When the Nintendo DS came out, folks wanted to write homebrew code on it and couldn't, because there was a key negotiation between an i2c rom on the cartridge and some code in a (then) non-cpu readable area of the system firmware.

DarkFader came up with the idea of inserting an FPGA in between a game and the unit and using a man in the middle attack to inject code sequences that would at first allow code to be overwritten while being read, and later, allow redirection to the arm9 visible GBA slot to run custom code while in ds mode. I didn't really do much on this project but play along and help verify that it worked, but it was a fun introduction to FPGAs for me.

Some pictures follow.

nolove2.jpg nolove1.jpg nds-legohut2.jpg nds-legohut1.jpg dscpu.jpg

I had a lot of trouble getting the design to work. It was at this point that my friend Kevin pointed out that the breadboard was a big antenna, all my wires were big antennas, and I didn't have any bypass caps. A few quick changes, bye-bye to the lego hut, and it started working.

passtest.jpg passthrough-working.jpg

