[Rumor] Soundhax might be portable to DSi

Discussion in 'NDS - Emulation and Homebrew' started by Ryccardo, Dec 27, 2016.

  1. Platinum Lucario

    Platinum Lucario GBAtemp Fan

    Member
    416
    179
    May 17, 2014
    At the same time, the DSi contains many new entry points in it's CPU as well. The DSi has four different kernels, compared to the DS (which only had two). DSi has ARM9, ARM7, ARM9i and ARM7i kernels. The ARM9i and ARM7i are the main kernels that are utilised when running the System NAND, DSi apps, DSiWare, DSi Exclusive and DSi Enhanced games. The TWL_SYSTEM NAND is completely different from the TWL_FIRM section of the 3DS NAND (because TWL_SYSTEM on DSi has ARM7 and ARM7i functions, since the 3DS doesn't have ARM7 or ARM7i kernels, the TWL_FIRM on the 3DS calls for a completely new emulated instruction set called "AGB_FIRM" , which again is not ARM7 or ARM7i).
     
    Last edited by Platinum Lucario, Jan 10, 2017
    marc00077 and Jayro like this.


  2. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,789
    709
    May 16, 2009
    Lack of interest.
    Besides, the attack surface for an absolute DSi hack is pretty small.
     
    marc00077 likes this.
  3. OctopusRift

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    829
    Nov 19, 2014
    Saint Kitts and Nevis
    I am all for a revival. Might as well do it before the system loses online support in Feb.
     
    Garcimak, marc00077, zfreeman and 3 others like this.
  4. Ryccardo
    OP

    Ryccardo WiiUaboo

    Member
    2,495
    1,097
    Feb 13, 2015
    Italy
    Imola
    3DS is Nintendo's first handheld with a real operating system, while the DSi has no actual background processes that could be exploited from an "userland" exploit

    Like with GBA/DS, all the system functions usable by applications are run directly from the unprotected bootroms or compiled by the sdk into the roms themselves

    Security on the DSi works with hardware registers you can't reenable without resetting (like why you must have 2.1 or less to read otp on 3ds), the launcher reads the header of applications to see what permissions they have (nand+sd? slot-1? camera? etc) tl;dr as you already know, you can't get nand access from an iEvolution so to get more permissions we would need to exploit home into accepting a custom title, the thing is that there aren't any public exploits in the boot chain that could lead to signature patching

    ---

    If the SDK can make retail-signed DSiware and roms (never tried) and get a friend at a bootleg game factory, we could create a physical copy of TWLNmenu and install itself (it being likely the only "official" app with both nand and slot1 access) and other tads...

    The same would be doable in a more ethical way with an existing DSiware exploit (implemented without #clobberedkeyslots) and a currently nonexisting homebrew title manager...


    -----

    Lol I really went off on a tangent here.
    Simply put: it's an objective fact the 3DS "security system" is more complex and fine grained.
    And it's exactly with complexity that the chance of screwing up increases!
     
    Last edited by Ryccardo, Jan 16, 2017
  5. Platinum Lucario

    Platinum Lucario GBAtemp Fan

    Member
    416
    179
    May 17, 2014
    Any application that has ARM9i/ARM7i kernel access (such as Nintendo DSi Sound and Nintendo DSi Camera) should be the ones to be exploited in order to gain full NAND access, as well as the SD card. No one knows where the exploits are, but the best way to find out... is to experiment and find ways it can be accessed.

    Any application installed on the NAND and run from the DSi Menu has access to the entire NAND, because otherwise if they didn't, apps like the Nintendo DSi Shop won't be able to install titles (which it installs directly to the internal NAND storage, unlike the 3DS which installs to the SD card only).

    The DSi is more of a system that closes one part of the NAND, then opens another section when needed. When running a game from a game card, it switches directly to it and closes the DSi Menu. But an app that's installed to the DSi, the DSi is still accessing the NAND, so it's still in use. Where as the 3DS is a system that runs two or more applications at the same time (eg. the Home Menu and the 3DS application/game). So in a nutshell, the DSi can only run one application, while the 3DS can run two or more applications.
     
    OctopusRift likes this.
  6. Robz8

    Robz8 Coolest of TWL

    Member
    5,775
    2,301
    Oct 1, 2010
    United States
    If you mean what program, IDA Pro will work.
     
  7. Rubberduckycooly

    Rubberduckycooly Advanced Member

    Newcomer
    58
    24
    Nov 21, 2016
    ok i will look into using that program!
     
  8. Thunder Hawk

    Thunder Hawk Firefox Master Race

    Member
    394
    231
    Jan 21, 2013
    United States
    I hope this becomes something and not another one of those "I tried" threads that don't go anywhere in the end.
     
    Platinum Lucario and I pwned U! like this.
  9. Platinum Lucario

    Platinum Lucario GBAtemp Fan

    Member
    416
    179
    May 17, 2014
    I really hope so. I'd really like to see an exploit for Nintendo DSi Sound become a reality. Then a tool can be developed for extracting the NAND without having to solder things onto the Nintendo DSi. I honestly can't find any DSi NAND dump anywhere online, no matter how many times I've searched using Google. Not even one that's decrypted or encrypted.
     
    Last edited by Platinum Lucario, Feb 3, 2017
    I pwned U! likes this.
  10. Flashed

    Flashed GBAtemp Regular

    Member
    165
    25
    Feb 3, 2016
    Madrid
    Maybe asking people who did a NAND Dump in this thread: https://gbatemp.net/threads/dsi-downgrading-the-complete-guide.393682/ via PM?
    I don't have a DSi now because it's broken (I broke the motherboard connector and I have tried to solder but it's a bit difficut). I will try to have a working DSi until DSiShop shutdown. Can I still buy dsi points via cc?
     
  11. windwakr

    windwakr GBAtemp Fan

    Member
    479
    108
    Sep 13, 2009
    United States
    No, you haven't been able to buy points since October. You can only spend points already in your account.
     
    zoogie likes this.
  12. Flashed

    Flashed GBAtemp Regular

    Member
    165
    25
    Feb 3, 2016
    Madrid
    Do we have any news about this? I'm considering the idea to buy a DSi, because mine is not working (I broke the motherboard power connection). The problem is that I have no time due to exams and all that...

     
  13. Rubberduckycooly

    Rubberduckycooly Advanced Member

    Newcomer
    58
    24
    Nov 21, 2016
    i am still looking at it, and i will tell you if i find anything!
     
    I pwned U! and zfreeman like this.
  14. Mr Objection

    Mr Objection GBAtemp Fan

    Member
    314
    147
    Jul 10, 2016
    Argentina
    Is this useful for something?
     
  15. Platinum Lucario

    Platinum Lucario GBAtemp Fan

    Member
    416
    179
    May 17, 2014
    Yes, because it will give people easy access to dumping their DSi NAND. And to enable further DSi exclusive Homebrew. After all, we need our NANDs for using on an emulator, such as No$GBA (which is the only emulator that supports DSi NAND emulation).
     
  16. Mr Objection

    Mr Objection GBAtemp Fan

    Member
    314
    147
    Jul 10, 2016
    Argentina
    great, I would love to see dsi exclusive emulators, but that seems a little impossible
     
  17. Flashed

    Flashed GBAtemp Regular

    Member
    165
    25
    Feb 3, 2016
    Madrid
    Actually it's possible. You just need a NAND Dump from a DSi. Unfortunetly we don't know anybody who can provide us
     
  18. Mr Objection

    Mr Objection GBAtemp Fan

    Member
    314
    147
    Jul 10, 2016
    Argentina
    I don't say it is impossible because it is difficult, I say that because the dsi is old
     
  19. Thunder Hawk

    Thunder Hawk Firefox Master Race

    Member
    394
    231
    Jan 21, 2013
    United States
    Welp, any news?
     
    I pwned U! and osaka35 like this.
  20. Rubberduckycooly

    Rubberduckycooly Advanced Member

    Newcomer
    58
    24
    Nov 21, 2016
    i am still looking through the code but with school progress has slowed down quite a bit

    (also the switch is coming out soon and that will kill even more of my time ;))