The Nintendo Talking Flower firmware does not check the size of the language index table when loading it from SPI flash into RAM, allowing me to corrupt the stack, execute arbitrary code, and dump the protected STM32 firmware🤣 (SHA1 51ec2ee3bbc12772cd4abed1bf2d26b02e541e14)

Can it run ... ? Yes, kind of.

Nintendo Silent Flower started talking again after re-encrypting the data using the unique ID of the new flash chip 🥳

Nintendo Silent Flower because it no longer works. The SPI flash chip I used should be compatible. I will have to connect my logic analyzer to see what the firmware is doing. My theory is that it is trying to permanently write protect the SPI flash which I am not allowing.

Nintendo Talking Flower. The SPI flash chips contain 1417 audio files. Unfortunately they are permanently write protected so I will have to replace them.

AI made another homebrew game in Lua for the Nintendo Alarmo 🤣

I asked AI "write me an analog clock app" (in Lua) for the Nintendo Alarmo and a few seconds later ...

A hacked Nintendo Alarmo + Lua homebrew + a few lines of code + some images + some audio = youtu.be/U_AIQiOLBUI