Changes

983 bytes added ,  18:29, 3 March 2020
cha cha real smooth, the article was already good, but I made some corrections and properly updated all censored images to be blurrier, I should get around to finding DS Owata and the other CrashMe, since these were put on rom sites instead of private IRC boards
Line 1: Line 1: −
'''CrashMe''' is a series of trojan horses developed for the Nintendo DS. Its main purpose was to attack pirates, as it will flood the Nintendo DS firmware with junk data, rendering it unusable.
+
'''CrashMe''' is a series of trojan horses developed for the Nintendo DS. The main purpose of these roms was to ruin your day, as it will flood the Nintendo DS firmware with junk data, rendering your DS unusable.
    
== Origin ==
 
== Origin ==
The origin of these trojans started back in 2005 with the PlayStation Portable, known as a trojan simply known as '''Trojan.PSPBrick'''. The trojan was hidden as a "version downgrader", as it would delete critical files that would restart the PSP, and replace those files with the following messages:
+
The origin of these trojans started back in 2005 with the PlayStation Portable, known as a trojan simply known as '''Trojan.PSPBrick'''. The trojan was hidden away as a "version downgrader", as it would delete critical files that would restart the PSP, and replace those files with the following messages:
    
  <nowiki>
 
  <nowiki>
Line 15: Line 15:  
[[File:Trojan-pspbrick-helloworld.png|thumb|A bricked PSP. You can still boot it up, but that's about it.]]
 
[[File:Trojan-pspbrick-helloworld.png|thumb|A bricked PSP. You can still boot it up, but that's about it.]]
   −
Trying to open any application after that would simply freeze the unit, with little to no recovery being possible. This trojan is what inspired DarkFader, to create a version for the Nintendo DS, with similarities shown.
+
Trying to open any application after that would simply freeze the unit, and with there being no real recovery method possible (except by replacing the entire motherboard), you were out of luck. This trojan is what inspired DarkFader, to create a version for the Nintendo DS, with similarities shown.
    
== Trojan.DSBrick.B (taihen.zip) ==
 
== Trojan.DSBrick.B (taihen.zip) ==
On October 8th 2005, just a few days from the discovery of Trojan.PSPBrick, DarkFader privately released a trojan for the Nintendo DS on IRC, which later made its way onto people's DS'es. The link pretended it was a XS4All link, a Dutch internet provider, and the trojan came in an archive known as '''taihen.zip'''. The only contents were taihen.nds and taihen.txt with some text.
+
On October 8th 2005, just a few days from the discovery of Trojan.PSPBrick, DarkFader privately released a trojan for the Nintendo DS on IRC, which later made its way onto people's DS'es. The link pretended it was link from XS4All (a Dutch internet provider), and the trojan came in an archive known as '''taihen.zip'''. The only contents were taihen.nds and taihen.txt, which was a simple .txt with this text:
 
  <nowiki>
 
  <nowiki>
 
This is a small hentai slideshow for the Nintendo DS.
 
This is a small hentai slideshow for the Nintendo DS.
 
Enjoy!</nowiki>
 
Enjoy!</nowiki>
 
The program was disguised as a hentai viewer which would show 5 images of uncensored hentai. But before these images, the following things will happen without the user knowing:
 
The program was disguised as a hentai viewer which would show 5 images of uncensored hentai. But before these images, the following things will happen without the user knowing:
*The first 64kb of the DS's firmware is overwritten by junk data, preventing the unit from starting up.
+
*The first 64kb of the DS's firmware is overwritten by junk data, preventing the unit from starting up. Unless you have FlashMe installed, you could recover
 
*The first sectors of a inserted GBA Movie Player gets erased, but can be recovered.
 
*The first sectors of a inserted GBA Movie Player gets erased, but can be recovered.
 
*The firmware for both the SuperCard and the XG/Neo get erased. This cannot be recovered.
 
*The firmware for both the SuperCard and the XG/Neo get erased. This cannot be recovered.
   −
Plus, a secondth modified version was uploaded named "DS Owata" in 2009 with some altered text, with the rom pretending to be Dragon Quest IX. After the erasing job is done, some text and hentai will be displayed on the screen:
+
Plus, a secondth modified version was uploaded named "DS Owata" in 2009 with some altered text, with the rom pretending to be Dragon Quest IX. After the erasing job is done without your knowledge, some text and hentai will be displayed on the screen:
    
{|style="margin: 0 auto;"
 
{|style="margin: 0 auto;"
| [[File:Trojan-dsbrick-taihen1.png|center|thumb|Yuck, hentai.]]
+
| [[File:DS-Trojan.DSBrick.B-taihen_blur40.png|center|thumb|Yuck, hentai.]]
| [[File:Trojan-dsbrick-owata1.png|center|thumb|"Owata" means "finished" in English, meaning that your DS has been "finished" off.]]
+
| [[File:DS-Trojan.DSBrick.B-Owata_blur40.png|center|thumb|A slightly modified version of Taihen.]]
 
|}
 
|}
  −
Some of the text is also different in DS Taihen and DS Owata:
      
'''Taihen:'''
 
'''Taihen:'''
Line 56: Line 54:  
see the next picture.</nowiki>
 
see the next picture.</nowiki>
   −
When the user would turn the DS off and back on again, they will be greeted with a black screen.
+
The swapped screens and the different text was probably to get around DSLazy's CrashMe check. When the user would turn the DS off and back on again, they will be greeted with a black screen.
    
== Trojan.DSBrick.A (r0mloader.zip) ==
 
== Trojan.DSBrick.A (r0mloader.zip) ==
A day later, a more wildspread and more approperiate version was uploaded on multible IRC channels and a forum as well, named '''r0mloader.zip'''. The trojan pretended it was a tool that would "automatically patch your .nds roms uppon launch", but its functionality was the same as DS Taihen.
+
A day later, a more wildspread and more approperiate version was uploaded on multible IRC channels and a forum as well, named '''r0mloader.zip'''. The trojan pretended it was a tool that would "automatically patch your .nds roms uppon launch", but its functionality was the same as Taihen.
[[File:Trojan-dsbrick-wallscreenshot.png|thumb|It's just a brick wall, nothing else to see.]]
+
[[File:DS-Trojan.DSBrick.A-r0mloader.png|thumb|I've never been scared by a brick wall before.]]
 +
 
 +
Included was a .txt file that reads:
 
  <nowiki>
 
  <nowiki>
 
r0m loader for Nintendo DS
 
r0m loader for Nintendo DS
Line 76: Line 76:  
* G6
 
* G6
 
* M3</nowiki>
 
* M3</nowiki>
 +
 
After the erasing job is done, an image of a brick wall is shown on the top screen, with no activity. Because this version of CrashMe was more wildspread, the news was covered on multible websites and forums, being mostly virus-alert sites, with a warning for people telling them to keep an eye out and to always get roms from trusted sources.
 
After the erasing job is done, an image of a brick wall is shown on the top screen, with no activity. Because this version of CrashMe was more wildspread, the news was covered on multible websites and forums, being mostly virus-alert sites, with a warning for people telling them to keep an eye out and to always get roms from trusted sources.
   −
== CrashMe (2011) ==
+
Another trojan popped up around 2011, found by a GBAtemp user known as '''osm70''', with the rom pretending to be Mario Party DS. Besides the rom file size being larger (probably filled with junk data) and having a different header, the rom behaves identical to r0mloader. It shows the same brick wall and it does the same overwriting job.
Another trojan popped up around 2011, found by a GBAtemp user known as '''osm70''', with a message that he found it on a regular warez site, pretending to be Mario Party DS. The file size is 58,5MB.
      
== Rom details==
 
== Rom details==
Line 108: Line 108:  
  <nowiki>
 
  <nowiki>
 
Filename: Unknown?
 
Filename: Unknown?
NDS Filesize: 58 500 000 bytes</nowiki>
+
NDS Filesize: 61 350 912 bytes</nowiki>
 
  −
== IRC Log(s) ==
  −
''Origin of r0mloader.zip'':
  −
<nowiki>
  −
23:46 @<xxx> 23:45 +<djPepse> <DarkFader> shall I make different version that's a supposedly loader? ;)
  −
23:46 @<xxx> 23:46 +<djPepse> <DarkFader> http://akusho.xs4all.nl/temp/r0mloader.zip >:)
  −
23:46 @<xxx> idiot
  −
23:46 @<xxx> kille som har gjort en "rom loader" till nintendo ds
  −
23:46 @<xxx> som inte alls laddar rommar
  −
23:46 @<xxx> utan istället kvaddar firmwaren
  −
23:46 @<xxx> så ens nintendo ds går sönder ;/</nowiki>
      
== DarkFader's apology (2005) ==
 
== DarkFader's apology (2005) ==
After everything went down, DarkFader has appologised for his actions and behaviour as he clears everything up, including some recovery tools for the bricked consoles and flashcarts.
+
After everything went down, DarkFader has appologised for his actions and behaviour as he clears everything up, including some recovery tools for bricked consoles and flashcarts.
<nowiki>
+
<pre style='white-space: pre-wrap; overflow: auto; height: 300px'>
 
I want to say sorry to everyone out there. I should have realized the impact. Not just few DS'es that were hurt, but all the damn media and whatnot.
 
I want to say sorry to everyone out there. I should have realized the impact. Not just few DS'es that were hurt, but all the damn media and whatnot.
 
I cannot really justify my actions. It was also very selfish to draw some attention, which I tend to do in odd ways.
 
I cannot really justify my actions. It was also very selfish to draw some attention, which I tend to do in odd ways.
Line 165: Line 154:  
You can detect DSbrick by using DSbrick.signature and the utility grep:
 
You can detect DSbrick by using DSbrick.signature and the utility grep:
 
grep -F -U -f DSbrick.signature FileToBeTested.nds
 
grep -F -U -f DSbrick.signature FileToBeTested.nds
A good way to prevent malicious firmware access is to keep a record of known ARM7 binaries. This could be incorporated into ndstool.</nowiki>
+
A good way to prevent malicious firmware access is to keep a record of known ARM7 binaries. This could be incorporated into ndstool.
 +
</pre>
 +
 
 +
== IRC Log (r0mloader) ==
 +
This appears to be a log from some Swedish IRC server. DarkFader was not actually on this IRC server.
 +
 
 +
''Original:''
 +
<nowiki>
 +
23:46 @<xxx> 23:45 +<djPepse> <DarkFader> shall I make different version that's a supposedly loader? ;)
 +
23:46 @<xxx> 23:46 +<djPepse> <DarkFader> http://akusho.xs4all.nl/temp/r0mloader.zip >:)
 +
23:46 @<xxx> idiot
 +
23:46 @<xxx> kille som har gjort en "rom loader" till nintendo ds
 +
23:46 @<xxx> som inte alls laddar rommar
 +
23:46 @<xxx> utan istället kvaddar firmwaren
 +
23:46 @<xxx> så ens nintendo ds går sönder ;/</nowiki>
 +
 
 +
''Translation:''
 +
<nowiki>
 +
23:46 @<xxx> 23:45 +<djPepse> <DarkFader> shall I make different version that's a supposedly loader? ;)
 +
23:46 @<xxx> 23:46 +<djPepse> <DarkFader> http://akusho.xs4all.nl/temp/r0mloader.zip >:)
 +
23:46 @<xxx> idiot
 +
23:46 @<xxx> he's the guy who made a "rom loader" for the nintendo ds
 +
23:46 @<xxx> that does not change roms at all
 +
23:46 @<xxx> but instead bricks the firmware
 +
23:46 @<xxx> so it even breaks your nintendo ds ;/</nowiki>
    
== References ==
 
== References ==