Even if you haven’t ripped off the top screen of your original DS to create an even better Game Boy Advance yet, there still might be some life left in that old bit of hardware. [Smea] is running unsigned code on the Nintendo DS, using only a bargain-bin game and an audio file.
The exploit this time comes in a form that might be familiar to anyone who has ever installed the homebrew channel on a Wii. Like SmashStack, this exploit uses a level editor/transfer feature in a game, this time with a 6 year old DS game Bangai-O Spirits.
[smea] is using the sound-based level transfer feature to load unsigned code into the DS. This level-transfer feature works by sending a single period sine wave at 1024Hz with a given amplitude; a binary 1 is a few dB louder than a binary 0, and with a buffer overrun it’s possible to load code into a DS and jump into that code. There’s no redundancy, error correction, and is not the thing you want when loading unsigned code onto a DS. It does, however, work.
The code to generate the audio payload for this exploit is available on github and if you have a copy of Bangai-O Spirits, you can try it out for yourself by playing this file (headphone warning).
Thanks [gudenau] for the tip
next thing you know they’ll be whistling nuclear launch codes into pay phones.
That was used by the prosecuting lawyer in Kevin Mitnick’s federal case.
I submited a tip for this… No credit?
there is now
Finder’s fees would be nice.
Just the tip?
I recall that game, that level transfer was a trial and a half to get working, the intention I think was to have people line out the audio to a computer, save as an mp3 and upload to youtube to be played back. You Tubes audio compression more or less killed that that possibility dead…
The game did level transfers by audio? Strange.. why didn’t the designers use wifi instead? First time I see this sort of thing done this way
So you could use a PC to transfer and save levels.