Changes

3DS System Flaws (edit)

Revision as of 22:32, 29 July 2019

75 bytes added , 22:32, 29 July 2019

Updated exploits used today to 11.10

Line 515: Line 515:

|-

| [[DSiWare_Exports]] [[CTCert]] verification

−

| Just like DSi originally did, 3DS verifies the APCert for DSiWare on SD with the CTCert also in the DSiWare .bin. On DSi this was fixed with with system-version 1.4.2 by verifying with the actual console-unique cert instead(stored in NAND), while on 3DS it's still not~~(?)~~ fixed.

+

| Just like DSi originally did, 3DS verifies the APCert for DSiWare on SD with the CTCert also in the DSiWare .bin. On DSi this was fixed with with system-version 1.4.2 by verifying with the actual console-unique cert instead(stored in NAND), while on 3DS it's still not fixed.

−

On 3DS ~~however~~ this is ~~useless, unless one can obtain the console-unique movable.sed keyY which encrypts the entire~~ DSiWare ~~.bin.~~

+

On 3DS this is used in conjunction with seedminer to be able to decrypt & modify DSiWare TAD containers and inject them with exploitable DSiWare titles such as sudoku (sudokuhax) and Flipnote JPN (ugopwn)

| When the movable.sed keyY for the target 3DS is known and the target 3DS CTCert private-key is unknown, importing of modified DSiWare SD .bin files.

| None.

−

| 11.8.0-X

+

| 11.10.0-X

| April 2013

|

Line 537: Line 537:

| This allows embedding older, exploitable DSiWare titles in completely different, unexploitable DSiWare titles. Since DSiWare has raw NAND RW, this can result in arm9 control through FIRM known-plaintext and sighax attacks.

| None.

−

| 11.8.0-X

+

| 11.10.0-X

| 2015?

| December 2016

Line 546: Line 546:

| When combined with other public vulns, arm9 code execution.

| None.

−

| 11.8.0-X

+

| 11.10.0-X

| May 2018

| Sept 2018

Jason0597

11

edits