[Liftyee]

Also see the infamous Wii tweezer attack which could dump the system ROM with just a pair of tweezers.

Sometimes I wonder how these sorts of exploits are discovered. It must take some serious in-depth knowledge of the target system and a lot of trial and error.

[pathartl]

The DS's firmware could also be written to by bridging SL1, a point on the board accessible by removing the battery cover. This was used before flashcarts were popular to write FlashMe. It was an alternate firmware that allowed for booting files from a slot-2 device such as a GBAMP.