96
edits
Changes
Jump to navigation
Jump to search
this has been leaking all over the place for the last year so i'm just throwing it up for the greater good
Line 72:
Line 72:
| February 2015
| February 2015
| [[User:Yellows8|Yellows8]], [[User:Plutooo|plutoo]]
| [[User:Yellows8|Yellows8]], [[User:Plutooo|plutoo]]
+|-
+| FIRM partitions known-plaintext
+| The [[Flash_Filesystem|FIRM partitions]] are encrypted with AES-CTR. Since this works by XOR'ing data with a static (per-console in this case) keystream, one can deduce the keystream of a portion of each FIRM partition if they have the actual FIRM binary stored in it.
+
+This can be paired with many exploits. For example, it allows minor FIRM downgrades (i.e. 10.4 to 9.6 or 9.5 to 9.4, but not 9.6 to 9.5).
+
+This can be somewhat addressed by having a FIRM header skip over previously used section offsets, but this would just air-gap newer FIRMs without fixing the core bug. This can also only be done a limited number of times due to the size of FIRM versus the size of the partitions.
+| None
+| New3DS
+|
+| Everyone
|}
|}