Changes

227 bytes added ,  23:03, 11 March 2015
no edit summary
Line 1: Line 1: −
This page lists vulnerabilities / exploits for 3DS applications and applets.  
+
This page lists vulnerabilities / exploits for 3DS applications and applets. Exploiting these initially results in ROP.
    
=Non-system applications=
 
=Non-system applications=
* See [[Ninjhax|here]] regarding Ninjhax.
+
{| class="wikitable" border="1"
 +
|-
 +
!  Summary
 +
!  Description
 +
!  Fixed in version
 +
!  Last version this flaw was checked for
 +
!  Timeframe this was discovered
 +
!  Discovered by
 +
|-
 +
| Cubic Ninja map-data stack smash
 +
| See [[Ninjhax|here]] regarding Ninjhax.
 +
| None
 +
|
 +
|
 +
| [[User:smea|smea]]
 +
|}
    
=System applications=
 
=System applications=
Line 9: Line 24:  
!  Summary
 
!  Summary
 
!  Description
 
!  Description
!  Successful exploitation result
+
!  Fixed in version
!  Fixed in system version
+
!  Last version this flaw was checked for
!  Last system version this flaw was checked for
   
!  Timeframe this was discovered
 
!  Timeframe this was discovered
 
!  Discovered by
 
!  Discovered by
Line 17: Line 31:  
| 3DS [[System Settings]] DS profile string stack-smash
 
| 3DS [[System Settings]] DS profile string stack-smash
 
| Too long or corrupted strings (01Ah  2  Nickname length in characters    050h  2  Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long.
 
| Too long or corrupted strings (01Ah  2  Nickname length in characters    050h  2  Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long.
| ROP in mset.
   
| [[7.0.0-13]]
 
| [[7.0.0-13]]
 
| [[7.0.0-13]]
 
| [[7.0.0-13]]