37C3 - Nintendo hacking 2023: 2008

Nintendo hacking 2023 explores the DSi's boot process, ARM7 and ARM9 CPU I/O access, and glitching techniques to bypass checks and execute custom code, providing insights into the console's hardware and security.

Key takeaways
  • The DSi’s boot ROM is loaded into SRAM, making it possible to execute code.
  • Glitching can be used to bypass the boot ROM’s checks and execute custom code.
  • The ARM7 CPU has access to all I/O, while the ARM9 CPU has access to only a subset of I/O.
  • The DSi’s boot process involves several stages, including the reset handler, the initialization of the touchscreen and sound, and the loading of the homebrew menu.
  • The ARM9 CPU’s boot ROM is different from the ARM7 CPU’s boot ROM, and requires a different approach to glitching.
  • The DSi’s boot ROM includes a hash check, which can be bypassed using glitching.
  • The ARM7 boot ROM is divided into three sections: the reset handler, the utility routines, and the memory mapping.
  • The ARM7 CPU has a RISC core with a write-through cache.
  • The DSi’s EMMC chip is used for storing and reading data from the game cartridge.
  • The DSI can be revived using a mod chip and custom code.
  • The 3DS’s boot ROM includes a hash check, which can be bypassed using glitching.

More talks

SAINTCON Hallway - Joe Grand

XMPP Stanza Smuggling or How I Hacked Zoom

SAINTCON 2016 - Michael Spicer (d4rkm4tter) - WiFi Surveillance at DEF CON 24

Large-Scale Distributed Virtual World Systems

Empowering the Gaming Frontier: Microtransactions with Lightning Network by Luca Vajani

Has My IoT Device Been Hacked? Establishing Trust w/ Remote Attestation • Edlira Dushku • GOTO 2023

Exploring the Potential of Blockchain: Separating Fact from Fiction. Moderated by Reinis Znotiņš

37C3 - Apple's iPhone 15: Under the C