3DS System Flaws: Difference between revisions
good old boot9 code exec vuln |
|||
| Line 135: | Line 135: | ||
| 2015(?) | | 2015(?) | ||
| [[User:Derrek|derrek]] (2015?), [[User:Normmatt|Normmatt]] and [[User:SciresM|SciresM]] independently (January 2017). | | [[User:Derrek|derrek]] (2015?), [[User:Normmatt|Normmatt]] and [[User:SciresM|SciresM]] independently (January 2017). | ||
|- | |||
| "superhax": Boot9 FIRM loading blacklist check is flawed | |||
| Boot9 only makes sure the '''start''' and '''end''' address of each section is not covered by a blacklisted region. Thus, it is possible to overwrite blacklisted regions (e.g. ARM9 Exception Vectors) by choosing a FIRM section range that encloses an entire blacklisted region. The vulnerable code looks like this: if(blRegions[i].start <= sectionStart && blRegions[i].end > sectionStart <nowiki>||</nowiki> blRegions[i].start <= sectionEnd && blRegions[i].end > sectionEnd) return false; // failure | |||
| None | |||
| New3DS | |||
| August 2015 | |||
| [[User:Plutoo|plutoo]], [[User:Yellows8|yellows8]] | |||
|} | |} | ||