Well I am not the greatest C++ programmer, but I'm good with other languages, and especially good with hardware (emphases on especially). Anyway i'm getting a DSi in less than a month. I'll open it up and see it I can figure anything out. I'll also work on dumping the firmware and such. Maybe I can figure something out in there since i used to program assembly on my TI-89.
EDIT: You should probably get in touch with the teams that found the Zelda exploit on Wii as well as the people who created the Wii homebrew channel. If the DSi firmware structure is as similar to the Wii's as I've heard it is, the IOS's are probably quite similar too, which could lead to a faster development.
EDIT 2: In my research I have found this information, which may or may not be useful, but the browser bit could be especially useful, and the picture file could be part of how Yasu hacked the DSi. idk but here's the info: "I have been looking for vulnerabilities in the web browser and a strange
database file that was saved to the memory card. The file is in the
"private" folder and was created by the DSi camera application upon saving
images to the card. it appears to be used for determining where images are
stored on the card. I have also discovered that the browser supports the
XMLHttpRequest object and cookies can be permanently saved to the system
memory."