Search

[Altor]

This paragraph is all theory, but it would make sense: by "regular" cartridge, I mean a cartridge that does not have the Nintendo Wi-Fi Connection bios update built into it.

BIOS-update? What?

The only thing that WFC games write to the DS firmware is your Wi-Fi connection info; this is why Flashme had to be rearranged when Mario Kart came out, as it was writing to part of the firmware that was previously reserved for those settings, unbeknownst to the homebrew community, who also used it for Flashme.

Long story short: If you've played (or download-played) any WFC game, you have a section of your firmware set up for storing connection settings. If you have any version of Flashme that is 5 or higher, those settings will safely coexist with Flashme.

"DS firmware" = "bios".  Same idea, maybe I should've said firmware to be more clear.  I use bios because it's the same thing from a PC user's point of view - the most low-level system configuration.

The software uses the bios to talk to the hardware in some cases.  Bios typically include things like clock rate (for overclocking), and other low-level system settings.  In the DS's case, firmware settings are more like screen brightness, user name, birthday, color preference, time/date/alarm settings, etc.  This is how you can set a default brightness setting which Moonshell can use, for instance.  However, note that programs cannot write to the bios without authentication or anti-authentication.  LoveLite for instance, a utility used to control the DS lite's brightness setting, actually writes to the system's bios/firmware.

My point was that WFC games can in fact write to your firmware/bios/whatever.  And if one piece of software can write to it, another piece of software can be made to write to it, such as the DS browser.

Only Nintendo's in-house studios have ever released a game with the WFC firmware update AFAIK.  So it stands to reason that more things can be maliciously added to the firmware with the appropriate authentication (which as I outlined, is almost impossible or at least very unlikely), or with a passthrough device which eliminates the authentication altogether, such as passme hardware or flashme firmware.

So, a person with flasme could *theoretically* have a slightly higher probability that their DS gets hacked/virused by some hypothetical malicious internet site accessible through the upgraded DS browser.

That's all dependent on whether or not Nintendo has left a "back door" into the DS available for future patching via internet connection.  They're smart and probably would've seen that there was a strong possibility the DS would be highly successful and internet-download features would be in great demand.

Consider, they had the first Wifi game in development basically the moment the DS came off the drawing board.  Mario Kart DS didn't just spring up overnight in a playable E3 build that one year.  So they knew that the DS would use their wifi connection service, and it can be assumed that they'd be bright enough to realize that a web browser would be a great companion to the DS.

Sorry if this is making little sense, I had 4 hours sleep last night and just worked a 16 hour shift...  I'll sum up:

A virus:
-Is not bloodly likely to be able to attack the DS
-Still not bloody likely even if you've flashme'd, but maybe 0.01% more likely since the authentication routine has been removed
-Would depend on about a dozen hypothetical (but technically possible and even likely) Nintendo backdoor which they designed into the DS to allow for future internet-based firmware/bios patching
-Is otherwise "impossible" from a technical standpoint, since there's nothing to infect

The Bios/Firmware:
-Is the only possible target for a virus to attack
-Is immune to attack unless its authentication is deactivated through the use of a passme or flashme firmware
-Can be written to normally by authenticated software but the DS browser, assuming it even has this hypothetical bios/firmware patching ability, will need a website to prove somehow that it is, in fact, a legitimate Nintendo site

The DS's wifi connection is not always "hardware encrypted" for lack of a better term.  I mean, using WEP/WPA encryption to prevent man-in-the-middle attacks from people who "listen" to your internet transmission.  So if this was done on purpose and the packets were copied to a computer while they were transmitted to the DS, there is a possibility the authentication sequence could be stolen and used maliciously.  As far as I know, current versions of the DS browser lack the ability to perform "software encrypted" transmission, like traditional secure HTTP transmission like you get when you go to your bank's website.  This precludes the possibility of a bios/firmware update using existing versions of the DS browser.  But the new version obviously contains new features, such as javascript and flash support.  If it can handle those, it can handle encrypted transmission *easily*.  So it would no longer be out of the realm of possibility for Nintendo to send secure, encrypted packets to your DS which are then decrypted and written to the firmware, for instance to offer a new skin for the DS's interface or something like that.  They'd be morons if they made firmware updates unencrypted, so it's not currently possible.......
....
.......
....
......
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

Look this is all really hypothetical and will with 99.9% certainty never happen... downloaded bios updates are unlikely, viruses capable of affecting the DS are unlikely for technical reasons that cannot be overcome through any amount of ingenuity.  If the likelihood of a .... I'm too tired to go on.  I'm sure you get the point.  It's not gonna happen, so don't worry about it.

[dantheman]

Forgive me if I'm wrong, but didn't the DS bricker affect unflashed DS systems too?  And then they were screwed and had to recover the firmware via PPflash?  I don't think it takes the presence of FlashMe to allow writing to the firmware, so in theory some malicious code could possibly launch itself through the browser and write garbage data to the firmware, but like you said, it's highly unlikely and pretty pointless in the first place.  Also note that I don't have a firm grasp on the concepts, so even my "in theory" ideas are probably flawed.

[Altor]

The DS bricker, if it did not require flashing, required passme, which is the same thing.

tired.  so tired.  need shower and bed... nite folks...

[ratx]

Passme and Flashme simply allow the DS to run code in DS mode from the GBA slot. Once the nds file is running in DS mode it makes no odds where from and how it came about to be executed.  Ie the browser is already running in DS mode so it makes no odds; if an overflow were found say for eg an image rendering routine - libtiff ring any bells with anyone? and it was exploitable someone could _possibily_overwrite the same amount of firmware as Darkfaders bricker; though it would be extremely difficult to acheive. This level of access is the same as any nds file; commerical or homebrew; although its perhaps worth noting that only the arm7 can write to the firmware.

Just be clear the NDS has 2 bios ( one for each arm ) and a single firmware. Also in early DS's only a section of the firmware was protected by SL1; I belive in more modern lites more or all of it is protected.

[Altor]

Whaaat?  Are you sure there's no sort of authentication on the DS slot?  I guess my logic was a bit off then... that changes things.

I can't imagine Nintendo or Opera being incompetent enough to allow "root" access to the firmware, but then again I don't know very much about all that techno jargon like "buffer overflow", etc.

[Hi]

I hope no viris/trojon writers are looking at this thread. Maybe we're giving them ideas...

[phantomz]

I hope now viris/trojon writers are looking at this thread. Maybe we're giving them ideas...

wernt u meant to say no.. not now, cuz it sounds like u want the ds to get viruses.. :?

[VoX]

You never know for sure though. I mean, viris writers may have a way.

What if I viris was snuck into javascript? Or animated Jpeg's? Or just pictures? Or even just normal html? Viris writers are pretty smart, and besides, where there's a will there's a way.

I'm just saying, it may be possible. However, I agree that it is extreemly unlikely.

These "Viris" people sound scary almost as scary as the "Virus" people.

[ratx]

Whaaat?  Are you sure there's no sort of authentication on the DS slot?  I guess my logic was a bit off then... that changes things.

There is "authentication" in so much as encryption; ie thats why you needed a game attached the the passme at first; it "authenticated" with the game then jumped to the GBA slot. The encryption has been cracked though; thats why we have "passcards" and slot1 flashcards that don't need any passme.  

http://nocash.emubase.de/gbatek.htm#dscartridgesencryptionfirmware

I agree its kind of hard to understand why Nintendo would let anything running in DS mode write to the firmware; guess we can only assume they thought the DS wouldn't get cracked or it was just pure oversight. Probally a bit of both.

[mudlouse1]

that's what the "rsa secured" logo on the back of the ds means

[Altor]

Really sucky authentication?

[kkan]

RSA aint that great anyways its pretty basic low level public key encryption despite what people think it can and has been broken at least in the world of PC WIFI etc

and not just on a basic level

as recent as last month to be precise ...

souce PC-PRO website ...

Researchers close to breaking 1024-bit RSA encryption

12:18PM, Friday 25th May 2007

The 1024-bit RSA encryption algorithm is close to being cracked, after encryption researchers demonstrate that a 307-bit Mersenne number can be broken down into primes. The breakthrough will lead to changes in the way data is encrypted, according to the scientists.

a little info on RSA

RSA encryption, named after the three individuals who devised the technique (Ronald Rivest, Adi Shamir and Leonard Adleman), takes advantage of this difficulty. Using the RSA method, information is encrypted using a large composite number, usually 1024 bits in size, created by multiplying together two 150 digit prime numbers. As the person who knows these two numbers, the 'keys', they can read the message.

So now you know  

Really sucky authentication?

then again the definition above is also applicable  :p

[mudlouse1]

souce PC-PRO website ...

Researchers close to breaking 1024-bit RSA encryption

12:18PM, Friday 25th May 2007

The 1024-bit RSA encryption algorithm is close to being cracked, after encryption researchers demonstrate that a 307-bit Mersenne number can be broken down into primes. The breakthrough will lead to changes in the way data is encrypted, according to the scientists.

bah, all encryption can be broken, just that some can take a few billion years longer than others. if they've found some more effective way to break RSA, other than brute force then it's likely that it'll still take a while.

bear in mind that encryption is rather useless unless you have a proper authentication protocol. so this is actually the much bigger vulnerability people tend to exploit.

[VoX]

All encryption will be broken some time but I doubt that the DS Web Browser will get any virus's seeing as DS web browser is crap at running code beside Java Script and the Virus cannot spread and would be on some Free Web Hosting site so it's not really a worry.

[Altor]

So is the new browser out yet?  I just saw an ad for my local FutureShop (like Best Buy, only Canadian), they say "get it first: Nintendo DS Browser"... so...?