gbadev.org forum archive

This is a read-only mirror of the content originally found on forum.gbadev.org (now offline), salvaged from Wayback machine copies. A new forum can be found here.

OffTopic > Viruses Spyware - Can it affect the DS

#136455 - killers8 - Wed Aug 01, 2007 11:50 pm

Can viruses and spyware destroy a DS?

What are the odds that my system would be infected?

Is there any software that can block this stuff?

#136465 - tepples - Thu Aug 02, 2007 2:09 am

Viruses for Windows cannot "brick" (render useless) a DS because they use different computer architectures.

There exist two trojans that overwrite the DS firmware, called "taihen" and "r0mloader", but:
  1. They are not in the wild.
  2. Newer DS firmware flash chips, including all DS Lite flash chips, have better write protection.
  3. Even some popular Windows-based scanners can detect them.
  4. If you have a working SLOT-2 card, you can install FlashMe, which adds a failsafe that allows booting the card even if you catch one of these trojans.

In short: don't panic.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.

#136477 - Lynx - Thu Aug 02, 2007 5:01 am

tepples wrote:
If you have a working SLOT-2 card, you can install FlashMe, which adds a failsafe that allows booting the card even if you catch one of these trojans.


Uhh.. V8 doesn't support slot-1 devices?
_________________
NDS Homebrew Roms & Reviews

#136511 - wintermute - Thu Aug 02, 2007 12:56 pm

tepples wrote:

There exist two trojans that overwrite the DS firmware, called "taihen" and "r0mloader", but: [list=1][*]They are not in the wild.


Uh, yes they are. Both of them are "recognised" by several virus scanners and I had to modify devkitARM code to prevent *all* nds files being flagged as one of these.

Quote:

[*]Newer DS firmware flash chips, including all DS Lite flash chips, have better write protection.


Latest firmware is almost completely write protected so hopefully it's not an issue any more.

Quote:

[*]If you have a working SLOT-2 card, you can install FlashMe, which adds a failsafe that allows booting the card even if you catch one of these trojans.


Latest flashme runs just fine from Slot 1.
_________________
devkitPro - professional toolchains at amateur prices
devkitPro IRC support
Personal Blog

#136537 - sonny_jim - Thu Aug 02, 2007 6:19 pm

On a related topic, I ported http://www.clamav.net/ to DSLinux. It seems to work ok but it needs a trimmed down database as the standard one (main.cvd) is a little too big even for the 32MB RAM builds.

If anyone has any experience of working with ClamAV CVD files I could do with some help (specifically splitting them up).

#136604 - RegalSin - Fri Aug 03, 2007 3:53 am

A Virus is just a program that effects other programs.
_________________
Graphics Design Major currently enrolled in CUNY for a start in art world. A figure artist who can create people, babies, Aliens, animals, cowboys, beasties, warriors, cyborgs, monsters. I am limited by tools, refrence materials that is provided.

#136607 - jetboy - Fri Aug 03, 2007 5:12 am

RegalSin wrote:
A Virus is just a program that effects other programs.


According to your definition moonshell is a virus...
_________________
Colors! gallery -> http://colors.collectingsmiles.com
Any questions? Try http://colors.collectingsmiles.com/faq.php first, or official forums http://forum.brombra.net

#136637 - Lynx - Fri Aug 03, 2007 1:42 pm

Quote:
It seems to work ok but it needs a trimmed down database


Yeah, like a database with 2 definitions? Because there are only two currently out that effect the DS. No need to scan for anything else.
_________________
NDS Homebrew Roms & Reviews

#136665 - sonny_jim - Fri Aug 03, 2007 5:22 pm

Lynx wrote:

Yeah, like a database with 2 definitions? Because there are only two currently out that effect the DS. No need to scan for anything else.

I was thinking of having:

A tiny database that just checks for the DS brickers. I'll need copies of the brickers rather than just the MD5's so I can generate a hex value for it. Also you could use it inversely for checking whether files have been tampered with (Flashme etc).

The full database but split up into A-M virii and M-Z to stop it running out of memory

Having the full database is still useful IMO, as you could use it as a 'clean' platform to test specific files on your PC. To get the file across, you could either just copy it onto the media, use ftp or it would probably be pretty easy to knock up something for Boa (mini httpd) so you could 'submit' it to your DS for checking.

#136678 - killers8 - Fri Aug 03, 2007 8:10 pm

So I have nothing to worry about then. I don't need any software or any other stuff.

#138125 - laos - Mon Aug 20, 2007 2:07 am

Really none, The only Virus was made by DarkFader (Most likely paid off or from some bet since at the time DS owners were all high and mighty with 'We cant get viruses' after the PSP broke out) and was in taihen.zip and romloader.zip Like Tepples said. The programs are old and useless since they came out back in 05' or 06' and we have much better NDS software now.

Its very unlikely anyone will remake a virus or convert the viruses to new software (Even if they can get a hold of them) since its very useless. And at the same time, needs A LOT of work in order to be distributed and recieve eyesight. With very little, basically no gain

RegalSin wrote:
A Virus is just a program that effects other programs.


Wrong, VERY wrong. A Virus is a program that is made to cause damage to internal systems/processing (Meaning its aimed at the Operating System or Firmware of a system.) and often retain it utterly useless and a brick (Hence, bricking it)
_________________
laos,
In charge of Storyline: Tales of Dagur 2

#138165 - Lynx - Mon Aug 20, 2007 2:16 pm

laos, why don't you read the definition of a virus before you try to correct someone else? The Proof of Concept (PoC) that DarkFader created was a TROJAN, not a virus.

As for scanning.. Could you imagine what it would be like for the DS to run a full database scan? It's bad enough on a 2.8Ghz PC to run scanners.. forget about it on a DS.
_________________
NDS Homebrew Roms & Reviews

#138166 - sonny_jim - Mon Aug 20, 2007 2:48 pm

Lynx wrote:
It's bad enough on a 2.8Ghz PC to run scanners.. forget about it on a DS.


Using ClamAV with a 24MB daily.cvd, it took about 20-30 minutes to scan the 40byte (or thereabouts) EICAR test file.