Line 9: |
Line 9: |
| |- | | |- |
| | Incomplete | | | Incomplete |
− | | 20 | + | | 16 |
| |- | | |- |
| | Done | | | Done |
− | | 18 | + | | 27 |
| |- | | |- |
| | DSiWare which probably aren't exploitable | | | DSiWare which probably aren't exploitable |
Line 72: |
Line 72: |
| | None | | | None |
| | Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. | | | Has ASCII strings. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. |
− | |-
| |
− | | Crazy Sudoku
| |
− | | Player name
| |
− | | None
| |
− | | Has ASCII strings for player name.
| |
| |- | | |- |
| | Crystal Monsters | | | Crystal Monsters |
Line 93: |
Line 88: |
| | Has ASCII string but the checksum is unknown. | | | Has ASCII string but the checksum is unknown. |
| |- | | |- |
− | | Field Runners | + | | Jelly Car 2 |
− | | High-Scores | + | | High Score name |
− | | Started | + | | None |
− | | The xml .plist the game uses for storing savedata contains high-scores strings. | + | | Uses ASCII player name for time scores; It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index. |
− | |-
| |
− | | Guitar Rock Tour
| |
− | | High-Scores
| |
− | | Started
| |
− | | Has ASCII high-scores.
| |
− | |-
| |
− | | Legends of Exidia
| |
− | | Player name
| |
− | | Started
| |
− | | Has ASCII player name.
| |
| |- | | |- |
| | Lets golf | | | Lets golf |
Line 127: |
Line 112: |
| | None | | | None |
| | Has ASCII strings. | | | Has ASCII strings. |
− | |-
| |
− | | UNO
| |
− | | Player name and high-scores
| |
− | | Started
| |
− | | Has ASCII text. It's unlikely this can be exploited, seems to crash /w out-of-bounds array-index.
| |
| |} | | |} |
| | | |
Line 150: |
Line 130: |
| | High-Scores | | | High-Scores |
| | Has ASCII high-scores with null terminated strings. string bugs only corrupted the display, making the game unplayable. | | | Has ASCII high-scores with null terminated strings. string bugs only corrupted the display, making the game unplayable. |
| + | |- |
| + | | Academy: Checkers |
| + | | Profile names |
| + | | Game didn't crash with a long profile string. |
| |- | | |- |
| | Arcade Hoops Basketball | | | Arcade Hoops Basketball |
Line 166: |
Line 150: |
| | High-scores and word list | | | High-scores and word list |
| | Has ASCII null-terminated high-score list names and null-terminated word list strings. ( No crash, just nice very high scores, and very long words displayed. ) | | | Has ASCII null-terminated high-score list names and null-terminated word list strings. ( No crash, just nice very high scores, and very long words displayed. ) |
| + | |- |
| + | | Crazy Sudoku |
| + | | Profile names/Data File |
| + | | The ASCII player name or the game data aren't exploitable. This game can still be crashed. |
| |- | | |- |
| | Dark Void Zero | | | Dark Void Zero |
Line 182: |
Line 170: |
| | None | | | None |
| | Has high-scores without names, scores are ASCII null-terminated strings. Managed to semi-crash this, but system reset still worked so this probably isn't exploitable. | | | Has high-scores without names, scores are ASCII null-terminated strings. Managed to semi-crash this, but system reset still worked so this probably isn't exploitable. |
| + | |- |
| + | | Fieldrunners |
| + | | High-Scores |
| + | | The xml, ".plist", in the game is used for storing savadata which contains high-score strings. Using a very large string crashes the game leading it to stack buffer overflow. The game has already been exploited through [https://github.com/yellows8/dsi/tree/master/exploits/fieldrunhax fieldrunnerhax]. |
| |- | | |- |
| | Frogger Returns | | | Frogger Returns |
| | High-Scores | | | High-Scores |
| | Has ASCII high-scores. strcpys to a static buffer from savedata, unknown if this is exploitable but there's only <10KB free space available(way too low for a payload) so meh. | | | Has ASCII high-scores. strcpys to a static buffer from savedata, unknown if this is exploitable but there's only <10KB free space available(way too low for a payload) so meh. |
| + | |- |
| + | | Guitar Rock Tour |
| + | | High-Scores |
| + | | Has ASCII high-score strings stored in the savedata. Using a very long excessive string can crash the game to lead into a stack smash. This game was successfully exploited through [https://github.com/yellows8/dsi/tree/master/exploits/grtpwn grtpwn]. |
| + | |- |
| + | | Legends of Exidia |
| + | | Player name |
| + | | Has ASCII player name stored in the savadata. Using an extensive long string will cause a stack smash to saved registers and can eventually be exploited through [https://github.com/yellows8/dsi/tree/master/exploits/exidiahax exidiahax]. |
| |- | | |- |
| | Mario Calculator | | | Mario Calculator |
Line 202: |
Line 202: |
| | High-scores | | | High-scores |
| | Has English-only high-scores and a trivial checksum, not exploitable. | | | Has English-only high-scores and a trivial checksum, not exploitable. |
| + | |- |
| + | | Rayman |
| + | | Player name |
| + | | No overflow, with a long string the game only displays one extra character. |
| |- | | |- |
| | Soul of Darkness | | | Soul of Darkness |
Line 211: |
Line 215: |
| | Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name. The game has already been exploited through [[Sudokuhax]]. | | | Has ASCII player name for each of the 3 save slots. Game was crashed with an excessively long player name. The game has already been exploited through [[Sudokuhax]]. |
| |- | | |- |
− | | Rayman | + | | Telegraph Sudoku & Kakuro |
− | | Player name | + | | Profile name |
− | | No overflow, with a long string the game only displays one extra character. | + | | No overflow, the game slot acts as if things are normal, only gives you a lot of completion stars |
| + | |- |
| + | | The Legend of Zelda: Four Swords Anniversary |
| + | | Savedata filesize |
| + | | The game has 2 savefiles. When one savefile fails to load (larger than a usual savefile), the game loads the backup save and will continue load without any errors. That being said, one can crash the game with a larger game filesize to attack the heap and successfully overwrite the stack registers including the pointer counter. The game has already been exploited through [https://github.com/yellows8/dsi/tree/master/exploits/4swordshax 4swordshax]. |
| + | |- |
| + | | UNO |
| + | | Profile names |
| + | | Has ASCII Player name each for of the 5 save slots. The game was crashed with a very large player name which overwritten the stack registers including the pointer counter. The game was successfully exploited which is known as [https://github.com/ChampionLeake/UNO-pwn UNO*pwn]. |
| + | |- |
| + | | WordSearcher |
| + | | Player name & WordSearch Board |
| + | | Has ASCII strings (profile or slot names) and has plaintext crossword levels. No overflows with a large string nor a bigger crossword board resulting thus, not exploitable |
| |} | | |} |
| | | |