DSiWare VulnList

From DSiBrew
Revision as of 04:22, 25 October 2010 by Yellows8 (talk | contribs)
Jump to navigation Jump to search

This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, etc) input, add it to this list, then mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com.

List of DSiWare with incomplete analysis

Name Input type(s) Status Description
FIZZ High-scores None Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely.

List of DSiWare with finished analysis

Name Input type(s) Description
Dark Void Zero High-Scores No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields.
Dracula No manual input Savedata contains ASCII high-scores from DSi username, and ASCII perks/powerups. High-scores doesn't have string bugs.