WiFiMe
From Wikipedia, the free encyclopedia
WiFiMe is a special program sent to the DS using Wireless Multi Boot to trick the Nintendo DS into running unsigned code. This hack allows homebrew software to be run from a GBA flash cartridge.
WiFiMe only works with DS versions 1 to 3. Newer versions require different methods.
[edit] How It Works
WifiMe exploits a flaw in the firmware's DS Download Play feature. Download Play executables contain an RSA digital signature which prevents unofficial programs from being executed. However, the executable's header is excluded from the signature check and can thus be modified freely. WifiMe sends an officially signed executable, modifying its header. The program entry point (part of the header) is changed to point to the GBA slot. Since the header is excluded from the signature check, the firmware will accept the program and begin execution of whatever code is present on the GBA cartridge.
As of firmware version 4, the header is now included in the signature check, rendering this exploit useless. There is speculation that a WifiMe2 could be created. The idea is that most Download Play executables are very small and act as a second-stage loader, requesting more data from the host. It may be possible to send the unmodified loader (which would pass the signature check), then send it malformed packets to overflow buffers and take control of the system. However, little work has been done in finding such an exploit, as there are already many homebrew methods available.
[edit] See also
[edit] External links
|
|
---|---|
Storage devices | GBA flash cartridge · GBA Movie Player · DSLink |
Booting tools | FlashMe · NoPass · PassMe · WiFiMe |
Homebrew programming | Moonshell · DSLinux · libnds · PAlib |