3DS System Flaws: Difference between revisions
vectors -> uninitialized ram has been exploited. |
No edit summary |
||
| Line 88: | Line 88: | ||
== ARM9 software == | == ARM9 software == | ||
=== boot9 === | |||
{| class="wikitable" border="1" | |||
! Summary | |||
! Description | |||
! Fixed with hardware model/revision | |||
! Newest hardware model/revision this flaw was checked for | |||
! Timeframe this was discovered | |||
! Discovered by | |||
|- | |||
| Incorrect padding check | |||
| The FIRM signature is using PKCS #1 padding, which mandates that the padding is all 0xFF bytes. This is not checked correctly, because it only checks whether none of the bytes in the padding are 0x00. This allows a signature to be crafted more easily (sighax) | |||
| N/A | |||
| New3DS | |||
| Summer 2015 | |||
| derrek and/or nedwill | |||
|- | |||
| No bound checks inside of ASN.1 parser | |||
| The hash inside of the signature is stored in an ASN.1 structure. However the length fields are not bounds-checked, allowing one to point the header hash to the hash the 3DS calculated before verification. This and because of the aforementioned bug, you can brute-force a signature that will always work easily, as essentially only a few bytes need to be valid. | |||
| N/A | |||
| New3DS | |||
| Summer 2015 | |||
| derrek and/or nedwill | |||
|} | |||
=== arm9loader === | === arm9loader === | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||