Difference between revisions of "DSiWare VulnList"

Revision as of 05:22, 25 October 2010

This lists DSiWare that might have vulnerabilities, like strcpy or sprintf from savedata. If you know of DSiWare that has English-only string(high-scores, player name, etc) input, add it to this list, then mention it on IRC EFNet #dsidev. Or contact yellowstar 6 at gmail dot com.

List of DSiWare with incomplete analysis

Name	Input type(s)	Status	Description
FIZZ	High-scores	None	Savedata contains ASCII high-scores, but all the high-scores are contained in the same string without a null terminator. A vuln is unlikely.

List of DSiWare with finished analysis

Name	Input type(s)	Description
Dark Void Zero	High-Scores	No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields.
Dracula	No manual input	Savedata contains ASCII high-scores from DSi username, and ASCII perks/powerups. High-scores doesn't have string bugs.

@@ Line 9: / Line 9: @@
 ! Status
 !  Description
-|-
-|  Dracula
-|  No manual input
-|  Started, checksum broken
-|  Savedata contains ASCII high-scores from DSi username, and ASCII perks/powerups.  High-scores doesn't have string bugs.
 |-
 |  FIZZ
@@ Line 33: / Line 28: @@
 | High-Scores
 | No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields.
+|-
+|  Dracula
+|  No manual input
+|  Savedata contains ASCII high-scores from DSi username, and ASCII perks/powerups.  High-scores doesn't have string bugs.
 |}

Difference between revisions of "DSiWare VulnList"

Revision as of 05:22, 25 October 2010

List of DSiWare with incomplete analysis

List of DSiWare with finished analysis

Navigation menu

Search