3DS System Flaws: Difference between revisions
→Kernel11: (elaborate) |
|||
| Line 453: | Line 453: | ||
| Can change the size of free memchunk structures stored in FCRAM using DMA, which leads to the ability to allocate memory chunks over already-allocated memory. This can be used in the SYSTEM region to allocate RW memory over any part of the NS system module, which is enough to take it over. | | Can change the size of free memchunk structures stored in FCRAM using DMA, which leads to the ability to allocate memory chunks over already-allocated memory. This can be used in the SYSTEM region to allocate RW memory over any part of the NS system module, which is enough to take it over. | ||
| Code execution with access to all of NS's privileges. (including downgrading) Code execution within any applet. | | Code execution with access to all of NS's privileges. (including downgrading) Code execution within any applet. | ||
| [[11.0.0-33|11.0.0-X]] | | [[11.0.0-33|11.0.0-X]], via the new [[Memory_Management#MemoryBlockHeader|memchunkhdr]] MAC which prevents modifying memchunkhdr data with DMA. | ||
| [[11.0.0-33|11.0.0-X]] | | [[11.0.0-33|11.0.0-X]] | ||
| April 2015 ? | | April 2015 ? | ||