Toggle sidebar

Homebrew Idea: SSL exploit, Flipnote, and the DSi system updater

  • Thread starter Thread starter Deleted User
  • Start date Start date
  • Views Views 4,163
  • Replies Replies 18
  • Likes Likes 8
D

Deleted User

Guest
Is the DSI's updater XML/SOAP request signature not checked apart from HTTPS/the installed title signatures?
If it is NOT, could we use the SSL constraint exploit to add Flipnote studio as an "updated title" and install it without the shop? Because it would be the untouched tmd/ticket/app it wouldn't fail the "inner" sig check
 
  • Like
Reactions: ry755, Hiccup, Sha8q and 5 others
I was trying to find more information about the update requests and, hilariously, the #1 hit on Google for "dsi updater soap" is this literal thread
 
  • Like
Reactions: banjo2
edo9300 said:
There's shutterbug that is already working on an exploit using the SSL flaw
Click to expand...
That's different from this though. Shutter's flaw is to run code to install unlaunch whenever any DSi app connects to the network, this is trying to use the system update feature to install Flipnote Studio, which we can exploit.
 
  • Like
Reactions: bendevnull, Hiccup and Deleted User
SCOTT0852 said:
That's different from this though. Shutter's flaw is to run code to install unlaunch whenever any DSi app connects to the network, this is trying to use the system update feature to install Flipnote Studio, which we can exploit.
Click to expand...
This, if it works, would also be an order of magnitude easier to actually make.
 
Had this idea, instead of downloading an exploitable dsiware, once you can download anything you want, you should be able to directly install an homebrew that let's you mod the ds without performing any exploit
 
edo9300 said:
Had this idea, instead of downloading an exploitable dsiware, once you can download anything you want, you should be able to directly install an homebrew that let's you mod the ds without performing any exploit
Click to expand...
That is not possible.

The updater downloads a list of official, signed titles and installs them. HOWEVER, that list can be edited to include anything that is/was free on the eShop (like Flipnote and the browser, and maybe 4SAE). Not just any code from anywhere
 
parrotgeek1 said:
That is not possible.

The updater downloads a list of official, signed titles and installs them. HOWEVER, that list can be edited to include anything that is/was free on the eShop (like Flipnote and the browser, and maybe 4SAE). Not just any code from anywhere
Click to expand...
Okie. Now how do you propose we edit this list?
 
This point is really interesting. I have been reading a lot about DNS Spoofing, and knowing that now we can bypass SSL, we should have acces to the updater tool.
Nevertheless, this will require reverse engineering. Tools like wireshark may help a lot.
 
hello all (^_^)
b0br here
I'm new

its there a rogue app store? can we run a httpdssl server, dns resolve locally, recreate the shop and put up our own downloads then?
 
gudenau said:
Would be really cool if that would work. Imagine managing to make it so the DSi could install homebrew from the eShop as though it was signed.
Click to expand...
It's possible if you were to delete the old eShop and make a patched one without RSA checks, but not directly without unlaunch
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Tutorial  Build DSi NAND from scratch

Homebrew app  A-Pix DS 0.4 – Pixel art editor for Nintendo DS/DSi!

Hardware Misc  JIS or Phillips: What to use on a DSi?

If someone is interested in something, let me know :)

Pokemon White

Hardware  After teardown nintendo dsi doesn't fit in its housing

Hacking  Save File corruptes:(

using the ds's mic as a practical one?