even if you haven’t ripped off the top screen of your original DS to create an even better game young boy advancement yet, there still might be some life left in that old bit of 하드웨어. [Smea] is running unsigned code on the Nintendo DS, using only a bargain-bin game and an audio file.
The exploit this time comes in a form that might be familiar to anybody who has ever installed the homebrew channel on a Wii. like SmashStack, this exploit uses a level editor/transfer feature in a game, this time with a 6 year old DS game Bangai-O Spirits.
[smea] is using the sound-based level transfer feature to load unsigned code into the DS. This level-transfer feature works by sending a single period sine wave at 1024Hz with a given amplitude; a binary 1 is a few dB louder than a binary 0, and with a buffer overrun it’s possible to load code into a DS and jump into that code. There’s no redundancy, error correction, and is not the thing you want when loading unsigned code onto a DS. It does, however, work.
The code to generate the audio payload for this exploit is available on github and if you have a copy of Bangai-O Spirits, you can try it out for yourself by playing this file (headphone warning).
Thanks [gudenau] for the tip