3
edits
Changes
Jump to navigation
Jump to search
Line 88:
Line 88: − === boot9 === − {| class="wikitable" border="1" − ! Summary − ! Description − ! Fixed with hardware model/revision − ! Newest hardware model/revision this flaw was checked for − ! Timeframe this was discovered − ! Discovered by − |- − | Incorrect padding check − | The signature has a flag byte that determines whether the padding should be checked. This makes you able to bruteforce the padding very easily, as only the flag byte has to be zero. − | N/A − | New3DS − | Summer 2015 − | derrek − |- − | No bound checks inside of ASN.1 parser − | The hash inside of the signature is stored in an ASN.1 structure. However the length fields are not bounds-checked, allowing one to point the header hash to the hash the 3DS calculated before verification. This and because of the aforementioned bug, you can brute-force a signature that will always work easily, as essentially only a few bytes need to be valid. − | N/A − | New3DS − | Summer 2015 − | derrek − |}
Undoing because of lack of details.
== ARM9 software ==
== ARM9 software ==
=== arm9loader ===
=== arm9loader ===