Homebrew Trying to hack DSi Camera

Coto

-
Member
Joined
Jun 4, 2010
Messages
2,979
Trophies
2
XP
2,564
Country
Chile
I didn't write any ROP. ROP is jumping to bits of code that were already there (so, for example, Launcher code that's loaded into memory.) and using it to form a "program" that does what you want. I've already outlined this, but you obviously didn't listen. I don't jump into any of launcher's code, I don't use anything but a single return. That's not programming with ROP, that's redirecting code execution. Huge difference. I use that single return that I control to jump into shellcode. This code is code I wrote directly, and I control all of it. I don't need ROP because I can just plain inject my code, then jump to it. Anyway, the meltdown and spectre link is hilarious; they're for sidechannel analysis, which has nothing to do with ROP. Linking to it as "evidence" that you're right just shows how little you know. Again, I did 0 ROP. I used shellcode. Learn the difference. Do a CTF, like microcorruption, to help yourself understand, because you clearly don't. Yes, you are spreading misinformation, you've spewed all kinds of gibberish that makes 0 sense all over this thread, then pointed to that and said "look, I'm right!" you can sit here and say all the things you want to make yourself look smart and right, but it doesn't actually make you either of those things. I really highly suggest doing some actual research rather than linking to unrelated articles, pulling in information from different architectures, and just plain ignoring information in my posts. It's all google-able, but you seem to want to seem smart rather than be right. In any case, I'm done with this waste of a time conversation.

cry me a river

NOTHING will change. I don't give a fuck if you are the best hacker of the world (u arent). I know very well the difference between MPU/MMU, and you do not seem to know these. Writing exploits is one thing (tip my hat for real exploiters), but if you can't acknowledge a system through MPU/MMU and what makes ROP code different
than, say stack smashing, stack pivoting). That STILL counts as ROP.

Time to ignore all these haxxorz.
 

FoxofGrey

Well-Known Member
Newcomer
Joined
Jul 1, 2016
Messages
92
Trophies
0
XP
386
Country
United States
cry me a river

NOTHING will change. I don't give a fuck if you are the best hacker of the world (u arent). I know very well the difference between MPU/MMU, and you do not seem to know these. Writing exploits is one thing (tip my hat for real exploiters), but if you can't acknowledge a system through MPU/MMU and what makes ROP code different
than, say stack smashing, stack pivoting). That STILL counts as ROP.

Time to ignore all these haxxorz.
While I have no knowledge on DSi hardware and software, I can tell you that when stuckpixel says something, you can assume that it'll be correct. If they say that the DSi has no OS, they are correct. If they say that their code has no ROP, just assume it does. This person has had some long-term experience within the homebrew scene, so there will be a tiny percentage that they get something incorrect.
 
  • Like
Reactions: plushifoxed

realWinterMute

Well-Known Member
Member
Joined
Feb 24, 2011
Messages
117
Trophies
1
XP
553
Country
cry me a river

NOTHING will change. I don't give a fuck if you are the best hacker of the world (u arent). I know very well the difference between MPU/MMU, and you do not seem to know these. Writing exploits is one thing (tip my hat for real exploiters), but if you can't acknowledge a system through MPU/MMU and what makes ROP code different
than, say stack smashing, stack pivoting). That STILL counts as ROP.

Time to ignore all these haxxorz.

Yet clearly you have no idea what ROP actually is nor the situations in which it's useful. @dark_samus3 is correct here, you're just digging yourself a bigger hole spreading misinformation and displaying your ignorance. It's you that should be ignored.

ROP is needed to bypass a mode of protection that the DS(i) doesn't have - when memory can be marked as non executable. It's the art of placing return addresses on the stack and executing code from the host application that already exists in executable memory because it's impossible to do it any other way.
 

ChampionLeake

NTR/TWL Exploiter
Member
Joined
Jan 19, 2016
Messages
209
Trophies
0
Age
25
XP
673
Country
United States
At least Wintermute and stuckpixel (who probably knows more than you or not idc) was here to explain some things (that you may not like) to you. Now you're basically insulting people who's views are different. It's not even worth talking to a person like you who's really acting a bit immature. Especially for stuff for clarification.

Started from me telling you something (that you obviously didn't like). Showing me your "background" (which was unnecessary) to,
  • Stating about correcting someone in a uncivil way (being defensive, no not "offensive")
  • Something random about not correcting someone on something they succeeded even if they don't which makes no sense. (You don't know others' successes nor do I)
  • "You said I did not know about your work, I know about your work, it's impressive." Where in this thread have I said that? And please quote it.
  • "don't come here saying ROP is not necessary for DSi related exploits, since ROP is like the base for exploitation." I can go anywhere I want and say what's on my mind and opinionate things. Plus devs actually debunked and backed up their claims where it's easier to just use shellcode 'stuckpixel'. Look at RocketLauncher. He clearly stated that while doing the exploit, he used 0 ROP. COming from an ARM7 exploit on the DSi. Explaining to you that the DSi doesn't
  • Wintermute himself who dedicated himself in researching the DSi (not saying you didn't) explained "ROP is needed to bypass a mode of protection that the DS(i) doesn't have".
  • To actually starting to attack Wintermute on something that's not related to the topic.
    What are you doing here? Still butthurt about the devkitarm DS homebrew migration?
    Sure i'll leave it up to "experts".
    DS scene is full of shit, no wonder why devs started moving on.

    Quite coward to come by here and try to negate everything told (not surprised at all, coming from wintermute) . Your comments aren't welcome here, because your fucking ill attitude is not worth for the community. Really. Get a life or something.
    If the DS Scene was "full of shit" why did you even bother coming to this thread. "Your comments aren't welcome here" Who even says that.
Look, we all have our own opinions. I said mine and you seemed to took it the wrong way. Either ROP is needed or not, these devs and myself, including you have given an argument either ROP is needed or not. Devs have given examples and even explained there is another simpler way to do things. We all have our own opinions. But there's a point where you don't actually start attacking each other even if you don't agree on something.

Things could've gone in a different direction. Hell, you could've said something like, "I don't agree on that subject since I see a different way of doing things in my way but we can talk about it and share our facts and opinions". To be honest, I think you didn't understand what I was trying to say to you really. So let me explain what I was trying convey to you.
  • "ROP is not needed for DSi exploitation." (I said this since from my exp. I didn't have to use ROP really [THANK GOD])
  • "And your examples are fine fo learning how to RE code but some of them are a bit unnecessary." This was meant to say, I wasn't really needed for DSi exploitation (dsiware wise). I said it was unnecessary since there where simpler ways of getting code execution on the DSi without ROP.
  • "I just suggest looking at CTurt's write on exploiting NDS games so you can get a better understanding since some of his methods were used to exploit dsiware." I was trying to actually let you look at an example how CTurt exploited NTR savegames without ROP to maybe give you a way to say like "OH! That's an interesting way of doing things without ROP". tbh, we could've had a laugh at this or talked about it.
Now that explained what I was REALLY trying to say to you, I hope you didn't take it as an insult for this whole thing to start. If you felt this was an attack on you, welp, sorry if it sounded weird to you. It could've went in a different way. I still think this was a misunderstanding that went wrong. There was no need for this to become a drama in a sense. I really hope you figure things out about what just happened and that there was no need to have an uproar about this.

You don't even have to believe me or anyone. I don't if you do or don't. What I care is having a civil conversation about things instead of a beefwar. I'e said my piece(peace) and now I'm just done with this subject and I'm moving on. No, I don't care if you were already done or not. This was just highly inappropriate to go about things.

EDIT: I deeply apologize that we (as devs [disregarding what division of tech we worked with, we're just devs no matter]) didn't actually have a pleasant discussion. I hope we learned something from this anyway and hope this doesn't happen again.
 
Last edited by ChampionLeake,

Coto

-
Member
Joined
Jun 4, 2010
Messages
2,979
Trophies
2
XP
2,564
Country
Chile
Well I kinda wanted to say that for a while

Whatever, to not derail this thread anymore. Exploitation takes several levels. Depending on the platform you might want to reach several techniques (most of them listed here). People usually go by reversing symbols (traced from the SDK, there is a symbol table that has all "calls") in memory, which then goes through a disassembler. And then look for bugs. And then a ROP gadget is set up.

Others use ROP hopefully to gain control blindly. The "terms" may vary from hacker to hacker but it's important to know the hardware well.
So I think the former is what u need to hack DSi software OP. If others use other workarounds, you will hear from them


edit:

https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/

there is a very basic buffer overflow example. ATM I am busy coding, but if I have free time I will port that exploit demo to DS.
 
Last edited by Coto,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, doesnt the game have a campaign mode?
  • BigOnYa @ BigOnYa:
    Yea, and co-op, but you can also start a pvp session and battle just with friends. You get special skill cards (powers) the more you play. And higher value cards, but you can only enable so many cards at a time.
  • K3Nv2 @ K3Nv2:
    If you can find enough for it
  • BigOnYa @ BigOnYa:
    Toilet paper is considered the money, you collect and buy stuff with TP, kinda funny. Graphics are def better than the other games tho, I think they used Unity 5 engine.
  • Psionic Roshambo @ Psionic Roshambo:
    Look if I zoom in enough I can see the herpes!!!
    +1
  • BigOnYa @ BigOnYa:
    In fact I'm gonna go make a drink, roll a fatty n play some, good night to all!
    +2
  • Xdqwerty @ Xdqwerty:
    I bet most people at the time still watched it in black and white
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Many of them did before colour television was common.
  • SylverReZ @ SylverReZ:
    Likely because black and white TV was in-expensive.
    +1
  • K3Nv2 @ K3Nv2:
    It certainly wasn't inexpensive it cost the same as a new car back then
  • K3Nv2 @ K3Nv2:
    How much did a 1965 color TV cost?

    For example, a 21-inch (diagonal) GE color television in 1965 had an advertised price of $499, which is equal to $4,724 in today's dollars, according to the federal government's inflation calculator.
    +1
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, take into consideration how economy was back then
  • K3Nv2 @ K3Nv2:
    Yeah that's why they listed inflation rates
  • Xdqwerty @ Xdqwerty:
    Sorry didnt read that part
  • BakerMan @ BakerMan:
    @LeoTCK don't worry i knew he was joking
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    My first color TV was like 1984 or something lol
  • Psionic Roshambo @ Psionic Roshambo:
    19 inches it was glorious lol
  • SylverReZ @ SylverReZ:
    @Psionic Roshambo, If it doesn't fit, you should've gotten one smaller lol
    +2
  • SylverReZ @ SylverReZ:
    If a racoon can fit up to 8-inches then so be it
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Lol it it fits I sit? Lol
    +1
  • SylverReZ @ SylverReZ:
    @Psionic Roshambo, Will it blend lol
    +1
  • Psionic Roshambo @ Psionic Roshambo:
    Blended families!!!
    Psionic Roshambo @ Psionic Roshambo: Blended families!!!