Difference between revisions of "Pyramids (3DSWare)"

From 3dbrew
Jump to navigation Jump to search
(Created page with "== Overview == A valid QR code contains 170 bytes of data and it's LZ-10 compressed. The only byte that can cause a crash is at offset 0x01 (As stated bellow) == QR Image ==...")
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
A valid QR code contains 170 bytes of data and it's LZ-10 compressed. The only byte that can cause a crash is at offset 0x01 (As stated bellow)
+
A valid QR code contains 170 bytes of data and is LZ-10 compressed. The only byte that can cause a crash is at offset 0x01, as stated below.
  
 
== QR Image ==
 
== QR Image ==
Line 52: Line 52:
  
 
The only byte that causes a crash is located at address 0x01 (Level background byte). The crash results in a null ptr exception which is not exploitable.
 
The only byte that causes a crash is located at address 0x01 (Level background byte). The crash results in a null ptr exception which is not exploitable.
 +
 +
{{:Pyramids (3DSWare)/Pyramids icon list}}

Latest revision as of 06:55, 31 October 2016

Overview[edit]

A valid QR code contains 170 bytes of data and is LZ-10 compressed. The only byte that can cause a crash is at offset 0x01, as stated below.

QR Image[edit]

https://s13.postimg.org/f2lqhhaon/img.png

RAW Decompressed Data[edit]

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000080  00 00 12 00 00 09 13 00 00 00 00 00 00 00 00 00     ................
00000090  00 00 05 05 05 05 05 05 05 05 05 05 05 05 05 05     ................
000000A0  05 05 1E 00 00 00 C9 73 A8 1A                       ......És¨.

Raw Decompressed Data Explained[edit]

Address Length Meaning
0x00 1 byte Must be 0x01 or the game will not accept the level.
0x01 1 byte This byte selects the level background. Valid bytes ranges from 0x00 to 0x04. Anything over 0x04 will cause a null exception and crash.
0x02 160 bytes This section contains specific data bytes that makes up the level (16x10 grid thus 160 bytes).
0xA2 4 bytes This represents the time required to complete the level. Its stored as Little Endian Unsigned Int
0xA6 4 bytes This is a Reversed CRC32 of the combined bytes from address 0x00 to 0xA5

Reason for not being exploitable[edit]

The only byte that causes a crash is located at address 0x01 (Level background byte). The crash results in a null ptr exception which is not exploitable.

Data bytes

Asset Name Pyramids Pyramids 2
Blank 0x00 ??
Sand 0x01 ??
Bullet 0x02 ??
Bullet covered with sand 0x02 ??
Spike Ball 0x04 ??
Block (Plain) 0x05 ??
Block (Bird) 0x06 ??
Block (4-blocks) 0x07 ??
Block (Tools) 0x08 ??
Amulet 0x09 ??
Snake 0x0A ??
Skull (Horizontal) 0x0B ??
Skull (Vertical) 0x0C ??
Fire 0x0D ??
Dog (Facing Up) 0x0E ??
Dog (Facing Left) 0x0F ??
Dog (Facing Right) 0x10 ??
Dog (Facing Down) 0x11 ??
Player 0x12 ??
Exit Door 0x13 ??
Fly 0x14 ??
Fly covered with sand 0x15 ??
Hourglass 0x16 ??
Hourglass covered with sand 0x17 ??
Rockdoor 0x18 ??
Coins (Collectible) 0x19 ??
Coins covered with sand (Collectible) 0x1A ??
Chalice (Collectible) 0x1B ??
Chalice covered with sand (Collectible) 0x1C ??
Bug Chain (Collectible) 0x1D ??
Bug Chain covered with sand 0x1E ??
Pyramid Chain (Collectible) 0x1F ??
Pyramid Chain covered with sand (Collectible) 0x20 ??
Wings (Collectible) 0x21 ??
Wings covered with sand (Collectible) 0x22 ??
Big block top-left (Plain) 0x23 ??
Big Block top-right (Plain) 0x24 ??
Big Block bottom-left (Plain) 0x25 ??
Big Block bottom-right (Plain) 0x26 ??
Big Block top-left (Cat-head) 0x27 ??
Big Block top-right (Cat-head) 0x28 ??
Big Block bottom-left (Cat-head) 0x29 ??
Big Block bottom-right (Cat-head) 0x2A ??
Big Block top-left (Two figures) 0x2B ??
Big Block top-right (Two figures) 0x2C ??
Big Block bottom-left (Two figures) 0x2D ??
Big Block bottom-right (Two figures) 0x2E ??
TNT 0x2F ??
TNT Detonator 0x30 ??
Spikes 0x31 ??
Pillar top 0x32 ??
Pillar 0x33 ??