#69255 - crudhacker - Sun Jan 29, 2006 5:19 pm
Ok as far as the RSA encryption on the DS goes it seems nobody has figured out the private key to run homebrew on a unmodified DS. Seems like we've found every other way to run homebrew on the DS, passme flashme wifime. One thing that bothers me on wifime, when you send wifime to the DS how does it pass the RSA encryption? How can it do that when it was never signed by nintendo? Its like the only program that does that.
_________________
MKDS friend code-
051599-251600
PM me so i can add u
crack this encrypted message-
BNSRIAYTNEDCLTFJQEZGNWDXHO
key- skip first letter then skip 2,3 till 4 then go back down
#69276 - HyperHacker - Sun Jan 29, 2006 7:21 pm
It doesn't pass the encryption, it bypasses it. The v1-v3 firmware stores the start address outside of the encrypted part. By sending data which is signed by Nintendo (Mario 64's wireless boot code), and modifying the start addresses (plus putting some small bits of code in unused parts of the header, which is also unencrypted), it won't cause it to fail the RSA check, and the DS will simply jump to those addresses.
#69298 - crudhacker - Sun Jan 29, 2006 9:16 pm
| HyperHacker wrote: |
| It doesn't pass the encryption, it bypasses it. The v1-v3 firmware stores the start address outside of the encrypted part. By sending data which is signed by Nintendo (Mario 64's wireless boot code), and modifying the start addresses (plus putting some small bits of code in unused parts of the header, which is also unencrypted), it won't cause it to fail the RSA check, and the DS will simply jump to those addresses. |
so theoretically if this is true, could it be possible to use the header (Mario 64's wireless boot code) to pass the RSA and make homebrew run on the DS?
_________________
MKDS friend code-
051599-251600
PM me so i can add u
crack this encrypted message-
BNSRIAYTNEDCLTFJQEZGNWDXHO
key- skip first letter then skip 2,3 till 4 then go back down
#69300 - tepples - Sun Jan 29, 2006 9:42 pm
crudhacker: You're talking about ItsaMe, right? It's possible, but nobody seems to want to investigate it further.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#69313 - crudhacker - Sun Jan 29, 2006 11:49 pm
| tepples wrote: |
| crudhacker: You're talking about ItsaMe, right? It's possible, but nobody seems to want to investigate it further. |
Ya i've heard of that somewhere on the forums. I can't see why nobody would go into in further. I "would" get it done, I have the time but... someone would have to tell me what to do... my knowledge on programing is zip.
_________________
MKDS friend code-
051599-251600
PM me so i can add u
crack this encrypted message-
BNSRIAYTNEDCLTFJQEZGNWDXHO
key- skip first letter then skip 2,3 till 4 then go back down
#69329 - juhees - Mon Jan 30, 2006 2:15 am
| crudhacker wrote: |
| Ya i've heard of that somewhere on the forums. I can't see why nobody would go into in further. |
Howto make a wifime2 (afaik):
0. write a wmb server, that can send the multiplayer part of game + data
1. pick game, that sends a multiplayer game+data and dump it
2. figure out what this data is exactly (for example, a game level)
3. figure out, how it gets loaded from the game
4. try to find a possible buffer overflow
5. if there is one: try to make an exploid, that runs own code (which is part of the data and then starts code from the gba slot)
if there is no overflow -> goto 4, if there are no more parts of the data to check, goto 1
Thats not an easy task and can take very long if can't find a good (say: buggy) game...
If the DS lite has no easy way to get flashed and normal passmes won't work, this will become an interesting way to go, but as long as there are easier ways, i woudn't waste my time on that.
#73181 - crudhacker - Thu Feb 23, 2006 8:38 pm
ok just as another question, which part of a .nds file has to be RSA checked? Is is only the header or is it some other part? someone anwser so i can put this behind me
_________________
MKDS friend code-
051599-251600
PM me so i can add u
crack this encrypted message-
BNSRIAYTNEDCLTFJQEZGNWDXHO
key- skip first letter then skip 2,3 till 4 then go back down