Hacking DSi 2015?

Discussion in '3DS - Flashcards & Custom Firmwares' started by OctopusRift, Jul 16, 2015.

  1. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    I'm writing a small program using an old exploit to try to port unsigned software to the 3DS... more details later... anyway, what's the simplest way to hack the DSi today with nothing but a flashcart and an SD card?
     
    I pwned U! likes this.
  2. usernametaken

    usernametaken GBAtemp Maniac

    Member
    1,250
    345
    May 13, 2015
    United States
    Don't Nds carts work on the dsi regardless?
     
  3. reiyu

    reiyu Canadian, eh?

    Member
    861
    187
    Jan 8, 2008
    Canada
    depends on the cart. acekard2i stopped working after the 1.4.5 update.
     
    usernametaken likes this.
  4. usernametaken

    usernametaken GBAtemp Maniac

    Member
    1,250
    345
    May 13, 2015
    United States
    I see, good to know. :)
     
  5. SickPuppy

    SickPuppy New Member

    Member
    1,789
    451
    Jul 29, 2009
    United States
    No, the flashcart needs to be DSi compatible. My M3DS Real and Cyclo DS don't work on my DSi and probably never will.
     
  6. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    Yes but I need NAND access or at least SD.
     
  7. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,240
    12,842
    Oct 11, 2011
    Antarctica
    В небо
    Your best bet is a CycloDSi.
    All DSi compatible flashcards operate on DS mode and have no access to NAND or SD.
     
  8. zoogie

    zoogie simple pimp tool

    Member
    6,490
    8,331
    Nov 30, 2014
    United States
    If you want to run dsi mode code on >1.4.1 firmware, use the Biggest Loser save hax. Only 8K so you have to make it count.
    https://github.com/St4rk/The-Biggest-Loser

    Since it's cart, no NAND/SD hax like Dinoh said.
    Eh scratch that. Just read your previous post.

    You're going to need to hack a dsiware save, preferably something with QR codes. (it's a BASIC choice :P)
     
    st4rk likes this.
  9. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    Guh... that's annoying... I would love to modify sd cart content so I can move modified content to 3DS for... a reason.
     
  10. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,110
    4,063
    Oct 7, 2007
    United States
    Levelland, Texas
    Sudokohax is your best bet. Especially since it's easy to install on a 3DS now a days. I think it's still possible to inject sudokohax onto a DSi as long as it's not on 1.4.5 where firmware was updated to block you from importing it from SD.

    Not sure what you are wanting to do. Possibly you could modify this:

    https://github.com/devkitPro/nds-hb-menu/issues

    Or DSi Homebrew Channel (preferably hb-menu though since it has working SDHC access to SD card) to use as a possible DS game loader. You'd just have to find a way of sandboxing the DS games correctly (because Sudoku runs in DSi mode) and patching roms on the fly to read/write saves to a file on SD. Some DS flashcarts already do this to some degree, so you can always look at existing examples on how to do that.

    Also Sudokohax payload is known to actively corrupt keyslot3 on DSi to prevent NAND dumping. Perhaps you can modify or rewrite the payload so that is no longer the case? (and also make a NAND dumper homebrew while you're at it. I would love to try and inject a DSi nand dump into my 3DS TWLN partition to see how functional it would be. :P )

    That and you could also just customize the payload to make the hbmenu game loader easier to setup instead of working with the default sudokhax payload.

    The plus with this is it will work on both on a DSi and a 3DS in TWL mode.

    Note that with currently known exploits, you can't have both slot1 and SD card access. Sudoko has SD (and NAND access if you fix the sudokohax payload) but no Slot1.

    Exploiting Slot1 games means no SD acess.

    I think you'd have to find an exploit on system firmware to possibly have access to both. Currently there are no known exploits with default system software. Mostly due to lack of interest at this point.
     
    Last edited by Apache Thunder, Jul 16, 2015
    SektorZero likes this.
  11. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    Hello, I Am not totaly sure but the DSi disable the access to SDMC(hardware) in non-dsi games(this include DSi Enhanced game as well). I doubt will be easy to find flaws on native-apps(I digged for many days), but there is a game that I believe can be exploited, the Flipnote Hatena : p
     
  12. Hammyface

    Hammyface GBAtemp Advanced Fan

    Member
    538
    49
    Jun 4, 2006
    United States
    Vermont
    Good luck man. I've been itching to get more use out of my DSiXL

    DS games simply look so much better on it than the 3DS XL. Godspeed!
     
    I pwned U! and OctopusRift like this.
  13. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    Hey man! Thanks... but how do I iinject it?
    Flipnote... I HAVE THAT! What access does it have... SD... yep... Nand. wow... St4rk can we talk?
     
    I pwned U! likes this.
  14. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,110
    4,063
    Oct 7, 2007
    United States
    Levelland, Texas
    List of well known DSi exploits:

    http://bootmii.org/dsiexploits/downloads/exploitslist

    http://hackmii.com/2011/08/final-dsiwarehax/

    Note that I was a bit off on what version firmware your DSi would have to be on. It has to be 1.4.1 or less. 1.4.2 or higher blocked you from imported exploited games due to a change in how it verifies the file signing of the exported file. (as that is the only practical means of using DSiWare exploits. I believe 1.4.2 and higher also specifically blocked a few of the DSi enhanced cartridge game exploits. Though those exploits aren't as useful to you anyways due to lack of SD access)

    Though you must have already gotten the games installed on the DSi. Otherwise you can't get them from eShop since it will force to you update before letting you access eShop.

    I don't think there's a way to inject a game over a different game like what we can do with the 3DS. The 3DS's TWL firm relied on the sig/ticket checks occurring in CTR mode. Once in TWL, TWL FIRM can only verify the RSA sig/crc of the header/arm7/arm9 sections. This effectively means that you only really need a valid ticket for a DSi game. You can replace the game itself on TWLN partition with any legit retail DSi SRL (NDS file with DSi extended header and extra stuff. Basically DSiWare) and it will still launch even without using CFW.

    But you can't (currently) create custom DSiWare or modify existing DSiWare (or use dev DSi titles like TwlNandFiler). TWL still have it's own sig checks. It's RSA type checks it does on certain sections of the DSi SRL and those haven't been patched out yet. :(

    DSi on the other hand does both the ticket verification and sig checks because obviously it's native DSi so it handles all of that at once. So probably no go on injecting games over existing ones unless they are the same game.
     
  15. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    I'm on `1.4.4 shit.
     
  16. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,609
    Nov 3, 2013
    United States
    We're actually currently working on some DSi hax right now which will allow dsiwarehax and downgrading on 1.4.5. It'll require physical NAND reading, similar 3DS nand mods. More news on that when it's ready.
     
    VinsCool, codezer0, WhoAmI? and 6 others like this.
  17. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    WHAT. This come outta fukin nowhere. "Physical Nand Reading" ANYONE WANNA TEACH ME SOLDERING?!
     
    Retro_Mod_Gamer likes this.
  18. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    Yes, go ahead =)
     
  19. OctopusRift
    OP

    OctopusRift GBATemp's Local Octopus, Open 9am-2am. "Not Yet"

    Member
    1,460
    832
    Nov 19, 2014
    Saint Kitts and Nevis
    1. How much access does it have?
    2. Does this require hardware mods?
    3. How can I help?
     
  20. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    Are you saying about my exploit ?