Changes

Jump to navigation Jump to search

3DS System Flaws (edit)

Revision as of 09:17, 14 May 2015

38 bytes added ,  09:17, 14 May 2015
no edit summary
Line 22: Line 22:  
| ARM9's exception vectors are hardcoded to point at ARM9 RAM. While the bootrom does set them up to point to itself at some point during boot, it does not do so immediately. As such, a carefully-timed fault injection to induce an invalid instruction will cause execution to fall into ARM9 RAM.  
 
| ARM9's exception vectors are hardcoded to point at ARM9 RAM. While the bootrom does set them up to point to itself at some point during boot, it does not do so immediately. As such, a carefully-timed fault injection to induce an invalid instruction will cause execution to fall into ARM9 RAM.  
 
Since RAM isn't cleared on boot, one can immediately start execution of their own code here to dump bootrom, OTP, etc.
 
Since RAM isn't cleared on boot, one can immediately start execution of their own code here to dump bootrom, OTP, etc.
| May 2015
+
| Middle of 2014, May 2015
| WulfyStylez
+
| derrek, WulfyStylez independently
 
|-
 
|-
 
| Missing AES key clearing
 
| Missing AES key clearing
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/12608"

Navigation menu