3dbrew

Changes

3DS System Flaws (edit)

Revision as of 17:41, 6 June 2018

646 bytes added ,  17:41, 6 June 2018
good old boot9 code exec vuln
Line 135: Line 135:  
| 2015(?)
 
| 2015(?)
 
| [[User:Derrek|derrek]] (2015?), [[User:Normmatt|Normmatt]] and [[User:SciresM|SciresM]] independently (January 2017).
 
| [[User:Derrek|derrek]] (2015?), [[User:Normmatt|Normmatt]] and [[User:SciresM|SciresM]] independently (January 2017).
 +
|-
 +
| "superhax": Boot9 FIRM loading blacklist check is flawed
 +
| Boot9 only makes sure the '''start''' and '''end''' address of each section is not covered by a blacklisted region. Thus, it is possible to overwrite blacklisted regions (e.g. ARM9 Exception Vectors) by choosing a FIRM section range that encloses an entire blacklisted region. The vulnerable code looks like this: if(blRegions[i].start <= sectionStart && blRegions[i].end > sectionStart <nowiki>||</nowiki> blRegions[i].start <= sectionEnd && blRegions[i].end > sectionEnd) return false; // failure
 +
| None
 +
| New3DS
 +
| August 2015
 +
| [[User:Plutoo|plutoo]], [[User:Yellows8|yellows8]]
 
|}
 
|}
  
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/20708"