Homebrew DSi Homebrew Channel (IDEA)

  • Thread starter Thread starter desumodnoc
  • Start date Start date
  • Views Views 221,900
  • Replies Replies 735
Status
Not open for further replies.
lilkerv90210 said:
Trolley makes a good point..

Why dnt u help out Trolley...im just askn

Because I'm nowhere near smart enough and I don't have anywhere near enough tech knowledge to be able to pull something like this off.
 
shortperson1026 said:
I don't think an exploit will come until DSi-Only games are available... but prove me wrong.

That's what I was thinking... But unless it utilizes the SD card slot in the game it would only help make a flash cart, which, supposedly, could create a channel (if games are given the authority to do that, like some on the Wii like Mario Kart)


Or we could get it to run a file from the SD card which would do something, or something.

Theoretically. And I don't think any have been announced yet.
 
swimmeringer said:
shortperson1026 said:
I don't think an exploit will come until DSi-Only games are available... but prove me wrong.

That's what I was thinking... But unless it utilizes the SD card slot in the game it would only help make a flash cart, which, supposedly, could create a channel (if games are given the authority to do that, like some on the Wii like Mario Kart)


Or we could get it to run a file from the SD card which would do something, or something.

Theoretically. And I don't think any have been announced yet.
Exactly my thought.

What about an exploit like that new one for the Wii?
 
shortperson1026 said:
I don't think an exploit will come until DSi-Only games are available... but prove me wrong.

So far, all we have for that is dsiware, but unless it reads stuff off the sd card, nothing useful will come from it

I figured we could do save hacking, like if a game searches for save save data on the sd card, than we could possibly replace the save data with one that either causes an unsigned code to be run, or one that causes the code to break and gets replaced by unsigned code

We could do something like the old psp tiff exploits, or like this recent one:

http://psp-news.dcemu.co.uk/5-03-tiff-hell...rld-197302.html

I'm not sure if it will work though, I'm not entirely sure how this stuff works, still, even if I didn't hit the nail on the head, I think I got it pretty close (or at least didn't hit my finger)
 
DSiWare shouldn't have anything to do with DSi only carts.... but the flashcarts which access DSi specific functions may have to wait till then.

However the main aim of this project atm is to dump DSiWare and resign it, sure its not definately going to yield any results, but it's worth a try.
 
Kingfield said:
DSiWare shouldn't have anything to do with DSi only carts.... but the flashcarts which access DSi specific functions may have to wait till then.

However the main aim of this project atm is to dump DSiWare and resign it, sure its not definately going to yield any results, but it's worth a try.
I think an exploit could be present within the camera app. The leader of this project should start looking in the other apps and think out ways to put an exploit into use through apps that use the SD card.

So I think exploration of the following could lead to an exploit:

1. Camera app
2. Settings app (In the data management portion)
3. Web Browser
 
The games don't require the internet constantly connected to run, so its safe to say that the DSiWare games are checked online when they are downloaded. Perhaps you could try to intercept the packets and see what data is being transmitted? Perhaps spoof a false positive check or something
 
Wow, it feel like darkriku2000 is the only person who knows what they`re talking about. Unfortunately, DSiWare saves are kept in internal memory - you can only transfer the encrypted .BIN program to the card. I think we`ll just have to wait until the real hackers get it done and find the DSi common encryption key. Then with a flashcard loaded DSiWare installer (like the .wad installers on the Wii), we`ll get our homebrew running. But, like I said, we just don`t have the people with that kind of internal knowledge in GBAtemp, so we`ll have to wait...
 
Anything a non-DSI owner can do to help out?

Anyway, not all of us are clueless. And theres no reason to stop trying. Everyone can help in their own way. Who knows, we may help develop a exploit/homebrew solution in conjunction with the more 'knowledgeable' types on the DS scene
 
desumodnoc said:
So far I have contacted Yasu, from Yasusoft.
Jay Freeman from saurik
Erm... Jay Freeman *IS* saurik. It's an IRC handle, not a company.

QUOTE said:
UPDATE 4.10.09 11:52 PM PST
- I have successfully extracted WarioWare: Snapped into arm7.bin, arm9.bin etc.
No, you didn't; the data you got was all garbage. I don't know what you did to produce those files, but if you can't tell the difference between failure and success, you should probably go put your thinking cap back on for a while.

QUOTE said:
UPDATE 4.11.09 7:17 PM PST
- Art/ Logos/ Images for the channel, post here: http://zeldaomg.freeforums.org/dsi-homebre...images-t32.html
*sigh*

Just to give you some perspective on the situation, here's the rough timeline of the Wii HBC:
  • Nov. 2006: Wii released
  • Dec. 2006: First GameCube-mode code run on Wii via Action Replay. No real benefit to using Wii over GC.
  • Jan. 2007: Erant releases Drive Cable
  • Feb. 2007: First Wii modchips appear (using variations of hacks from the GameCube)
  • Jun. 2007: I buy a Wii and start talking to people
  • Aug. 2007: First actual Wii homebrew released (by another team) -- a GC-mode DVD player (requires a modchip, but at least you can fit a DVD inside of a Wii, unlike the GameCube
  • Oct. 2007: Wii common key extracted using a hardware hack
  • Nov. 2007: strncmp bug found in IOS
  • Dec. 2007: First public demo of actual Wii-mode code execution; very few details released
  • Jan. 2008: buffer overflow in Zelda savegame parser found. Note that it took a whole year for this to happen, because we needed the hardware hack to get tmbinc's Wii's private key in order to actually modify a savegame.
  • Feb. 2008: first version of Twilight Hack released. Runs code off GC memcard SD adapter. Work begins on adding Wii support to libOGC.
  • Apr. 2008: "April Fool's" time-limited demo of HBC released. It used the same code as the Twilight Hack, more or less, but was installed as a channel. At this point, it became clear we needed some people who could actually code "normal GUI stuff" and who could draw and make music, so we found some on IRC.
  • May. 2008: First public "beta" release of HBC.
So, on that timeline, you're at, oh, Jan-Feb. 2007. You're trying to jump ahead to April, 2008. It took us a year and three or four different exploits until we were able to make and install a channel, and only THEN did we look for people to help with it. Once you're at that point, finding help is usually pretty easy -- we'd been talking with people on #wiidev (or meeting them at conferences, etc) and a group just sort of came together.
QUOTE
UPDATE 4.11.09 5:45 PM PST
- Dan has found the proxy settings for the DSi firmware. "I think we can
probably work off some of the Wii stuff now. It seems quite similar."
You would have saved a lot of time just by reading http://hackmii.com/2009/01/dsibrew/. Yes, there are some similarities -- but not enough that you can just skip a year's worth of hard work. Putting together the final artwork and coding is one of the last bits, and if history is any guide, it will just sort of fall into place once the technical side is ready. Even if you do put together a team now, you'll probably lose half of them due to attrition before you actually have a chance to start coding.

(And no, you can't just try twiddling bits in savegames without a way to sign them. See above.)
 
Well if it is any help an exploit has been found and homebrew has already been created and running. From what I know from translation, Yasu used a buffer overflow exploit on the photo channel app to run his code, but I don't know what this was and we still don't have the common key. On the same subject we already know about the configuration file for storing pictures and other information, and the DSi by default stores pictures at DCIM/101NIN02. We also know that with the commands the web browser supports it may be possible through that too. Yasu also plans to release CFW in the future, but he will probably make it not able to run backups. Unfortunately I have little knowledge of how to do buffer overflows and can't really be of much help on that front.
 
Come to think of it, when we need the exploit, pictures would be ripe for the harvesting, so to speak.
They contain many variables to be read by the DSi. We can only hope that there is a flaw in the renderer though
 
captainobvious5 said:
Well if it is any help an exploit has been found and homebrew has already been created and running. From what I know from translation, Yasu used a buffer overflow exploit on the photo channel app to run his code, but I don't know what this was and we still don't have the common key. On the same subject we already know about the configuration file for storing pictures and other information, and the DSi by default stores pictures at DCIM/101NIN02. We also know that with the commands the web browser supports it may be possible through that too. Yasu also plans to release CFW in the future, but he will probably make it not able to run backups. Unfortunately I have little knowledge of how to do buffer overflows and can't really be of much help on that front.
So my theory from the other thread was partially correct?
tongue.gif
 
Making a video crash the Wii wasn't too hard. Anyway Nintendo has always half-assed their operating system software, so it will probably be not too hard to find some sort of JPEG exploit that works.

EDIT: Yes, it was lol
 
The only thing I'm worried about is that since Yasu did the buffer overflow just 3 days after the system was released and made it public, nintendo may have looked into it and fixed the flaw, so on one hand it might stop this, on the other hand, it didn't stop the twilight hack
tongue.gif
 
Uhh, as im not bothered to read the whole thread, have you found an exploit.

Use a chip and make sure you get in to dsi mode not ds then get me a file system, then talk to me.
 
darkriku2000 said:
The only thing I'm worried about is that since Yasu did the buffer overflow just 3 days after the system was released and made it public, nintendo may have looked into it and fixed the flaw, so on one hand it might stop this, on the other hand, it didn't stop the twilight hack
tongue.gif
I think that's where you are wrong. There's no proof that it was indeed a buffer overflow (that I know of) and according to what I've read he only recently announced this exploit publicly, putting Nintendo a step behind.
 
Normmatt said:
Yasu's exploit was a buffer overflow of a nds game's save reading code thus ds compatibility mode only.
Huh... where did you get that info from?
 
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum