Changes

Jump to navigation Jump to search

3DS System Flaws (edit)

Revision as of 19:40, 22 January 2017

606 bytes added ,  19:40, 22 January 2017
→‎Standalone Sysmodules
Line 754: Line 754:  
!  Timeframe this was added to wiki
 
!  Timeframe this was added to wiki
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[MP_Services|MP]] cmd1 out-of-bounds handle read
 +
| MP-sysmodule handles the input parameter for cmd1 as a s32. It checks for >=16, but not <0. With <16 it basically does the following(array of entries 4-bytes each): *outhandle = ((Handle*)(stateptr+offsetinstate))[inputindex].
 +
 +
Hence, this can be used to load any handle in MP-sysmodule memory. MP doesn't really have any service handles of interest however(can be obtained from elsewhere too).
 +
| Reading any handle in MP-sysmodule memory.
 +
| None
 +
| [[8.0.0-18]](MP-sysmodule v2048)
 +
| January 21, 2017
 +
| January 22, 2017
 +
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| AM stack/.bss infoleak via [[AM:ReadTwlBackupInfo]]([[AM:ReadTwlBackupInfoEx|Ex]])
 
| AM stack/.bss infoleak via [[AM:ReadTwlBackupInfo]]([[AM:ReadTwlBackupInfoEx|Ex]])
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19363"

Navigation menu