Changes

88 bytes added ,  20:00, 23 May 2013
no edit summary
Line 7: Line 7:  
Here are listed all attempts at exploiting 3DS software that have failed so far.
 
Here are listed all attempts at exploiting 3DS software that have failed so far.
   −
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. Only possible crashes are from out-of-bounds values and are not exploitable.
+
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. The only possible crashes are triggered by out-of-bounds values, these crashes are caused by the application attempting to load a ptr from a buffer located at NULL.
 
* Pyramids (3DSWare), QR codes: no strings. The LZ10 compression can't be exploited either. Only crashes are from out-of-bounds values (like background ID) and are not exploitable.
 
* Pyramids (3DSWare), QR codes: no strings. The LZ10 compression can't be exploited either. Only crashes are from out-of-bounds values (like background ID) and are not exploitable.
 
* 3DS browser, 2^32 characters long string: The behavior of this crash is not well understood. The crash may or may not be done on purpose (Webkit contains code that triggers 'crashes' on purpose). Anyway any attempt at exploiting this has failed so far.
 
* 3DS browser, 2^32 characters long string: The behavior of this crash is not well understood. The crash may or may not be done on purpose (Webkit contains code that triggers 'crashes' on purpose). Anyway any attempt at exploiting this has failed so far.