37C3 - Nintendo hacking 2023: 2008

preview_player
Показать описание

Finishing off the Nintendo DSi

Over the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.

This presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.

This presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.

PoroCYon

#37c3 #Security
  1. media.ccc.de
  2. 2023
  3. 37C3
  4. 37c3
  5. 37c3 eng
  6. 37c3 ov
Рекомендации по теме
37C3 - Nintendo 0:42:27

37C3 - Nintendo hacking 2023: 2008

37C3 Nintendo Hacking 0:41:37

37C3 Nintendo Hacking 2023: 2008 - PoroCYon: Finishing off the Nintendo DSi

BREAKING FLASHNews: R4/Flashkarte 0:07:58

BREAKING FLASHNews: R4/Flashkarte für Switch angekündigt, GTA V Quellcode öffentlich [Deutsch|HD]

Комментарии
Автор

That's basically black voodoo! Amazing to look at the entire history of reverse-engineering! Great work.

mikamika
Автор

Amazing work! How neat that a leak in the 3DS contributed to hacking the older DSi. Also, it's interesting to see all these voltage glitches and similar, that definitely feels like magic!

Kyuubi
Автор

Nice explanations and good demonstration. Fyi the sha1 chain appears very similar to the Wii disc authentication with the layering.

welshworrier
Автор

The run down of the DSi hacking history was a bit fast, starting from Failoverflow to shutterbug2000 and the many years of desert, but that makes sense given the time constraints; it could be a talk of its own given the amount of drama... (Fuck WinterMute)
One more glitching modchip! :D
Good thing at least that the emu devs have full bootrom now, didn't think there would be so much interest in it at this point.
Would have loved to get a TWLboot cartridge but heh, rp2040 are cheap as dirt.
Thankfully the DSi scene has been still active...
End of an era, following this scene was very formative and inspiring for me.
Now someone should glitch the other older consoles.

Valeryp
Автор

Well done, cat and PoroCYon.
Thanx for sharing the research and the video!:)

dieSpinnt
Автор

Wow the talk was amazing. And what an achievement for the field. And PoroCYon is a true code mage! We'll hear a lot from them in the coming years I hope. Even if their solution went so far above my head they might have been the ISS, I wouldn't even know - I'm already looking forward to the next talk.

MrMilarepa
Автор

peeps clapped for the _plan_ of how to go about extracting the roms, and then silence for the actual results

SadeN_
Автор

Nice talk, but too many visualizations, that was hella confusing.

I also like how she asks for help in the end with no contact data or repo link provided ;)

If you read this, please connect /w me

justhxor
Автор

Impressive work, I don't understand even a half of it, but still impressive!

akf
Автор

This guy is a genius - Mr Nintendo preparing the next lawsuit 😢

therealfox