Hacking the Nintendo DSi browser

The DSi browser uses Opera 9.50. There are no security mitigations whatsoever. Jumping to shellcode is back on the menu! Stack buffer overflows are viable. Exploiting use-after-frees, which are often common in browsers, is easier than ever. In fact, the DSi doesn’t even have an operating system, so there’s no kernel to exploit. Various system privileges are handled by the SCFG register. The browser has enough privileges to run most homebrew, but not enough to gain persistence across boots without another exploit.

Browsing on the DS was a nightmare – and Nintendo charged for it. Crazy how times have changed.