Hacking Hacking DSi

[XxRoxaSoraxX]

I haz an idea on how to hack the DSi.

Okay so Sony says their PSP-3000 was hack-proof, but it was hacked by switching the PSP-2000's CPU, I was wondering if you could do the same thing to the DSi.

Cheers

 

[Holaitsme]

Ds is not psp.

If I am correct it should be the same processor.

 

[XxRoxaSoraxX]

No no no use the Ds-Lite's CPU to enable flashcarts on DSi

 

[Holaitsme]

They are pretty much identical in hardware terms, excluding the ram,camera,and sd slot.
I am too lazy to look it up so I might be wrong.

 

[XxRoxaSoraxX]

yea but there is SOMETHING that prevents the flashcarts.

 

[gosp]

They changed the security system. It doesn't have to do with reading from a certain area on the card any more.

 

[DarkRey]

hack the firmware and put a custom one which will enable flashcards *runs far away from ninty*

 

[shansoft]

there is a trick that I was thinking, but I never got a chance to test it since I dont have any toolkit a allow me to do it :S

here is my thought.

As a lot people know, the new NDS game have a special header, and that header seem to be the counter part for DSi to check if its a retail cart..

remember how R4 doesnt work with new game? that is the one I am talking about.....

also, remember last few weeks someone post the thread about the single-ROM cart ( not the retail one ) successfully boot on DSi?

That is because the cart's internal memory is a official ROM..

To do this, we simply put the Flashcart internal memory with a modify official ROM, which it has been inject the code to boot the flashcart OS...

The problem is that all the known flashcart out there cant do it..

in order to do this, we need a new type of flashcart that allow to rewrite flash cart BIOS....

 

[RaphaelDDL]

there is a trick that I was thinking, but I never got a chance to test it since I dont have any toolkit a allow me to do it :S

here is my thought.

As a lot people know, the new NDS game have a special header, and that header seem to be the counter part for DSi to check if its a retail cart..

remember how R4 doesnt work with new game? that is the one I am talking about.....

also, remember last few weeks someone post the thread about the single-ROM cart ( not the retail one ) successfully boot on DSi?

That is because the cart's internal memory is a official ROM..

To do this, we simply put the Flashcart internal memory with a modify official ROM, which it has been inject the code to boot the flashcart OS...

The problem is that all the known flashcart out there cant do it..

in order to do this, we need a new type of flashcart that allow to rewrite flash cart BIOS....

The idea isnt crazy at all.
I liked it

now we need toolz to do that

 

[Normmatt]

Your all stuck in the dark.

None of your ideas will work.

Reading the firmware while possible will only result in an encrypted dump (meaning it's useless until the encryption is cracked).

The new security checks do alot more than check the cart header, they check the rsa of the game which still hasn't and probably won't be cracked anytime soon.

There are atleast 3 flashcarts with rewritable flash roms, none of which are big enough for even the smallest commercial game.

While technically possible to replace files in the commercial games filesystem without the dsi saying it's corrupt, you'd need a new flashcart large enough to load this game and load some arbitrary code to boot your flashcart menu, not many if any ds games have any means of running code directly from their filesystem, you could cause buffer overflows but even then it'd be annoying to track down.

 

[MegamanDSi]

Hey Dudes Did You If you go to support.nintendo.com it says you can copy DSiWare Games to the SD Card So that means we can put them back on the
system so instead of CFW We Should Use Homebrew apps Like A NES Emulator or A Snes Emulator Or A NDS Backup Launcher But The Games are on the SD Card
So It Says Searching for the SD Card.

 

[anaxs]

so your saying that u can get dsi ware on the computer and put it in a dsi and it will work....first of all where do u get dsi ware on the computer

 

[Sychophantom]

so your saying that u can get dsi ware on the computer and put it in a dsi and it will work....first of all where do u get dsi ware on the computer

That would be easy enough. Put the DSiWare on the SD card, and pop the card into your computer.


However, unless someone can crack the encryption on it, it'd likely be gibberish.

 

[Narin]

DSiWare is digitally signed and encrypted so it will only work on the DSi that downloaded it. SO you can't take DSiWare from someone else and play them, you have to download them yourself.

 

[nerboking]

hmm, the DS Lite actually has two processors, Arm7 and Arm9. The DSi has just one ARM processor that's faster than the last two combined...

So switching out the hardware already sounds hard...

 

[fgghjjkll]

DSiWare is digitally signed and encrypted so it will only work on the DSi that downloaded it. SO you can't take DSiWare from someone else and play them, you have to download them yourself.

why dont we hex edit the rom and change the signiture and encrypted code to what matches the dsi you own....
of course..ummm.....we dont know how our dsi signs and encrypts it.....

 

[Kingfield]

DSiWare is digitally signed and encrypted so it will only work on the DSi that downloaded it. SO you can't take DSiWare from someone else and play them, you have to download them yourself.

why dont we hex edit the rom and change the signiture and encrypted code to what matches the dsi you own....
of course..ummm.....we dont know how our dsi signs and encrypts it.....

That's how WiiWare was before, It'll get cracked, just give it some time. Might take ages though.

 

[FAST6191]

OK basic cryptography, most asymmetric cryptography (including semiprime based which I believe the DSi uses and elliptical encryption) works on the principle that you can not easily factor a large number. Have a read
http://mathcircle.berkeley.edu/BMC3/rsa/node4.html

This is what people try to factor when they try to break RSA encryption.

The only reason the wii was done was because Nintendo borked the check incredibly badly to the point where we can reasonably forge a signature so that the wii accepts it, the wii signatures we make will not stand up against a proper check (which was implemented in later versions). If they have done it correctly (which is not that hard to do) then we can not break it.
More on the wii stuff:
http://hackmii.com/2008/04/keys-keys-keys/
Ignore the wikipedia links and do real search though, wikipedia is not very good for encryption.

 

[MF_DarkMike]

OK basic cryptography, most asymmetric cryptography (including semiprime based which I believe the DSi uses and elliptical encryption) works on the principle that you can not easily factor a large number.
This is what people try to factor when they try to break RSA encryption.

The only reason the wii was done was because Nintendo borked the check incredibly badly to the point where we can reasonably forge a signature so that the wii accepts it, the wii signatures we make will not stand up against a proper check (which was implemented in later versions). If they have done it correctly (which is not that hard to do) then we can not break it.

Yes, all of that stuff seems true enough, and that the guys in Nintendork really know how to put the security they need in order to rip people off of their money. Well, here's my idea, why not create a custom NDS ROM-based Homebrew that patches the firmware to C1.0.0U/E/J or something like that?

The "C" could be labeled as "Custom", and I think what you can do to the RSA encryption is write some code that will actually log information in the SD Card, but I'm tossing out suggestions. Apparently, this security nonsense simply makes us not want to buy the console; not because it's got new flashy gizmos on it, but because RSA is impossible to circumvent in this case. Though, we are not as protected as FlashMe is with the DS Lite and past consoles, and when it comes to System Bricks, which will come in the future, it will soon render the DSi to be "unusable".

So in order to keep up the intergity of Homebrew, stay away from the DSi if it becomes too impossible to hack into. In other words, don't buy it, which is what I did. Though this is a random rant, I am pleading you to not buy such trash as this! I apologize, but this must be heard across the boards. -.-

 

[wchill]

What we could try doing is do a DSiCrack@Home project where we all muster together the power of our computers to crack the encryption.
Then again, when it comes to encryption, I don't know much about RSA, so maybe that won't work.