3DS Userland Flaws: Difference between revisions
EvilFlight (talk | contribs) |
EvilFlight (talk | contribs) |
||
| Line 86: | Line 86: | ||
| Subscripted TIME$/DATE$ allow write access to DATA/BSS | | Subscripted TIME$/DATE$ allow write access to DATA/BSS | ||
| Utf-16 characters can be assigned to subscripted TIME$/DATE$ interpreter sysvars which results in write-only access to all of DATA and some BSS in userland. | | Utf-16 characters can be assigned to subscripted TIME$/DATE$ interpreter sysvars which results in write-only access to all of DATA and some BSS in userland. | ||
TIME$[0]/DATE$[0] actually point to somewhere in rodata, and an overly large subscript can be used to write well past it and into the aforementioned areas. | TIME$[0]/DATE$[0] actually point to somewhere in rodata, and an overly large subscript can be used to write well past it and into the aforementioned areas. Demo [https://github.com/zoogie/smilehax-IIe here.] | ||
| App: 3.6.2 (3.6.0 latest for US/EU, JP appvers. can be downgraded) | | App: 3.6.2 (3.6.0 latest for US/EU, JP appvers. can be downgraded) | ||
| System: [[11.13.0-45]]. | | System: [[11.13.0-45]]. | ||
| April 2020 | | April 2020 | ||
| February 2020 | | February 2020 | ||
| bug publicly documented [https://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fsmilebasic.com%2Fdebug%2Farchive%2F here] | | bug publicly documented [https://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fsmilebasic.com%2Fdebug%2Farchive%2F here.] | ||
Exploited by Zoogie | Exploited by Zoogie | ||
|- | |- | ||