Breaking Into The Nintendo DSi Through The (Browser) Window

March 13, 2023 by Matthew Carlson 9 Comments

The Nintendo DSi was surpassed by newer and better handhelds many years ago, but that doesn’t stop people like [Nathan Farlow] from attempting to break into the old abandoned house through a rather unexpected place: the (browser) window.

When the Nintendo DSi was released in 2008, one of its notable features was a built-in version of the Opera 9.50 web browser. [Nathan] reasoned an exploit in this browser would be an ideal entry point, as there’s no OS or kernel to get past — once you get execution, you control the system. To put this plan into action, he put together two great ideas. First he used the WebKit layout tests to get the browser into weird edge cases, and then tracked down an Windows build of Opera 9.50 that he could run on his system under WINE. This allowed him to identify the use-after-free bugs that he was looking for.

Now that he had an address to jump to, he just had to get his code into the right spot. For this he employed what’s known as a NOP sled; basically a long list of commands that do nothing, which if jumped into, will slide into his exploit code. In modern browsers a good way to allocate a chunk of memory and fill it would be a Float32Array, but since this is a 2008 browser, a smattering of RGBA canvases will do.

The actual payload is designed to execute a boot.nds file from the SD card, such as a homebrew launcher. If you want to give it a shot on your own DSi, all you need to do is point the system’s browser to stylehax.net.

If you’re looking for a more exotic way to crack into a DSi, perhaps this EM glitching attack might tickle your fancy?

Continue reading “Breaking Into The Nintendo DSi Through The (Browser) Window” →

Nintendo DSi Teardown

April 7, 2009 by Eliot 27 Comments

dsiteardown

Now that the Nintendo DSi has been officially released in the US, the team at iFixit has worked their magic. That magic being: completely disassembling it. They found the new 840mAh battery to be much smaller than the DS Lite’s 1000mAh. The device features two cameras, but both are a paltry 0.3megapixels. They note that this is the first Nintendo device that they’ve taken apart that didn’t require a tri-wing screwdriver.

Many more DSi compatible flash carts are available now than our initial report in December, so you can pick up a Nintendo DSi for homebrew without worry.

[via iFixit blog]

Nintendo DSi Gets Its First Flash Cart

December 3, 2008 by Eliot 41 Comments

ak2i_power_on

A month ago, we reported that Nintendo’s new DSi portable didn’t work with any of the current crop of flash cartridges. Things didn’t look good for homebrew. Here we are a month later and looking at the release of the Acekard 2i. It’s the first DSi compatible flash cartridge. The features appear to be identical to previous versions and we expect other manufactures will be updating their product lines in short order. You can find a video of the Acekard 2i after the break.

These carts may exist because of pirates, but we happily use them for homebrew. There are a lot of great programs out there; here’s a list of 24 apps that are dedicated to music creation. You can run Linux on it too. It’s as easy as copying a file to a flash drive. If you have a DS and aren’t using homebrew, you’re wasting it. We’ll be picking up a DSi as soon as they’re in the US (they’re region locked).

Continue reading “Nintendo DSi Gets Its First Flash Cart” →

Nintendo DSi Teardown

November 8, 2008 by Eliot 16 Comments

dsi_teardown

[bunnie] managed to pick up a Nintendo DSi while in Japan. It seems he had the device running less than an hour before he tore it down for an impromptu hotel photoshoot. There’s nothing too surprising and he mentions that the CPU certainly feels more capable than the previous model, which may explain the shorter battery life. The ARM processor sits under an RF shield directly below the WiFi card. The best photo is the top side of the board with every single debug point labeled in plain English on the silkscreen. We’re sure that’ll help with the development of new homebrew hardware.

[bunnie] has posted some interesting teardowns in the past. Have a look at his Sony XEL-1 teardown to see the inner workings of an OLED TV.

No Nintendo DSi Homebrew

November 3, 2008 by Eliot 44 Comments

The latest version of the Nintendo DS, the DSi, has officially launched in Japan. It features larger dual touchscreens, dual cameras, and an SD card slot. The members of GBAtemp.net have decided to tackle the most important question: will it run homebrew? Current DS systems just need a purpose built flash cartridge to load homebrew software (usually stored on MicroSD). Forum members have tested at least 10 different flash carts, and none of them worked. While not completely exhaustive it’s proof enough to us that current generation carts will not work. We hope this is something that can patched with a new firmware. Most carts load their firmware off the flash, so upgrades are easy. The blocking of homebrew maybe a side-effect of Nintendo’s announced region-locking on the DSi.

We hope this gets sorted out soon. Maybe we’ll see hackers figure out how to take advantage of the SD slot instead. If you’ve got a Nintendo DS, there’s no excuse not to be playing with homebrew. It’s as easy as copying files to a card. We’ve had success with the DSTT, which you can find on DealExtreme for just $10.

[via Gizmodo]