fsebugoutzone.org:9999

       Post A7wQRhQ34ntDYsZ0HQ by pcy@icosahedron.website
 (DIR) More posts by pcy@icosahedron.website
 (DIR) Post #A56nVDcin2kHnE3d68 by pcy@icosahedron.website
       2021-03-11T18:03:39Z
       
       2 likes, 4 repeats
       
       We finally managed to dump the BootROM of the ARM7 core of the Nintendo DSi.Not much time has been spent on reversing it yet, but expect more to come in the following days/weeks/months.
       
 (DIR) Post #A56nVF7xCPK4SNg5Q0 by pcy@icosahedron.website
       2021-03-11T18:05:24Z
       
       1 likes, 0 repeats
       
       The sha256 of the raw dump is 12a03016ba07cfd874fc002df49a2c6eb2414eb7cfa395c2043035ec5e9193e8 , but this is probably unique to the device we have.Setting all crypto keys etc. (that we know of) to 0, the sha256 becomes 2d0039f0c9e1149df171839e65510bd8371be110198b8bdf1eb97a9cdb148158 . This one should be global.
       
 (DIR) Post #A56nVGirGgR9P7x4a0 by pcy@icosahedron.website
       2021-03-11T18:06:00Z
       
       0 likes, 0 repeats
       
       (this is of the full 64k dump btw, not just the upper 32k)
       
 (DIR) Post #A56nVI6e7j3jhC5aIS by pcy@icosahedron.website
       2021-03-11T18:08:03Z
       
       1 likes, 1 repeats
       
       This was achieved by:1. poisoning the undefined instruction handler of the ARM7 to make it point to our payload2. filling ALL of ARM7 (SoC-internal) WRAM with NOP sleds to our code3. rebooting the device4. right after it reboots, we inject an EMFI glitch which does the magic5. the ARM7 jumps to our code6. the payload then prints out the entire dump over I2C, which we then sniff out using a logic analyzer
       
 (DIR) Post #A56nVJVqtUoe3etEDw by pcy@icosahedron.website
       2021-03-11T18:08:43Z
       
       0 likes, 0 repeats
       
       I can&#39;t thank the people in the uni lab enough who have helped me with the physical setup of the attack during the entire process. They made this possible.
       
 (DIR) Post #A56nVL01MoXgfW0pt2 by pcy@icosahedron.website
       2021-03-11T18:12:08Z
       
       0 likes, 0 repeats
       
       &quot;Now, why only the ARM7 boot ROM and not the ARM9 one?&quot;, you might ask.The thing is, in the attack, we poisoned the exception vectors, which reside in SoC-internal WRAM for the ARM7.The ARM9 puts these in main RAM. Main RAM is disabled at reset (and disabled by the bus address decoder!), and only reenabled during the second boot stage, which resides in eMMC. Adapting the current attack to this situation is, not trivial to say the least. Therefore it is probably a better avenue to try to find software bugs in it, which we may be able to exploit from the ARM7 side.
       
 (DIR) Post #A56nVMT7u5PzE4datM by pcy@icosahedron.website
       2021-03-11T18:13:50Z
       
       0 likes, 0 repeats
       
       Also, a note on which exact areas have been zeroed out in the &quot;keyless/IDless&quot; dump:* 0x8188..0x8388* 0xb5d8..0xb618* 0xb618..0xcd60* 0xc6d0..0xd718* 0xd718..0xe760These values can already be extracted making a so-called &quot;Nocash enhanced dump&quot;, which reads these values from internal memory at boot-time (because the boot ROM leaks them there).
       
 (DIR) Post #A5BMn7UkVlHwZVKRyS by pcy@icosahedron.website
       2021-03-13T22:38:15Z
       
       1 likes, 1 repeats
       
       By now I (and a few others) have had a look at the ARM7 boot ROM code. There doesn&#39;t seem to be any obvious vulnerabilities in there.So to get the ARM9 boot ROM dumped as well, the way to go would probably be to replace the second-stage bootcode with our (encrypted) payload, have the ARM7 decrypt it, and, while the ARM9 is checking the signature, glitch it so that it somehow magically jumps to the payload.However, that&#39;d need lots of editing the eMMC, for testing multiple versions, as well as replacing these back with the official good ones (so that we can boot back into the test code). That is both not very practical (as it&#39;s a BGA chip on the PCB), and Nintendo used a pretty low-quality eMMC that wears out really quickly.Does anyone know of any device that&#39;s meant for pretending to be an eMMC? Otherwise we could emulate one using an FPGA from scratch-ish, but, if we can save some effort, that&#39;d be quite welcome.
       
 (DIR) Post #A7wQRfvWcnsavvH744 by pcy@icosahedron.website
       2021-03-11T18:32:06Z
       
       1 likes, 0 repeats
       
       And, to get some misunderstandings out of the way:Back when those huge Ninty source code leaks happened, press releases often claimed that this cointained the DSi boot ROMs as well.This is not true. It only contains the *second*-stage boot ROM, which can be read out trivially (it&#39;s in the eMMC).
       
 (DIR) Post #A7wQRhQ34ntDYsZ0HQ by pcy@icosahedron.website
       2021-03-11T19:26:17Z
       
       1 likes, 1 repeats
       
       Oh, and, if you&#39;re interested in how the software side of this looks, here&#39;s all the code that ran on the DSi for this: the payload, the payload installer, etc.:https://git.titandemo.org/PoroCYon/dsi-bios-payload