modchip new dsi console

In an intervention at this year’s Chaos Communication Congress, the PoroCYon hacker illustrated a process for extracting DSi’s ROM boots, presenting new jailbreaks and offering an innovative solution to restore worn consoles with worn NAND eMMC chips.

The DSì console is the direct successor to the DS, performs practically the same games, but also features cameras, a web browser and other advanced features.

The DS console introduced an encryption technique known as symmetric encryption, but this led to security issues with flash cards.

To get around this issue, the DSi adopted public key encryption. The console was examined by various researchers, but the real breakthrough came with the release of the boot code for the DSi.

However, this method involves changes to the EMMC, which can damage the console. The replacement of the EMMC chip might seem like a solution, but the problem is that the unique identifications of each chip are used for the keys.

The DSi has two ARM CPUs, the ARM9 and the ARM7, with different functions. Communications take place via a 5o interface, share a PSR memory and have access to WRAM, which is divided into physical blocks that are dynamically assigned to CPUs.

The console boot involves the SoC with both CPUs, boot ROMs, and security tests.

The AES engine, for example, in the DSi is the non-volatile memory MMC, and there is also the DAM, the first thing you start when you turn on the DSi is the boot ROM that is in masrom.

Charge the second boot stage from rough MMC blocks and send it to the AES engine which, once decrypted, is loaded into the SRAM.

The second stage is then started and loads the system menu from the FAT file system, decrypts it and loads it into the DRAM. The system menu starts to run and this is actually the first step that turns on the screens and shows the boot logo.

Next, the system menu can start the game from a game cartridge or perhaps from emmc, which is then loaded into the RAM.

Before the system menu actually passes to the game code, it will apply what is called the S configuration logs.

These are used to turn off some parts of the hardware and cannot be reactivated until the console is reset.

This is done because there is no operating system or hypervisor within the DSi, so it is the only way to ensure that when a game is running from a cartridge, it does not have access to the MMC to corrupt it or do other evil things.

Of course, the 3DS console is not entirely irrelevant; it has a backwards compatible mode to run DS and DSi games. The interesting thing is that instead of running a software emulator, the hardware of the 3DS reconfigures itself and begins to pretend to be a DSi.

This transition is implemented in the low-level firmware. When you start a DSi game on the 3DS, it actually turns off the operating system of the 3DS and starts a low-level firmware that makes the mode transition, and the first stage that runs in DSi mode is exactly the same as the standard DSi.

Of course, being loaded into the SRAM, you can’t read it with a tool like Scanlime’s Ram Tracer, but thanks to the information leaked from the firmware of the 3DS, you can now read all the code and find vulnerabilities.

This led to the birth of Unlaunch. Basically, if the emmc is damaged, the console is unusable, and everything that is interesting and already hacked takes place after the signature check, which means that any hack already published for the DSi will not help you and you will still have an unusable console.

To fix this problem, you need to find a way to run code very early. So far no one has gotten bootrom, at least not until today, and trying to find the vulnerability in this way is difficult.

It was necessary to find a way to get bootrom, and the 3DS has this interesting function where you can extract bootrom using frequency injection (F injection), and this also works on the DSi.

All the repositories of the project are online, these contain slides, firmware, payloads and detailed guides for the installation and use of the modchip.

Caution: Installation of the modchip requires handling small SMT components. If you have never welded with the flux and t-tr us, do not attempt to install this modchip.

The guide is not suitable for absolute beginners, if you are going to simply run custom software on the DSi, consider this guide instead.

Source: fahrplan.events.ccc.de

Leave a Comment

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

0
    0
    Giỏ game
    Giỏ game trốngTrở lại trang
    Scroll to Top