2
edits
Changes
From Rare Gaming Dump
→Rom details
'''CrashMe''' is a series of trojan horses developed for the Nintendo DS. Its main purpose was to attack pirates, as it will flood the Nintendo DS firmware with junk data, rendering it unusable.
'''CrashMe''' is a series of trojan horses developed for the Nintendo DS. The main purpose of these roms was to ruin your day, as it will flood the Nintendo DS firmware with junk data, rendering your DS unusable.
== Origin ==
== Origin ==
The origin of these trojans started back in 2005 with the PlayStation Portable, known as a trojan simply known as '''Trojan.PSPBrick'''. The trojan was hidden as a "version downgrader", as it would delete critical files that would restart the PSP, and replace those files with the following messages:
The origin of these trojans started back in 2005 with the PlayStation Portable, known as a trojan simply known as '''Trojan.PSPBrick'''. The trojan was hidden away as a "version downgrader", as it would delete critical files that would restart the PSP, and replace those files with the following messages:
<nowiki>
<nowiki>
[[File:Trojan-pspbrick-helloworld.png|thumb|A bricked PSP. You can still boot it up, but that's about it.]]
[[File:Trojan-pspbrick-helloworld.png|thumb|A bricked PSP. You can still boot it up, but that's about it.]]
Trying to open any application after that would simply freeze the unit, with little to no recovery being possible. This trojan is what inspired DarkFader, to create a version for the Nintendo DS, with similarities shown.
Trying to open any application after that would simply freeze the unit, and with there being no real recovery method possible (except by replacing the entire motherboard), you were out of luck. This trojan is what inspired DarkFader, to create a version for the Nintendo DS, with similarities shown.
== Trojan.DSBrick.B (taihen.zip) ==
== Trojan.DSBrick.B (taihen.zip) ==
On October 8th 2005, just a few days from the discovery of Trojan.PSPBrick, DarkFader privately released a trojan for the Nintendo DS on IRC, which later made its way onto people's DS'es. The link pretended it was a XS4All link, a Dutch internet provider, and the trojan came in an archive known as '''taihen.zip'''. The only contents were taihen.nds and taihen.txt with some text.
On October 8th 2005, just a few days from the discovery of Trojan.PSPBrick, DarkFader privately released a trojan for the Nintendo DS on IRC, which later made its way onto people's DS'es. The link pretended it was link from XS4All (a Dutch internet provider), and the trojan came in an archive known as '''taihen.zip'''. The only contents were taihen.nds and taihen.txt, which was a simple .txt with this text:
<nowiki>
<nowiki>
This is a small hentai slideshow for the Nintendo DS.
This is a small hentai slideshow for the Nintendo DS.
Enjoy!</nowiki>
Enjoy!</nowiki>
The program was disguised as a hentai viewer which would show 5 images of uncensored hentai. But before these images, the following things will happen without the user knowing:
The program was disguised as a hentai viewer which would show 5 images of uncensored hentai. But before these images, the following things will happen without the user knowing:
*The first 64kb of the DS's firmware is overwritten by junk data, preventing the unit from starting up.
*The first 64kb of the DS's firmware is overwritten by junk data, preventing the unit from starting up. Unless, and only if you have FlashMe installed, you could recover.
*The first sectors of a inserted GBA Movie Player gets erased, but can be recovered.
*The first sectors of a inserted GBA Movie Player gets erased, but can be recovered.
*The firmware for both the SuperCard and the XG/Neo get erased. This cannot be recovered.
*The firmware for both the SuperCard and the XG/Neo get erased. This cannot be recovered.
Plus, a secondth modified version was uploaded named "DS Owata" in 2009 with some altered text, with the rom pretending to be Dragon Quest IX. After the erasing job is done, some text and hentai will be displayed on the screen:
Plus, a secondth modified version was uploaded named "DS Owata" in 2009 with some altered text, with the rom pretending to be Dragon Quest IX. After the erasing job is done without your knowledge, some text and hentai will be displayed on the screen:
{|style="margin: 0 auto;"
{|style="margin: 0 auto;"
| [[File:Trojan-dsbrick-taihen1.png|center|thumb|Yuck, hentai.]]
| [[File:DS-Trojan.DSBrick.B-taihen_blur40.png|center|thumb|Yuck, hentai.]]
| [[File:Trojan-dsbrick-owata1.png|center|thumb|"Owata" means "finished" in English, meaning that your DS has been "finished" off.]]
| [[File:DS-Trojan.DSBrick.B-Owata_blur40.png|center|thumb|A slightly modified version of Taihen.]]
|}
|}
'''Taihen:'''
'''Taihen:'''
see the next picture.</nowiki>
see the next picture.</nowiki>
When the user would turn the DS off and back on again, they will be greeted with a black screen.
The swapped screens and the different text was probably to get around DSLazy's CrashMe check. When the user would turn the DS off and back on again, they will be greeted with a black screen.
== Trojan.DSBrick.A (r0mloader.zip) ==
== Trojan.DSBrick.A (r0mloader.zip) ==
A day later, a more wildspread and more approperiate version was uploaded on multible IRC channels and a forum as well, named '''r0mloader.zip'''. The trojan pretended it was a tool that would "automatically patch your .nds roms uppon launch", but its functionality was the same as DS Taihen.
A day later, a more wildspread and more approperiate version was uploaded on multible IRC channels and a forum as well, named '''r0mloader.zip'''. The trojan pretended it was a tool that would "automatically patch your .nds roms uppon launch", but its functionality was the same as Taihen.
[[File:Trojan-dsbrick-wallscreenshot.png|thumb|It's just a brick wall, nothing else to see.]]
[[File:DS-Trojan.DSBrick.A-r0mloader.png|thumb|I've never been scared by a brick wall before.]]
Included was a .txt file that reads:
<nowiki>
<nowiki>
r0m loader for Nintendo DS
r0m loader for Nintendo DS
* G6
* G6
* M3</nowiki>
* M3</nowiki>
After the erasing job is done, an image of a brick wall is shown on the top screen, with no activity. Because this version of CrashMe was more wildspread, the news was covered on multible websites and forums, being mostly virus-alert sites, with a warning for people telling them to keep an eye out and to always get roms from trusted sources.
After the erasing job is done, an image of a brick wall is shown on the top screen, with no activity. Because this version of CrashMe was more wildspread, the news was covered on multible websites and forums, being mostly virus-alert sites, with a warning for people telling them to keep an eye out and to always get roms from trusted sources.
Another trojan popped up around 2011, found by a GBAtemp user known as '''osm70''', with the rom pretending to be Mario Party DS. Besides the rom file size being larger (probably filled with junk data) and having a different header, the rom behaves identical to r0mloader. It shows the same brick wall and it does the same overwriting job.
Another trojan popped up around 2011, found by a GBAtemp user known as '''osm70''', with a message that he found it on a regular warez site, pretending to be Mario Party DS. The file size is 58,5MB.
== Rom details==
== Rom details==
Contents: taihen.nds, taihen.txt
Contents: taihen.nds, taihen.txt
NDS MD5 Hash: 8e7a3728759df265ca3a78553cf27bb8
NDS MD5 Hash: 8e7a3728759df265ca3a78553cf27bb8
NDS SHA1 Hash: Unknown?
NDS SHA1 Hash: 016e6a6f4eae4fa60960c7617849430cb3e52814
NDS CRC32 Hash: 08aa2d30
NDS CRC32 Hash: 08aa2d30
NDS Filesize: 548 673 bytes</nowiki>
NDS Filesize: 548 673 bytes</nowiki>
'''DS Owata:'''
'''DS Owata (Dragon Quest IX):'''
<nowiki>
<nowiki>
Filename: Dragon_Quest_IX_JPN_DSi_Enhanced_NDS-iND.rar</nowiki>
'''CrashMe (MPDS):'''
'''r0mloader (Mario Party DS):'''
<nowiki>
<nowiki>
NDS Filesize: 61 350 912 bytes</nowiki>
NDS Filesize: 58 500 000 bytes</nowiki>
== DarkFader's apology (2005) ==
== DarkFader's apology (2005) ==
After everything went down, DarkFader has appologised for his actions and behaviour as he clears everything up, including some recovery tools for the bricked consoles and flashcarts.
After everything went down, DarkFader has appologised for his actions and behaviour as he clears everything up, including some recovery tools for bricked consoles and flashcarts.
<pre style='white-space: pre-wrap; overflow: auto; height: 300px'>
I want to say sorry to everyone out there. I should have realized the impact. Not just few DS'es that were hurt, but all the damn media and whatnot.
I want to say sorry to everyone out there. I should have realized the impact. Not just few DS'es that were hurt, but all the damn media and whatnot.
I cannot really justify my actions. It was also very selfish to draw some attention, which I tend to do in odd ways.
I cannot really justify my actions. It was also very selfish to draw some attention, which I tend to do in odd ways.
You can detect DSbrick by using DSbrick.signature and the utility grep:
You can detect DSbrick by using DSbrick.signature and the utility grep:
grep -F -U -f DSbrick.signature FileToBeTested.nds
grep -F -U -f DSbrick.signature FileToBeTested.nds
A good way to prevent malicious firmware access is to keep a record of known ARM7 binaries. This could be incorporated into ndstool.</nowiki>
A good way to prevent malicious firmware access is to keep a record of known ARM7 binaries. This could be incorporated into ndstool.
</pre>
== IRC Log (r0mloader) ==
This appears to be a log from some Swedish IRC server. DarkFader was not actually on this IRC server.
''Original:''
<nowiki>
23:46 @<xxx> 23:45 +<djPepse> <DarkFader> shall I make different version that's a supposedly loader? ;)
23:46 @<xxx> 23:46 +<djPepse> <DarkFader> http://akusho.xs4all.nl/temp/r0mloader.zip >:)
23:46 @<xxx> idiot
23:46 @<xxx> kille som har gjort en "rom loader" till nintendo ds
23:46 @<xxx> som inte alls laddar rommar
23:46 @<xxx> utan istället kvaddar firmwaren
23:46 @<xxx> så ens nintendo ds går sönder ;/</nowiki>
''Translation:''
<nowiki>
23:46 @<xxx> 23:45 +<djPepse> <DarkFader> shall I make different version that's a supposedly loader? ;)
23:46 @<xxx> 23:46 +<djPepse> <DarkFader> http://akusho.xs4all.nl/temp/r0mloader.zip >:)
23:46 @<xxx> idiot
23:46 @<xxx> he's the guy who made a "rom loader" for the nintendo ds
23:46 @<xxx> that does not change roms at all
23:46 @<xxx> but instead bricks the firmware
23:46 @<xxx> so it even breaks your nintendo ds ;/</nowiki>
== References ==
== References ==
*[https://web.archive.org/web/20100807234939/http://www.pocketheaven.com/ph/wiki/DS_Bricker Archived wiki article from PocketHeaven]
*[https://www.youtube.com/watch?v=pNO_Vfl_aQk A video of Trojan.DSBrick.A]
*[https://www.youtube.com/watch?v=pNO_Vfl_aQk A video of Trojan.DSBrick.A]
*[https://www.youtube.com/watch?v=7CWI5Rs5Qwk A video of Trojan.DSBrick.B '''(NSFW warning)''']
*[https://www.youtube.com/watch?v=7CWI5Rs5Qwk A video of Trojan.DSBrick.B '''(NSFW warning)''']
*[http://www.ds-scene.net/?s=viewtopic&nid=7978 A warning from DS-Scene.net regarding the fake Dragon Quest IX rom]
*[https://www.youtube.com/watch?v=wSIIOAZ-0s0 CrashMe on Nintendo 3DS (Another unknown variant known as "Firmware Programmer")]
*[https://www.youtube.com/watch?v=wSIIOAZ-0s0 CrashMe on Nintendo 3DS (Another unknown variant known as "Firmware Programmer")]
*[https://www.gamespot.com/articles/ds-coder-apologizes-for-trojan/1100-6135944/ Gamespot covering DarkFader's appology]
*[https://www.gamespot.com/articles/ds-coder-apologizes-for-trojan/1100-6135944/ Gamespot covering DarkFader's appology]
*[https://gbatemp.net/threads/new-crashme-ds-bricker-discovered.305443/ GBAtemp staff "Another World" covers the Mario Party DS bricker]
*[https://gbatemp.net/threads/new-crashme-ds-bricker-discovered.305443/ GBAtemp staff "Another World" covers the Mario Party DS bricker]
*[http://www.sharebee.com/816a15bc Original link to Owata DS (dead link)] [https://web.archive.org/web/20090707025809/www.sharebee.com/816a15bc (webpage archive with more dead links can be found here)]
*[http://akusho.xs4all.nl/temp/r0mloader.zip Original link to r0mloader.zip (dead link)]
*[http://akusho.xs4all.nl/temp/r0mloader.zip Original link to r0mloader.zip (dead link)]
*[http://akusho.xs4all.nl/temp/taihen.zip Original link to taihen.zip (dead link)]
*[http://akusho.xs4all.nl/temp/taihen.zip Original link to taihen.zip (dead link)]
