478
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, high-scores that use username from system settings, etc) input, mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com. − Before you contact anyone about your dsiware, please make sure your dsiware is _not_ listed on this page anywhere. − Don't bother if all you care about is warez and don't care at all about homebrew: DSiWareHax SD card loader will never load warez directly, only homebrew. − − It would be nice to target DSiWare that are listed under the DSi Shop most popular search: Nintendo would have a lot of difficultly removing DSiWare from that list without ticking off a lot of non-homebrewer customers. Targets not on that list will suffer the same fate as Sudoku,(removed quickly and patched eventually) if exploits for those were released. − − DSiWare savedata is extracted and modified with these tools: https://github.com/neimod/dsi save_extract and save_adjust both require sd_key, but we will not redistribute this key. − − For these lists status "None" means code reversing engineering for the DSiWare wasn't started. Status "Started" means code reversing engineering for that DSiWare was started. Status "Done" means code reverse engineering was finished. − Line 19:
Line 9: − + − + − + Line 31:
Line 21: − + Line 107:
Line 97: − |- − | Frogger Returns − | High-Scores − | Started − | Has ASCII high-scores. Line 185:
Line 170: + + + + Line 193:
Line 182: + + + + Line 201:
Line 194: + + + + + + + + Line 230:
Line 231: − + Line 241:
Line 242: + + + + Line 249:
Line 254: + + + + Line 279:
Line 288: + + + + + + + + + + + + Line 285:
Line 306: + + + + Line 295:
Line 320: + + + + Line 307:
Line 336: + + + + − + Line 327:
Line 360: + + + + Line 391:
Line 428: + + + + Line 406:
Line 447: − + Line 413:
Line 454: + + + + Line 432:
Line 477: − +
no edit summary
== Total listed DSiWare ==
== Total listed DSiWare ==
|-
|-
| Incomplete
| Incomplete
| 21
| 20
|-
|-
| Done
| Done
| 14
| 18
|-
|-
| DSiWare which probably aren't exploitable
| DSiWare which probably aren't exploitable
| 48
| 59
|-
|-
| Already have
| Already have
|-
|-
| All total
| All total
| 86
| 100
|}
|}
| Started
| Started
| The xml .plist the game uses for storing savedata contains high-scores strings.
| The xml .plist the game uses for storing savedata contains high-scores strings.
|-
|-
| Guitar Rock Tour
| Guitar Rock Tour
| High-Scores
| High-Scores
| No limit on length of drawn record names, no vuln with high-scores. Although this game can be crashed it isn't exploitable.
| No limit on length of drawn record names, no vuln with high-scores. Although this game can be crashed it isn't exploitable.
|-
| Digger Dan & Kaboom
| Player name
| The ASCII player names aren't exploitable, but the save is <10KB anyway.
|-
|-
| Dracula
| Dracula
| None
| None
| Has high-scores without names, scores are ASCII null-terminated strings. Managed to semi-crash this, but system reset still worked so this probably isn't exploitable.
| Has high-scores without names, scores are ASCII null-terminated strings. Managed to semi-crash this, but system reset still worked so this probably isn't exploitable.
|-
| Frogger Returns
| High-Scores
| Has ASCII high-scores. strcpys to a static buffer from savedata, unknown if this is exploitable but there's only <10KB free space available(way too low for a payload) so meh.
|-
|-
| Mario Calculator
| Mario Calculator
| High-Scores
| High-Scores
| Records are entered when you complete the game, names are ASCII strings null-terminated. Not exploitable.
| Records are entered when you complete the game, names are ASCII strings null-terminated. Not exploitable.
|-
| Prehistorik Man
| Password text
| Has some ASCII password text for continuing, but there's less than 10KB free.
|-
|-
| Primrose
| Primrose
| High-scores
| High-scores
| Has English-only high-scores and a trivial checksum, not exploitable.
| Has English-only high-scores and a trivial checksum, not exploitable.
|-
| Soul of Darkness
| Player name
| Has ASCII player name with 3 profiles.
|-
|-
| Sudoku
| Sudoku
| Absolute Reversi
| Absolute Reversi
| None
| None
| No strings in savedata.
| No strings in savedata, not enough space for payload anyways.(payload exceeds the free space by ~6KB)
|-
|-
| A Little Bit of... All-Time Classics: Card Classics
| A Little Bit of... All-Time Classics: Card Classics
|-
|-
| A Little Bit of... All-Time Classics: Strategy Games
| A Little Bit of... All-Time Classics: Strategy Games
| None
| No strings
|-
| Alpha Bounce
| None
| None
| No strings
| No strings
|-
|-
| Aquia: Art Style Series
| Aquia: Art Style Series
| None
| No strings
|-
| Aura Aura Climber
| None
| None
| No strings
| No strings
| None
| None
| No strings in savedata.
| No strings in savedata.
|-
| Brain Drain
| None
| No strings in save.
|-
| Castle of Magic
| None
| No strings
|-
| Cave Story
| None
| No strings
|-
|-
| Countdown Calender
| Countdown Calender
|-
|-
| Crash Course Domo
| Crash Course Domo
| None
| No strings.
|-
| Chronos Twins
| None
| None
| No strings.
| No strings.
| None
| None
| No strings.
| No strings.
|-
| DodoGo! Robo
| None
| No strings
|-
|-
| Dr. Mario Express
| Dr. Mario Express
| None
| None
| No strings in savedata.
| No strings in savedata.
|-
| Little Red Riding Hood's Zombie BBQ
| None
| No strings
|-
|-
| FIZZ
| FIZZ
| High-scores
| High-scores
| Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely.
| Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. Can't be crashed at all, no payload space anyways.
|-
|-
| Flipper
| Flipper
| No strings
| No strings
| Saves only scores not strings.
| Saves only scores not strings.
|-
| GO Series: 10 Second Run
| None
| No strings.
|-
|-
| Metal Torrent
| Metal Torrent
| None
| None
| Has 3 save slots but no string input.
| Has 3 save slots but no string input.
|-
| Simply Minesweeper
| None
| No strings.
|-
|-
| Sokomania
| Sokomania
| Tetris Party Live
| Tetris Party Live
| None
| None
| Zero text input.
| Zero text input, not enough payload space anyway.
|-
|-
| WarioWare: Snapped
| WarioWare: Snapped
|-
|-
| ZENGAGE: Art Style Series
| ZENGAGE: Art Style Series
| None
| No strings.
|-
| Zenonia
| None
| None
| No strings.
| No strings.
|-
|-
| Opera
| Opera
| Nothing interesting in savedata.
| The savedata is private NAND-only, no savedata is copied to SD card.
|}
|}