36
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. − − Since system update 1.4.2 blocks copying *all* dsiwarehax, do not contact us about your dsiware anymore at all. − If you know of DSiWare that has English-only string(high-scores, player name, high-scores that use username from system settings, etc) input, mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com. − Before you contact anyone about your dsiware, please make sure your dsiware is _not_ listed on this page anywhere. − Don't bother if all you care about is warez and don't care at all about homebrew: DSiWareHax SD card loader will never load warez directly, only homebrew. − − It would be nice to target DSiWare that are listed under the DSi Shop most popular search: Nintendo would have a lot of difficultly removing DSiWare from that list without ticking off a lot of non-homebrewer customers. Targets not on that list will suffer the same fate as Sudoku,(removed quickly and patched eventually) if exploits for those were released. − − DSiWare savedata is extracted and modified with these tools: https://github.com/neimod/dsi save_extract and save_adjust both require sd_key, but we will not redistribute this key. − − For these lists status "None" means code reversing engineering for the DSiWare wasn't started. Status "Started" means code reversing engineering for that DSiWare was started. Status "Done" means code reverse engineering was finished. − Line 25:
Line 12: − + Line 85:
Line 72: − |- − | Crazy Sudoku − | Player name − | None − | Has ASCII strings for player name. Line 163:
Line 145: + + + + Line 179:
Line 165: + + + + Line 186:
Line 176: − + Line 215:
Line 205: + + + + Line 224:
Line 218: − + − + − + + + + + Line 244:
Line 242: − + Line 356:
Line 354: − + Line 460:
Line 458: − + Line 490:
Line 488: − +
→DSiWare with finished analysis
== Total listed DSiWare ==
== Total listed DSiWare ==
|-
|-
| Done
| Done
| 18
| 22
|-
|-
| DSiWare which probably aren't exploitable
| DSiWare which probably aren't exploitable
| None
| None
| Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
| Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
|-
|-
| Crystal Monsters
| Crystal Monsters
| High-Scores
| High-Scores
| Has ASCII high-scores with null terminated strings. string bugs only corrupted the display, making the game unplayable.
| Has ASCII high-scores with null terminated strings. string bugs only corrupted the display, making the game unplayable.
|-
| Academy: Checkers
| Profile names
| Game didn't crash with a long profile string.
|-
|-
| Arcade Hoops Basketball
| Arcade Hoops Basketball
| High-scores and word list
| High-scores and word list
| Has ASCII null-terminated high-score list names and null-terminated word list strings. ( No crash, just nice very high scores, and very long words displayed. )
| Has ASCII null-terminated high-score list names and null-terminated word list strings. ( No crash, just nice very high scores, and very long words displayed. )
|-
| Crazy Sudoku
| Profile names/Data File
| The ASCII player name or the game data aren't exploitable. This game can still be crashed.
|-
|-
| Dark Void Zero
| Dark Void Zero
| Digger Dan & Kaboom
| Digger Dan & Kaboom
| Player name
| Player name
| Save has ASCII playername, but there's <10KB free in the savimage anyway.
| The ASCII player names aren't exploitable, but the save is <10KB anyway.
|-
|-
| Dracula
| Dracula
| High-scores
| High-scores
| Has English-only high-scores and a trivial checksum, not exploitable.
| Has English-only high-scores and a trivial checksum, not exploitable.
|-
| Rayman
| Player name
| No overflow, with a long string the game only displays one extra character.
|-
|-
| Soul of Darkness
| Soul of Darkness
| Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name. The game has already been exploited through [[Sudokuhax]].
| Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name. The game has already been exploited through [[Sudokuhax]].
|-
|-
| Rayman
| Telegraph Sudoku & Kakuro
| Player name
| Profile name
| No overflow, with a long string the game only displays one extra character.
| No overflow, the game slot acts as if things are normal, only gives you a lot of completion stars
|-
| WordSearcher
| Player name & WordSearch Board
| Has ASCII strings (profile or slot names) and has plaintext crossword levels. No overflows with a large string nor a bigger crossword board resulting thus, not exploitable
|}
|}
| Absolute Reversi
| Absolute Reversi
| None
| None
| No strings in savedata.
| No strings in savedata, not enough space for payload anyways.(payload exceeds the free space by ~6KB)
|-
|-
| A Little Bit of... All-Time Classics: Card Classics
| A Little Bit of... All-Time Classics: Card Classics
| FIZZ
| FIZZ
| High-scores
| High-scores
| Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely.
| Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. Can't be crashed at all, no payload space anyways.
|-
|-
| Flipper
| Flipper
| Tetris Party Live
| Tetris Party Live
| None
| None
| Zero text input.
| Zero text input, not enough payload space anyway.
|-
|-
| WarioWare: Snapped
| WarioWare: Snapped
|-
|-
| Opera
| Opera
| Nothing interesting in savedata.
| The savedata is private NAND-only, no savedata is copied to SD card.
|}
|}