulators, but that seems a little impossible

 

[Flashed]

great, I would love to see dsi exclusive emulators, but that seems a little impossible

Actually it's possible. You just need a NAND Dump from a DSi. Unfortunetly we don't know anybody who can provide us

 

[Mr Objection]

Actually it's possible. You just need a NAND Dump from a DSi. Unfortunetly we don't know anybody who can provide us

I don't say it is impossible because it is difficult, I say that because the dsi is old

 

[Thunder Hawk]

Welp, any news?

 

[Rubberduckycooly]

Welp, any news?

i am still looking through the code but with school progress has slowed down quite a bit

(also the switch is coming out soon and that will kill even more of my time )