Running Nintendo DS Unsigned Code With Audio

Even if you haven’t ripped off the top screen of your original DS to create an even better Game Boy Advance yet, there still might be some life left in that old bit of hardware. [Smea] is running unsigned code on the Nintendo DS, using only a bargain-bin game and an audio file.

The exploit this time comes in a form that might be familiar to anyone who has ever installed the homebrew channel on a Wii. Like SmashStack, this exploit uses a level editor/transfer feature in a game, this time with a 6 year old DS game Bangai-O Spirits.

[smea] is using the sound-based level transfer feature to load unsigned code into the DS. This level-transfer feature works by sending a single period sine wave at 1024Hz with a given amplitude; a binary 1 is a few dB louder than a binary 0, and with a buffer overrun it’s possible to load code into a DS and jump into that code. There’s no redundancy, error correction, and is not the thing you want when loading unsigned code onto a DS. It does, however, work.

The code to generate the audio payload for this exploit is available on github and if you have a copy of Bangai-O Spirits, you can try it out for yourself by playing this file (headphone warning).

Thanks [gudenau] for the tip

Continue reading “Running Nintendo DS Unsigned Code With Audio”

Run unsigned code on any xbox

A ton of people sent in the latest development on the Xbox homebrew front. A console hacker that goes by the name of [GliGli] released a new exploit that boots any Xbox into a Linux loader.

The hack requires some hardware – in this case an Xilinx CLPD. The hack works by sending a tiny reset pulse (no word on what ‘tiny’ means) that glitches the hardware and gets around the hash checks during boot. If that’s not technical enough for you, check out the readme on the project’s github.

This isn’t a silver bullet to cracking Xboxen wide open. The glitch only has about a 25% chance of success for each boot. The glitch also take a few minutes to boot into unsigned code. This being said, the hack works on all 360s, including the slim models that can’t be opened up with the JTAG method.

Check out the demo of one of the beta testers demonstrating the exploit after the break. Again, thanks to everyone for sending this one in.

Continue reading “Run unsigned code on any xbox”