Difference between revisions of "DSiWare VulnList"
Jump to navigation
Jump to search
(Created page with "This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, etc) input...") |
|||
| Line 12: | Line 12: | ||
| Dracula | | Dracula | ||
| No manual input | | No manual input | ||
| − | | Started | + | | Started, checksum broken |
| − | | Savedata contains | + | | Savedata contains ASCII high-scores from DSi username, and perks/powerups. |
|- | |- | ||
| FIZZ | | FIZZ | ||
Revision as of 23:54, 22 October 2010
This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, etc) input, add it to this list, then mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com.
List of DSiWare with incomplete analysis
| Name | Input type(s) | Status | Description |
|---|---|---|---|
| Dracula | No manual input | Started, checksum broken | Savedata contains ASCII high-scores from DSi username, and perks/powerups. |
| FIZZ | High-scores | None | Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely. |
List of DSiWare with finished analysis
| Name | Input type(s) | Description |
|---|---|---|
| Dark Void Zero | High-Scores | No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields. |