37C3 - Nintendo hacking 2023: 2008

Nintendo hacking 2023 explores the DSi's boot process, ARM7 and ARM9 CPU I/O access, and glitching techniques to bypass checks and execute custom code, providing insights into the console's hardware and security.

Key takeaways
  • The DSi’s boot ROM is loaded into SRAM, making it possible to execute code.
  • Glitching can be used to bypass the boot ROM’s checks and execute custom code.
  • The ARM7 CPU has access to all I/O, while the ARM9 CPU has access to only a subset of I/O.
  • The DSi’s boot process involves several stages, including the reset handler, the initialization of the touchscreen and sound, and the loading of the homebrew menu.
  • The ARM9 CPU’s boot ROM is different from the ARM7 CPU’s boot ROM, and requires a different approach to glitching.
  • The DSi’s boot ROM includes a hash check, which can be bypassed using glitching.
  • The ARM7 boot ROM is divided into three sections: the reset handler, the utility routines, and the memory mapping.
  • The ARM7 CPU has a RISC core with a write-through cache.
  • The DSi’s EMMC chip is used for storing and reading data from the game cartridge.
  • The DSI can be revived using a mod chip and custom code.
  • The 3DS’s boot ROM includes a hash check, which can be bypassed using glitching.

More talks

Game On: Web3's Impact on the Future of Gaming | Blockchain Futurist Conference 2024

37C3 - Breaking "DRM" in Polish trains

The Key to Remote Vehicle Control: Autonomous Driving Domain Controller

SAINTCON 2024 - Day 4 - Livestream

Web 3 Gaming: What it is and Why it Matters - Paul Gadi, JS GameDev Summit 2022

SAINTCON 2023 - Mike Spicer (d4rkm4tter) - PCAPinator

Coinbase Canada: The Next Go Deep Market | Fireside Chat at Blockchain Futurist Conference 2023

Competitive hacking as team sport: An introduction to Capture the Flag