DSiWare VulnList

Revision as of 21:34, 22 October 2010 by Yellows8 (talk | contribs) (Created page with "This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, etc) input...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, etc) input, add it to this list, then mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com.

List of DSiWare with incomplete analysis

Name Input type(s) Status Description
Dracula No manual input Started Savedata contains UTF8 high-scores from DSi username, and perks/powerups.
FIZZ High-scores None Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely.

List of DSiWare with finished analysis

Name Input type(s) Description
Dark Void Zero High-Scores No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields.