Difference between revisions of "DSi system flaws"
Jump to navigation
Jump to search
Hallowizer (talk | contribs) m (→Nintendo SDK: typo) |
Hallowizer (talk | contribs) (→Nintendo SDK: seems like the bug is actually for DS games) |
||
| Line 17: | Line 17: | ||
|} | |} | ||
| − | == | + | == System Menu == |
| − | |||
| − | |||
{| class="wikitable sortable" border="1" | {| class="wikitable sortable" border="1" | ||
|- | |- | ||
| Line 28: | Line 26: | ||
! Discovered by | ! Discovered by | ||
|- | |- | ||
| − | | | + | | DS games are not patched to verify overlays. |
| − | | While the System Menu checks all cartridge overlays to prevent unauthorized software, no such check exists when the overlays are actually loaded. By changing the overlay after it is checked, it is possible to run arbitrary code. | + | | While the System Menu checks all cartridge overlays to prevent unauthorized software, no such check exists when the overlays are actually loaded, despite an [https://wiibrew.org/wiki/MIOS MIOS]-like patcher being possible to implement. By changing the overlay after it is checked, it is possible to run arbitrary code. |
| − | | Code execution under any | + | | Code execution under any DS game with overlays. |
| {{SortableMonth|Jan|2010}} | | {{SortableMonth|Jan|2010}} | ||
| Datel, {{User|blasty}} (by reverse engineering [[Action Replay]]) | | Datel, {{User|blasty}} (by reverse engineering [[Action Replay]]) | ||
|} | |} | ||
Revision as of 00:11, 19 August 2021
boot1
| Summary | Description | Successful exploitation result | Fixed in boot1 version | Discovered | Discovered by |
|---|---|---|---|---|---|
| Poor System Menu TMD size check | boot1 loads the System Menu's TMD for verification and loading, and it attempts to check the size. However, instead of checking if size > capacity, it checks if size > size, which is always false, resulting in a buffer overflow.
|
Code execution under boot1 | Unfixed | August 2017 | Nocash |
System Menu
| Summary | Description | Successful exploitation result | Discovered | Discovered by |
|---|---|---|---|---|
| DS games are not patched to verify overlays. | While the System Menu checks all cartridge overlays to prevent unauthorized software, no such check exists when the overlays are actually loaded, despite an MIOS-like patcher being possible to implement. By changing the overlay after it is checked, it is possible to run arbitrary code. | Code execution under any DS game with overlays. | January 2010 | Datel, blasty (by reverse engineering Action Replay) |