Difference between revisions of "DSi system flaws"
Jump to navigation
Jump to search
Hallowizer (talk | contribs) (You know the drill, created a system flaws page. (Will create templates later)) |
Hallowizer (talk | contribs) (Overlay bug) |
||
| Line 5: | Line 5: | ||
! Description | ! Description | ||
! Successful exploitation result | ! Successful exploitation result | ||
| − | ! Fixed in | + | ! Fixed in boot1 version |
! Discovered | ! Discovered | ||
! Discovered by | ! Discovered by | ||
| Line 15: | Line 15: | ||
| {{SortableMonth|Aug|2017}} | | {{SortableMonth|Aug|2017}} | ||
| {{User|Nocash}} | | {{User|Nocash}} | ||
| + | |} | ||
| + | |||
| + | == Nintendo SDK == | ||
| + | Note that this refers to the common code in every game, NOT any leaked contents. Please keep leaked contents off this wiii. | ||
| + | |||
| + | {| class="wikitable sortable" border="1" | ||
| + | |- | ||
| + | ! Summary | ||
| + | ! Description | ||
| + | ! Successful exploitation result | ||
| + | ! Discovered | ||
| + | ! Discovered by | ||
| + | |- | ||
| + | | Overlays are not verified when they are loaded. | ||
| + | | While the System Menu checks all cartridge overlays to prevent unauthorized software, no such check exists when the overlays are actually loaded. By changing the overlay after it is checked, it is possible to run arbitrary code. | ||
| + | | Code execution under any cart game with overlays. | ||
| + | | {{SortableMonth|Jan|2010}} | ||
| + | | Datel, {{User|blasty}} (by reverse engineering [[Action Replay]]) | ||
|} | |} | ||
Revision as of 23:12, 18 August 2021
boot1
| Summary | Description | Successful exploitation result | Fixed in boot1 version | Discovered | Discovered by |
|---|---|---|---|---|---|
| Poor System Menu TMD size check | boot1 loads the System Menu's TMD for verification and loading, and it attempts to check the size. However, instead of checking if size > capacity, it checks if size > size, which is always false, resulting in a buffer overflow.
|
Code execution under boot1 | Unfixed | August 2017 | Nocash |
Nintendo SDK
Note that this refers to the common code in every game, NOT any leaked contents. Please keep leaked contents off this wiii.
| Summary | Description | Successful exploitation result | Discovered | Discovered by |
|---|---|---|---|---|
| Overlays are not verified when they are loaded. | While the System Menu checks all cartridge overlays to prevent unauthorized software, no such check exists when the overlays are actually loaded. By changing the overlay after it is checked, it is possible to run arbitrary code. | Code execution under any cart game with overlays. | January 2010 | Datel, blasty (by reverse engineering Action Replay) |