Homebrew Idea: SSL exploit, Flipnote, and the DSi system updater

Deleted User · Nov 16, 2018

Is the DSI's updater XML/SOAP request signature not checked apart from HTTPS/the installed title signatures?
If it is NOT, could we use the SSL constraint exploit to add Flipnote studio as an "updated title" and install it without the shop? Because it would be the untouched tmd/ticket/app it wouldn't fail the "inner" sig check

Deleted User · Nov 17, 2018

Update:
It isn't!

https://yls8.mtheall.com/ninupdates/titlelist.php?date=12-11-12_07-30-09&sys=twl&reg=E&soapreply=1

Deleted User · Nov 24, 2018

I was trying to find more information about the update requests and, hilariously, the #1 hit on Google for "dsi updater soap" is this literal thread

edo9300 · Nov 25, 2018

There's shutterbug that is already working on an exploit using the SSL flaw

SCOTT0852 · Nov 25, 2018

edo9300 said:
There's shutterbug that is already working on an exploit using the SSL flaw

That's different from this though. Shutter's flaw is to run code to install unlaunch whenever any DSi app connects to the network, this is trying to use the system update feature to install Flipnote Studio, which we can exploit.

Deleted User · Nov 28, 2018

SCOTT0852 said:
That's different from this though. Shutter's flaw is to run code to install unlaunch whenever any DSi app connects to the network, this is trying to use the system update feature to install Flipnote Studio, which we can exploit.

This, if it works, would also be an order of magnitude easier to actually make.

Crimson Cuttlefish · Nov 28, 2018

Could this mean installation of DSiWare like FNS without hardmodding? Huge if so, unknown size if not because I am not well-versed

Deleted User · Nov 28, 2018

Crimson Cuttlefish said:
Could this mean installation of DSiWare like FNS without hardmodding? Huge if so, unknown size if not because I am not well-versed

Yes, because once flipnote is installed you can use Lenny to install unlaunch

edo9300 · Nov 28, 2018

Had this idea, instead of downloading an exploitable dsiware, once you can download anything you want, you should be able to directly install an homebrew that let's you mod the ds without performing any exploit

Deleted User · Nov 28, 2018

edo9300 said:
Had this idea, instead of downloading an exploitable dsiware, once you can download anything you want, you should be able to directly install an homebrew that let's you mod the ds without performing any exploit

That is not possible.

The updater downloads a list of official, signed titles and installs them. HOWEVER, that list can be edited to include anything that is/was free on the eShop (like Flipnote and the browser, and maybe 4SAE). Not just any code from anywhere

bennyman123abc · Nov 28, 2018

parrotgeek1 said:
That is not possible.

The updater downloads a list of official, signed titles and installs them. HOWEVER, that list can be edited to include anything that is/was free on the eShop (like Flipnote and the browser, and maybe 4SAE). Not just any code from anywhere

Okie. Now how do you propose we edit this list?

Deleted User · Nov 29, 2018

bennyman123abc said:
Okie. Now how do you propose we edit this list?

Creating a fake update server using NDS constraint (previously not possible because we couldn't bypass SSL certificate checks)

Flashed · Nov 29, 2018

This point is really interesting. I have been reading a lot about DNS Spoofing, and knowing that now we can bypass SSL, we should have acces to the updater tool.
Nevertheless, this will require reverse engineering. Tools like wireshark may help a lot.

ableto288 · Dec 1, 2018

So its possible create it?

(Sorry 4 bad english)

b0br · Dec 4, 2018

hello all (

)
b0br here
I'm new

its there a rogue app store? can we run a httpdssl server, dns resolve locally, recreate the shop and put up our own downloads then?

gudenau · Dec 4, 2018

Would be really cool if that would work. Imagine managing to make it so the DSi could install homebrew from the eShop as though it was signed.

Deleted User · Dec 6, 2018

gudenau said:
Would be really cool if that would work. Imagine managing to make it so the DSi could install homebrew from the eShop as though it was signed.

It's possible if you were to delete the old eShop and make a patched one without RSA checks, but not directly without unlaunch

gudenau · Dec 7, 2018

parrotgeek1 said:
It's possible if you were to delete the old eShop and make a patched one without RSA checks, but not directly without unlaunch

I don't know, maybe a bug in that could be found one day.

ableto288 · Dec 8, 2018

parrotgeek1 said:
This, if it works, would also be an order of magnitude easier to actually make.

Its possible do that?

Homebrew Idea: SSL exploit, Flipnote, and the DSi system updater

Deleted User

Guest

Deleted User

Guest

Deleted User

Guest

Well-Known Member

shiny rubber creature

Deleted User

Guest

Well-Known Member

Deleted User

Guest

Well-Known Member

Deleted User

Guest

Well-Known Member

Deleted User

Guest

Well-Known Member

Member

New Member

Largely ignored

Deleted User

Guest

Largely ignored

Member

Similar threads

Popular threads in this forum