11.4.0-37: Difference between revisions

Line 29:

===[[NWM_Services|NWM-sysmodule]]===

The [[CONFIG11_Registers]] are no longer directly mapped under userland for NWM-sysmodule.

This prevents anything under NWM-module from modifying the GPUPROT register.

This prevents anything under NWM-module from modifying the GPUPROT register. This was used by both *hax payload(prior to v11.4 release) and [https://github.com/smealum/udsploit udsploit].

The codebin was updated.

Line 38:

.. has been removed from NWM. This one has been moved into kernel bootup.

~~Accesses~~ to 0x1EC40180 have been replaced by a new syscall, [[SVC|0x5A]].

All accesses to 0x1EC40180 have been replaced by a new syscall, [[SVC|0x5A]].

A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards). The wifi-fw was moved from .data to .rodata.

This now includes code from old CTRSDK update(s). The only other changes was new heap code, for fixing the NWMUDS sharedmem [[3DS_System_Flaws|vuln]]. This includes code which actually validates heap memchunkhdrs, with svcBreak being executed on failure.

A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards), this is used by the new heap code. The wifi-fw was moved from .data to .rodata.

===[[Internet Browser]]===

@@ Line 29: / Line 29: @@
 ===[[NWM_Services|NWM-sysmodule]]===
 The [[CONFIG11_Registers]] are no longer directly mapped under userland for NWM-sysmodule.
-This prevents anything under NWM-module from modifying the GPUPROT register.
+This prevents anything under NWM-module from modifying the GPUPROT register. This was used by both *hax payload(prior to v11.4 release) and [https://github.com/smealum/udsploit udsploit].
 The codebin was updated.
@@ Line 38: / Line 38: @@
 .. has been removed from NWM. This one has been moved into kernel bootup.
-Accesses to 0x1EC40180 have been replaced by a new syscall, [[SVC|0x5A]].
+All accesses to 0x1EC40180 have been replaced by a new syscall, [[SVC|0x5A]].
-A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards). The wifi-fw was moved from .data to .rodata.
+This now includes code from old CTRSDK update(s). The only other changes was new heap code, for fixing the NWMUDS sharedmem [[3DS_System_Flaws|vuln]]. This includes code which actually validates heap memchunkhdrs, with svcBreak being executed on failure.
+A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards), this is used by the new heap code. The wifi-fw was moved from .data to .rodata.
 ===[[Internet Browser]]===