Difference between revisions of "DSiWare VulnList"
Jump to navigation
Jump to search
Line 72: | Line 72: | ||
| None | | None | ||
| Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. | | Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
| Crystal Monsters | | Crystal Monsters |
Revision as of 04:18, 10 January 2019
Total listed DSiWare
Total DSiWare in below lists.
List | Total |
---|---|
Incomplete | 20 |
Done | 18 |
DSiWare which probably aren't exploitable | 59 |
Already have | 3 |
All total | 100 |
DSiWare with incomplete analysis
Name | Input type(s) | Status | Description |
---|---|---|---|
Academy: Tic-Tac-Toe | Player name | None | Has an UCS-2 player name. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. |
Advanced Circuits | Profile names | Started | Save slots are obfuscated, the algorithm is understood for all but the first save slot. The checksum calculation is unknown. |
Arcade Bowling | High-Scores | None | The checksum seemed to be identical to arcade hoops, but when save modification was attempted the game appeared to reset the high-scores? |
Art Academy: First Semester | None? | None | Has some ASCII strings in savedata, but they seem to be from the game binary not user input? |
Bejeweled Twist | High-scores | None | Checksum is unknown, save has ASCII strings. |
Bounce & Break | High-scores | Started | Has ASCII high-scores. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. |
Card games | Player name | None | Has ASCII player names, checksum is unknown. |
Chess Challenge | Profile names | None | Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. |
Crystal Monsters | Player name | Started | Has ASCII player name. Not sure if this can be exploited somehow, it crashes /w array-index out-of-bounds fail. |
Elemental Masters | Player name? | None | Has ASCII strings but the checksum is unknown. |
Faceez | Player name? | None | Has ASCII string but the checksum is unknown. |
Field Runners | High-Scores | Started | The xml .plist the game uses for storing savedata contains high-scores strings. |
Guitar Rock Tour | High-Scores | Started | Has ASCII high-scores. |
Legends of Exidia | Player name | Started | Has ASCII player name. |
Lets golf | Player name | None | Has ASCII player name checksum is unknown. |
Mixed Messages | Player name and other text | None | Uses ASCII for player name and other text input, but the checksum is unknown. |
Number Battle | Player name | None | Uses ASCII strings, the value of each char is - 0x20 of the actual ASCII value. The checksum is unknown. |
Pop Superstar: Road to celebrity | Player name | None | Has ASCII strings. |
UNO | Player name and high-scores | Started | Has ASCII text. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. |
DSiWare with finished analysis
Name | Input type(s) | Description |
---|---|---|
5 in 1 Solitaire | Profile names | Game didn't crash with a long profile string. |
Airport Mania: Non Stop Flights | High-Scores | Has ASCII high-scores with null terminated strings. string bugs only corrupted the display, making the game unplayable. |
Academy: Checkers | Profile names | Game didn't crash with a long profile string. |
Arcade Hoops Basketball | High-Scores, names via settings | Has ASCII high-scores with null terminated strings, no string bugs. |
Army Defender | High-scores | Has ASCII strings for high-scores, game didn't crash with modified high-scores. |
Bloons | Profile names | Has some profile names but they're all in one tiny savfile. |
Bookworm | High-scores and word list | Has ASCII null-terminated high-score list names and null-terminated word list strings. ( No crash, just nice very high scores, and very long words displayed. ) |
Crazy Sudoku | Profile names/Data File | The ASCII player name or the game data aren't exploitable. This game can still be crashed. |
Dark Void Zero | High-Scores | No limit on length of drawn record names, no vuln with high-scores. Although this game can be crashed it isn't exploitable. |
Digger Dan & Kaboom | Player name | The ASCII player names aren't exploitable, but the save is <10KB anyway. |
Dracula | No manual input | Savedata contains ASCII high-scores from DSi username, and ASCII perks/powerups. High-scores doesn't have string bugs. |
Escapee Go | None | Has high-scores without names, scores are ASCII null-terminated strings. Managed to semi-crash this, but system reset still worked so this probably isn't exploitable. |
Frogger Returns | High-Scores | Has ASCII high-scores. strcpys to a static buffer from savedata, unknown if this is exploitable but there's only <10KB free space available(way too low for a payload) so meh. |
Mario Calculator | None | No savedata at all in the tad. |
Paul's Shooting Adventure | High-Scores | Records are entered when you complete the game, names are ASCII strings null-terminated. Not exploitable. |
Prehistorik Man | Password text | Has some ASCII password text for continuing, but there's less than 10KB free. |
Primrose | High-scores | Has English-only high-scores and a trivial checksum, not exploitable. |
Soul of Darkness | Player name | Has ASCII player name with 3 profiles. |
Sudoku | Player name | Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name. The game has already been exploited through Sudokuhax. |
Telegraph Sudoku & Kakuro | Profile name | No overflow, the game slot acts as if things are normal, only gives you a lot of completion stars |
Rayman | Player name | No overflow, with a long string the game only displays one extra character. |
DSiWare that probably don't have vulnerabilities
Name | Input type(s) | Description |
---|---|---|
24/7 Solitaire | None | No high-scores or string input. |
Absolute Reversi | None | No strings in savedata, not enough space for payload anyways.(payload exceeds the free space by ~6KB) |
A Little Bit of... All-Time Classics: Card Classics | None | No strings |
A Little Bit of... All-Time Classics: Family Games | None | No strings |
A Little Bit of... All-Time Classics: Strategy Games | None | No strings |
Alpha Bounce | None | No strings |
Asphalt 4 | None | No strings |
Aquia: Art Style Series | None | No strings |
Aura Aura Climber | None | No strings |
Birds & Beans | No strings | No strings in savedata. |
Boom Boom Squaries | No strings | No strings in savedata. |
Bomberman Blitz | Name | Has UCS-2 strings. |
Boxlife | None | No strings. |
Blackjack | None | No strings. |
Brain Age Express: Arts & Letters | None | No strings in savedata. |
Brain Age Express: Math | None | No strings in savedata. |
Brain Drain | None | No strings in save. |
Castle of Magic | None | No strings |
Cave Story | None | No strings |
Countdown Calender | None | No user strings. There's many "ANIV" tokens in the save and some embedded bmp files. |
Crash Course Domo | None | No strings. |
Chronos Twins | None | No strings. |
Dictionary 6 in 1 | None | No strings in savedata. |
DIGIDRIVE: Art Style Series | None | No strings. |
DodoGo! Robo | None | No strings |
Dr. Mario Express | None | No strings. |
Earthworm Jim | None | No strings. |
Extreme Hangman | None | No strings in savedata. |
Little Red Riding Hood's Zombie BBQ | None | No strings |
FIZZ | High-scores | Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. Can't be crashed at all, no payload space anyways. |
Flipper | None | No strings. |
Frenzic | High-scores | Has UCS-2 high-scores. |
Gene Labs | None | Small savedata with no strings. |
Glory Days - Tactical Defense | No strings | Saves only scores not strings. |
GO Series: 10 Second Run | None | No strings. |
Metal Torrent | Player name | Uses a UCS-2 string. |
Master of Illusion Express: Psychic Camera | None | Tiny savfile no strings. |
My Notebook: Blue | None | No strings. |
My Notebook: Pearl | None | No strings. |
My Sims: Camera | None | No strings. |
Mighty Flip Champs | None | No strings. |
My Exotic Farm | Player name | Not exploitable, there's a 0x01 byte immediately after the string not null-terminated. |
Paper Airplane Chase | None | The size of both files in the savedata are only 8 bytes, no strings. |
PiCOPiCT: Art Style series | None | No strings. |
PiCTOBiTS: Art Style series | None | No strings. |
Plants Vs. Zombies | None | No strings, uses system user name for player name. |
Pop Island | None | No strings. |
Pyoro | None | 16-byte savedata no strings. |
Photo Clock | None | Small savedata, no strings at all. |
Photo Dojo | Handwritten character name via stylus | Savedata only contains .jpg files and some tiny "save"/"info" files. |
Shantae: Risky's Revenge | None | Has 3 save slots but no string input. |
Simply Minesweeper | None | No strings. |
Sokomania | None | No strings. |
Sparkle Snapshots | None | No strings. |
Starship Defense | None | No strings. |
Tetris Party Live | None | Zero text input, not enough payload space anyway. |
WarioWare: Snapped | None | No high-scores or string input. |
ZENGAGE: Art Style Series | None | No strings. |
Zenonia | None | No strings. |
DSiWare that were already obtained for analysis
Do not contact us about the DSiWare in this list, we already have them. We had these for ages, and never managed to find any vulns.
Name | Text format |
---|---|
Flipnote Studio | UCS-2 |
Mario Vs. Donkey Kong: Minis March Again | UCS-2 |
Opera | The savedata is private NAND-only, no savedata is copied to SD card. |