Support NeoGAF

[Lee N]

I want to say sorry to everyone out there. I should have realized the impact. Not just few DS'es that were hurt, but all the damn media and whatnot.
I cannot really justify my actions. It was also very selfish to draw some attention, which I tend to do in odd ways.
It caused some harm to some non-targetted and targetted people owning a DS with non-Nintendo-approved hardware.
And that is a terrible thing to do. Even more so with the reputation I had in the DS homebrew scene that now completely abandoned me.
I do not have clear reasons and I can't blaim the little headache I had at the time. I just had to realize the idea I had after seeing the PSP variant of a bricker.
The files do not come with any form of name/signature of me, a thing I would do if it could be trusted.
I won't release any more of this crap for DS and I don't think parts of this trojan or the idea itself will emerge in future homebrew releases.
The point is probably clear. Do not run any form of untrusted code that just suddenly appears without any name.
If you only use official Nintendo games, there is absolutely nothing to worry about.
Untrusted code includes ROM loaders and that sort of stuff. It's probably not a very good reason since it has been proven before.
I can tell that the negative feedback is far greater than the positive ones. I received one donation of $6.66 and I'm not proud of it.
One news site completely ignores the r0mloader version and reasoning behind it. grrrrr.
Another common mistake: A TROJAN IS NOT A VIRUS! That means that it does not propagate on its own. And thus non-intrusive.

The trojan was released in two forms:
Trojan.DSBrick.A, 151361 bytes, md5sum a959cfa514f4c7162a81421ee99d3356, r0mloader.nds
Version A was intended for the so called ROM-pirates. Hence the name of the filename and description. It was anonymously posted to just a few IRC channels and one forum. Elsewhere, it was known that is was a trojan.
After doing its thing, it shows a picture of a brick wall. Apropriate to the situation.

Trojan.DSBrick.B, 548673 bytes, md5sum 8e7a3728759df265ca3a78553cf27bb8, taihen.nds
Version B was not really released into public and should rarely be seen. It was only directly released in a closed IRC channel with prior notice of what it did and a comment that might have triggered some (less evil than me) persons to pass it along.
After doing its thing, it cycles through five attractive drawings.

I cannot control the propagation of the files or the names it might be disguised as.

Ok, on to the more technical details:
The trojan _tries_ (but not definately succeeds) to:
* Erase DS firmware. Practically the first 64 KBytes are write-protected and thus is recoverable when the FlashMe firmware was installed.
* Erase first few sectors of CompactFlash card inside GBA movieplayer. You can try to sort out your data sectors if you really want something back.
* Erase GBA movieplayer firmware. Fairly easy to fix using flashmp utility.
* Erase Supercard firmware. A fix is currently being worked on.
* Erase/lock XG/Neo flash card. Seems it was forgotten to be mentioned in r0mloader.txt.
If you have a legal use for these functions like testing recovery tools, you're welcome.

Here are some fixing utilities and links:
ppflash.zip - Contains info, sourcecode and binary to flash the fail-safe loader also contained in FlashMe using a parallel port connection. Some soldering skills are required to perform this operation. Don't worry about voiding your warranty because you already have according to the DS manuals.
FlashMe - The page to get FlashMe. You can't survive without it.
flashmp.zip - Firmware flasher for GBA Movie Player. Supports writing to Supercard, but the included firmware IS NOT WORKING probably because of a bad firmware dump! If you have an original firmware version and Flash Advance Linker, let me know.
Probably more to come.
You can detect DSbrick by using DSbrick.signature and the utility grep:
grep -F -U -f DSbrick.signature FileToBeTested.nds
A good way to prevent malicious firmware access is to keep a record of known ARM7 binaries. This could be incorporated into ndstool.

Source: http://darkfader.net/

 

[Juice]

That guy's a dick.

 

[Tiktaalik]

I thought it was very strange that this guy would release a trojan, considering he was one of the guys that got the entire DS hacking scene started.

 

[Juice]

I thought it was very strange that this guy would release a trojan, considering he was one of the guys that got the entire DS hacking scene started.

Relative to the bustling PSP hacking scene, isn't calling the DS's homebrew attempts a "scene" a bit of a misnomer?

 

[Vennt]

I thought it was very strange that this guy would release a trojan, considering he was one of the guys that got the entire DS hacking scene started.

Not really that strange if you read between the lines of the apology, looks to me like he's a homebrew purist who got pissed off at the scene being used for piracy rather than true homebrew, I'd say it was niaive, misguided & stupid moreso than strange.

Looks to me like he wanted to hurt the piracy scene and didn't realise that it would spread outside his control.

Gotta admire his cheek with the "You've already voided your warantee" line in his apology though, that made me laugh

 

[radioheadrule83]

Relative to the bustling PSP hacking scene, isn't calling the DS's homebrew attempts a "scene" a bit of a misnomer?

Its basically an extension of the GBA scene. Theres actually pretty good stuff being worked on and made. Its just harder for the end user to play with.

 

[Tiktaalik]

Relative to the bustling PSP hacking scene, isn't calling the DS's homebrew attempts a "scene" a bit of a misnomer?

Yeah the DS homebrew scene is completely pathetic. I think most of the people that would normally have been interested switched to the PSP, because it's much easier. The DS isn't very hard at all to hack, but it helps if you already had a GBA flash cart.

The stupidest thing about the DS scene is that the sdk is available, but no one will use it out of some higher honour. There really is only one decent forum, and you can't talk about the SDK there, so DS dev is going to be stuck in the mud for a very long time.

 

[neptunes]

It's just a mistake, The guy isn't a dick, he contributed more than enough for DS homebrew development.

 

[bumpkin]

Another common mistake: A TROJAN IS NOT A VIRUS! That means that it does not propagate on its own. And thus non-intrusive.

Nobody wants any damn Trojans on their computer, and there's a reason for that. They are intrusive, and so a Trojan IS a virus to the laymen.

 

[Juice]

Yeah the DS homebrew scene is completely pathetic. I think most of the people that would normally have been interested switched to the PSP, because it's much easier. The DS isn't very hard at all to hack, but it helps if you already had a GBA flash cart.

The stupidest thing about the DS scene is that the sdk is available, but no one will use it out of some higher honour. There really is only one decent forum, and you can't talk about the SDK there, so DS dev is going to be stuck in the mud for a very long time.

Higher honor aside, I'm sure Nintendo would string anyone by the balls for using the SDK (and they can probably tell if a release did) without a license to do so.

But yeah, the type of people who would want to hack a DS are probably the same linux nerds who measure their manhood by their record uptime. It's really just for the sake of doing it.

I've still got a GBA flash cart, but I can't interface it with my Mac, as my PC is stateside. So no DS homebrew for me. Even if it was great, I wouldn't need it. I actually like the retail games on the DS.

 

[DDayton]

The stupidest thing about the DS scene is that the sdk is available, but no one will use it out of some higher honour. There really is only one decent forum, and you can't talk about the SDK there, so DS dev is going to be stuck in the mud for a very long time.

Actually, there's a fairly good reason for that... the GBC/GBA hacking/homebrew/etc. "scene" did help a fairly decent number of people either get software published or get hired by "real companies". If the official SDK for the DS were to be used, it would make any game/utility/etc. created "tainted" and make it really hard for folks to get recognition from a real company. By ignoring the Nintendo SDK, they are helping the homebrew developers who have hopes of doing some commercial in the future.

 

[Juice]

Actually, there's a fairly good reason for that... the GBC/GBA hacking/homebrew/etc. "scene" did help a fairly decent number of people either get software published or get hired by "real companies". If the official SDK for the DS were to be used, it would make any game/utility/etc. created "tainted" and make it really hard for folks to get recognition from a real company. By ignoring the Nintendo SDK, they are helping the homebrew developers who have hopes of doing some commercial in the future.

That makes no sense at all.

If you're able to use the official SDK to amazing lengths, any company would be MORE inclined to hire you because you're ready to go without subsequent training, as that happens to be exactly what they would be using for development.

That's like saying, "A company would much rather hire a guy who writes all of his applications in SmallTalk because he has to do everything himself than a guy who became intimately familiar with the .NET framework, as that framework is totally cheating."

Except in the real world, most software houses rely heavily on .NET, and experience with it is a surefire requisite to be hired.

Whatever homebrew devs think the way you just described are stuck as homebrew devs for a pretty clear reason.

Edit: I see how your post makes sense now if you meant "illegal" by tainted, though you definitely didn't come out and say it

 

[Vennt]

That makes no sense at all.

If you're able to use the official SDK to amazing lengths, any company would be MORE inclined to hire you because you're ready to go without subsequent training, as that happens to be exactly what they would be using for development.

That's like saying, "A company would much rather hire a guy who writes all of his applications in SmallTalk because he has to do everything himself than a guy who became intimately familiar with the .NET framework, as that framework is totally cheating."

Except in the real world, most software houses rely heavily on .NET, and experience with it is a surefire requisite to be hired.

Whatever homebrew devs think the way you just described are stuck as homebrew devs for a pretty clear reason.

Trust is an important, if not more important trait to look for in a potential employee in some cases than technical ability, if they are willing to use stolen tools to advance their career then whos to say they won't steal other things, like code from their employer or other methods of self-enrichment?

I know of one 3D artist that was required to bring along his original 3D Studio Max CD's along with him to an interview when showing his portfolio for this very reason.

There is more to employing someone than just ability, when you've a few dozen/hundred candidates at the door, technical ability isn't going to be what seperates them, character, personality, trustworthyness and issues NOT directly related to the task at hand however, is.

 

[DDayton]

Edit: I see how your post makes sense now if you meant "illegal" by tainted, though you definitely didn't come out and say it

Well, yes, that's what I meant. Any homebrew development would be "tainted" if created by OR using code from another project developed with the official SDK; it would be an illegal use of the SDK, and might make most publishers just ignore it for fear of any legal issues down the road. GBA homebrew folks have sold titles to small publishers in the past, and they have sometimes been hired by smaller companies -- it doesn't make sense to put the GBA/DS development community in danger by using an illegal copy of the SDK.

Actually, I think the DS development community is quite alive and well -- it's just that they tend not to release pirate aps and emulators all that often. The focus is more on helping either other out in bizarre hardware questions and programming issues.

(Edit: As far as the Smalltalk vs. .NET framework goes... imagine you were a subcontractor for Microsoft. Two candidates come in to interview -- one has experience in SmallTalk, the other is well versed in .NET and has already released multiple utilities for it on the internet... all on pirate software boards, where he never hid the fact he was using an illegal copy of the software. Which one will they hire?)