3dbrew

Changes

3DS System Flaws (edit)

Revision as of 18:40, 1 January 2015

198 bytes added ,  18:40, 1 January 2015
no edit summary
Line 14: Line 14:     
* A loser (who will remain unnamed) has released CFW and CIA installers along with other stolen and illegal stuff.
 
* A loser (who will remain unnamed) has released CFW and CIA installers along with other stolen and illegal stuff.
  −
== Fixed vulnerabilities ==
  −
* The following was fixed with [[7.0.0-13]], see here for [[7.0.0-13|details]]. Too long or corrupted strings (01Ah  2  Nickname length in characters    050h  2  Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) causing it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid).
      
==Failed attempts==
 
==Failed attempts==
 
Here are listed all attempts at exploiting 3DS software that have failed so far.
 
Here are listed all attempts at exploiting 3DS software that have failed so far.
   −
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. The only possible crashes are triggered by out-of-bounds values, these crashes are caused by the application attempting to load a ptr from a buffer located at NULL.
+
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. The only possible crashes are triggered by out-of-bounds array index values, these crashes are not exploitable.
      Line 37: Line 34:     
==System flaws==
 
==System flaws==
 +
 +
=== [[FIRM]] Process9 ===
 +
 
=== ARM11 kernel ===
 
=== ARM11 kernel ===
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 151: Line 151:  
|}
 
|}
   −
=== FIRM ARM11 modules ===
+
=== [[FIRM]] ARM11 modules ===
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 164: Line 164:     
This flaw was needed for exploiting the <=v4.x Process9 PXI vulnerabilities from ARM11 userland ROP, since most applications don't have access to those service(s).
 
This flaw was needed for exploiting the <=v4.x Process9 PXI vulnerabilities from ARM11 userland ROP, since most applications don't have access to those service(s).
 +
| [[7.0.0-13]]
 +
|}
 +
 +
=== ARM11 system modules ===
 +
 +
=== ARM11 system applications and applets  ===
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Summary
 +
!  Description
 +
!  Fixed in system version
 +
|-
 +
| 3DS [[System Settings]] DS profile string stack-smash
 +
| Too long or corrupted strings (01Ah  2  Nickname length in characters    050h  2  Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long.
 
| [[7.0.0-13]]
 
| [[7.0.0-13]]
 
|}
 
|}
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/11325"