Hacking DSi hacking method?

[cracker]

I was just reading through other threads on the progress of DSi hacking and something occurred to me. I don't have a DSi so I can't do any of the testing myself. :/ I am thinking that it might be possible to add code to boot a flash cart by injecting code into the decrypted download play ROM and then re-encrypting it and sending it from a DS/Lite. Has anyone attempted this?

 

[playallday]

I was thinking to use the hack we know about (or some do

) and use it to boot the slot-1. Just my idea.

 

[cracker]

It never hurts to have more than one type of exploit.

I was just sharing an idea for those who have the means to attempt hacking the DSi. It wouldn't be good for the longterm because you would always need a DS/Lite to boot it up but it might be useful for some type of firmware meddling and figuring out how to get games to boot, etc.

 

[Balrogs.Pain]

Couldnt you have some sort of download play where you make the DSI (download) Run a program?)

 

[cracker]

That's basically what I meant. Instead of the demo or multiplayer sharing it would execute code to bypass the check and boot the flash cart up.

 

[gamefreakfatty]

Not sure if it helps, but a post i did in another thread:

Okay, I don't know if this has been brought up before or not. From what I know, R4DS/M3Simply, other carts of the time, and more modern carts all used the same NoPass method to get the DS/DSL to boot them up without the need of another (legit/licensed) game. This (NoPass) method was discovered/developed/designed/whatever by the developer of no$gba and the other nocash projects, Martin. He dumped the BIOS (or whatever code was used) for the DS (or DSL) and managed to find the code that is used to determine whether or not the inserted cartridge is a legit/licensed one. Honestly, I probably don't know enough to help out with the situation, although I thought I would put this out there as a possibility.


Here are some things that might help:

Does anyone know if the (known/public?) method was missing part of the routine which was not necessarily used in the DS/DSL units but is now used in the DSi?

Has anyone attempted, or better yet, successfully dumped the BIOS (or whatever code is was previously dumped) in a form usable for disassembly and analysis of the code?


If we manage to dump the same portion of the code that Martin (developer of the nocash projects) dumped previously, we may be able to analyze the code and determine how the routine (for headers or whatever is used to determine whether or not the cart is legit) works.


That's just my 2 cents. Hope it helps, and good luck on getting this all sorted out!

-gamefreakfatty

 

[Normmatt]

I was just reading through other threads on the progress of DSi hacking and something occurred to me. I don't have a DSi so I can't do any of the testing myself. :/ I am thinking that it might be possible to add code to boot a flash cart by injecting code into the decrypted download play ROM and then re-encrypting it and sending it from a DS/Lite. Has anyone attempted this?

We can't re-encrypt them, we don't know Nintendo's private key.

 

[cracker]

I was just reading through other threads on the progress of DSi hacking and something occurred to me. I don't have a DSi so I can't do any of the testing myself. :/ I am thinking that it might be possible to add code to boot a flash cart by injecting code into the decrypted download play ROM and then re-encrypting it and sending it from a DS/Lite. Has anyone attempted this?

We can't re-encrypt them, we don't know Nintendo's private key.

Hmmm yeah that would prove a problem. :/ (I don't know much about encryption/decryption... Does it show?

)

 

[jonesman99]

what about breaking the autoboot crasher by flooding it with alot of data from the cart and the sd slot?

 

[cracker]

That would require a corrupted FAT table on the SD card or something. As for the flash cart it would probably need its code overwritten and rendered useless besides being able to boot the DS into a different mode.