Difference between revisions of "3DS Userland Flaws"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| − | This page lists vulnerabilities / exploits for 3DS applications and applets. | + | This page lists vulnerabilities / exploits for 3DS applications and applets. Exploiting these initially results in ROP. |
=Non-system applications= | =Non-system applications= | ||
| − | + | {| class="wikitable" border="1" | |
| + | |- | ||
| + | ! Summary | ||
| + | ! Description | ||
| + | ! Fixed in version | ||
| + | ! Last version this flaw was checked for | ||
| + | ! Timeframe this was discovered | ||
| + | ! Discovered by | ||
| + | |- | ||
| + | | Cubic Ninja map-data stack smash | ||
| + | | See [[Ninjhax|here]] regarding Ninjhax. | ||
| + | | None | ||
| + | | | ||
| + | | | ||
| + | | [[User:smea|smea]] | ||
| + | |} | ||
=System applications= | =System applications= | ||
| Line 9: | Line 24: | ||
! Summary | ! Summary | ||
! Description | ! Description | ||
| − | + | ! Fixed in version | |
| − | ! Fixed in | + | ! Last version this flaw was checked for |
| − | ! Last | ||
! Timeframe this was discovered | ! Timeframe this was discovered | ||
! Discovered by | ! Discovered by | ||
| Line 17: | Line 31: | ||
| 3DS [[System Settings]] DS profile string stack-smash | | 3DS [[System Settings]] DS profile string stack-smash | ||
| Too long or corrupted strings (01Ah 2 Nickname length in characters 050h 2 Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long. | | Too long or corrupted strings (01Ah 2 Nickname length in characters 050h 2 Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long. | ||
| − | |||
| [[7.0.0-13]] | | [[7.0.0-13]] | ||
| [[7.0.0-13]] | | [[7.0.0-13]] | ||
Revision as of 23:03, 11 March 2015
This page lists vulnerabilities / exploits for 3DS applications and applets. Exploiting these initially results in ROP.
Non-system applications
| Summary | Description | Fixed in version | Last version this flaw was checked for | Timeframe this was discovered | Discovered by |
|---|---|---|---|---|---|
| Cubic Ninja map-data stack smash | See here regarding Ninjhax. | None | smea |
System applications
| Summary | Description | Fixed in version | Last version this flaw was checked for | Timeframe this was discovered | Discovered by |
|---|---|---|---|---|---|
| 3DS System Settings DS profile string stack-smash | Too long or corrupted strings (01Ah 2 Nickname length in characters 050h 2 Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long. | 7.0.0-13 | 7.0.0-13 | 2012 | Ichfly |