Pyramids (3DSWare)
Revision as of 06:55, 31 October 2016 by Einstein95 (talk | contribs)
Overview[edit]
A valid QR code contains 170 bytes of data and is LZ-10 compressed. The only byte that can cause a crash is at offset 0x01, as stated below.
QR Image[edit]
https://s13.postimg.org/f2lqhhaon/img.png
RAW Decompressed Data[edit]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000080 00 00 12 00 00 09 13 00 00 00 00 00 00 00 00 00 ................ 00000090 00 00 05 05 05 05 05 05 05 05 05 05 05 05 05 05 ................ 000000A0 05 05 1E 00 00 00 C9 73 A8 1A ......És¨.
Raw Decompressed Data Explained[edit]
Address | Length | Meaning |
0x00 | 1 byte | Must be 0x01 or the game will not accept the level. |
0x01 | 1 byte | This byte selects the level background. Valid bytes ranges from 0x00 to 0x04. Anything over 0x04 will cause a null exception and crash. |
0x02 | 160 bytes | This section contains specific data bytes that makes up the level (16x10 grid thus 160 bytes). |
0xA2 | 4 bytes | This represents the time required to complete the level. Its stored as Little Endian Unsigned Int |
0xA6 | 4 bytes | This is a Reversed CRC32 of the combined bytes from address 0x00 to 0xA5 |
Reason for not being exploitable[edit]
The only byte that causes a crash is located at address 0x01 (Level background byte). The crash results in a null ptr exception which is not exploitable.
Data bytes
Asset Name | Pyramids | Pyramids 2 |
---|---|---|
Blank | 0x00 | ?? |
Sand | 0x01 | ?? |
Bullet | 0x02 | ?? |
Bullet covered with sand | 0x02 | ?? |
Spike Ball | 0x04 | ?? |
Block (Plain) | 0x05 | ?? |
Block (Bird) | 0x06 | ?? |
Block (4-blocks) | 0x07 | ?? |
Block (Tools) | 0x08 | ?? |
Amulet | 0x09 | ?? |
Snake | 0x0A | ?? |
Skull (Horizontal) | 0x0B | ?? |
Skull (Vertical) | 0x0C | ?? |
Fire | 0x0D | ?? |
Dog (Facing Up) | 0x0E | ?? |
Dog (Facing Left) | 0x0F | ?? |
Dog (Facing Right) | 0x10 | ?? |
Dog (Facing Down) | 0x11 | ?? |
Player | 0x12 | ?? |
Exit Door | 0x13 | ?? |
Fly | 0x14 | ?? |
Fly covered with sand | 0x15 | ?? |
Hourglass | 0x16 | ?? |
Hourglass covered with sand | 0x17 | ?? |
Rockdoor | 0x18 | ?? |
Coins (Collectible) | 0x19 | ?? |
Coins covered with sand (Collectible) | 0x1A | ?? |
Chalice (Collectible) | 0x1B | ?? |
Chalice covered with sand (Collectible) | 0x1C | ?? |
Bug Chain (Collectible) | 0x1D | ?? |
Bug Chain covered with sand | 0x1E | ?? |
Pyramid Chain (Collectible) | 0x1F | ?? |
Pyramid Chain covered with sand (Collectible) | 0x20 | ?? |
Wings (Collectible) | 0x21 | ?? |
Wings covered with sand (Collectible) | 0x22 | ?? |
Big block top-left (Plain) | 0x23 | ?? |
Big Block top-right (Plain) | 0x24 | ?? |
Big Block bottom-left (Plain) | 0x25 | ?? |
Big Block bottom-right (Plain) | 0x26 | ?? |
Big Block top-left (Cat-head) | 0x27 | ?? |
Big Block top-right (Cat-head) | 0x28 | ?? |
Big Block bottom-left (Cat-head) | 0x29 | ?? |
Big Block bottom-right (Cat-head) | 0x2A | ?? |
Big Block top-left (Two figures) | 0x2B | ?? |
Big Block top-right (Two figures) | 0x2C | ?? |
Big Block bottom-left (Two figures) | 0x2D | ?? |
Big Block bottom-right (Two figures) | 0x2E | ?? |
TNT | 0x2F | ?? |
TNT Detonator | 0x30 | ?? |
Spikes | 0x31 | ?? |
Pillar top | 0x32 | ?? |
Pillar | 0x33 | ?? |