I wonder how they achieved this: IIRC (correct me if I'm wrong) the DSi checks DS cards this way:
- post-DSi-release DS cards (even not "enhanced" ones) have an
additional RSA signature, that is ignored by DS Phat and DS Lite.
- the older cards (all DS Mode-only, obviously) are all in a
whitelist in the DSi NAND (it should be a list with SHA1 sums of binaries, overlays, header etc).
According to Team Twiizers, all the current DSi flashcards work like this: when the DSi "asks" for header, binaries, overlays etc. to checksum them, they "answer" with the genuine data from a "whitelisted" exploitable game (this is why all of them have an original game icon/title). The DSi launches the "game" (obviously), but when the game binary loads the "exploitable" overlay, the card this time "answers" with the hacked one, and after the exploit is successful, the flashcard code gets executed.
Now, of course no DSi Enhanced game uses the whitelist (it would be foolish), they all use the additional signature. The DSi binary
is also encrypted.
Maybe they just put a full DSi Enhanced game on the iEvo, one that loads an exploitable savegame on startup (basically, an "automatic" cooking coach exploit
)?