Difference between revisions of "Switch System Flaws"
From Nintendo Switch Brew
| (26 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| − | System Flaws are used to execute unofficial code (homebrew) on the Nintendo Switch | + | System Flaws are used to execute unofficial code (homebrew) on the Nintendo Switch. This page is a list of known and public Switch System Flaws. |
| − | =List of | + | =List of Switch System Flaws= |
| − | |||
| − | |||
== Hardware == | == Hardware == | ||
| Line 15: | Line 13: | ||
! Discovered by | ! Discovered by | ||
|- | |- | ||
| − | | No hardware exploits discovered | + | | No public hardware exploits |
| − | | | + | | |
| − | | | + | | |
| − | | | + | | |
| − | | | + | | |
| − | | | + | | |
| + | |- | ||
| + | |} | ||
| + | |||
| + | == System software == | ||
| + | === Kernel === | ||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Summary | ||
| + | ! Description | ||
| + | ! Successful exploitation result | ||
| + | ! Fixed in system version | ||
| + | ! Last system version this flaw was checked for | ||
| + | ! Timeframe this was discovered | ||
| + | ! Public disclosure timeframe | ||
| + | ! Discovered by | ||
| + | |- | ||
| + | | No public Kernel exploits | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | === TrustZone === | ||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Summary | ||
| + | ! Description | ||
| + | ! Successful exploitation result | ||
| + | ! Fixed in system version | ||
| + | ! Last system version this flaw was checked for | ||
| + | ! Timeframe this was discovered | ||
| + | ! Public disclosure timeframe | ||
| + | ! Discovered by | ||
| + | |- | ||
| + | | No public ARM TrustZone exploits | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | | | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | === System Modules === | ||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Summary | ||
| + | ! Description | ||
| + | ! Successful exploitation result | ||
| + | ! Fixed in system version | ||
| + | ! Last system version this flaw was checked for | ||
| + | ! Timeframe this was discovered | ||
| + | ! Public disclosure timeframe | ||
| + | ! Discovered by | ||
| + | |- | ||
| + | | OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names) | ||
| + | | Prior to [[3.0.0]], pl:u (Shared Font services implemented in the NS sysmodule) service commands 1,2,3 took in a signed 32-bit index and returned that index of an array but did not check that index at all. This allowed for an arbitrary read within a 34-bit range (33-bit signed) from NS .bss. In [[3.0.0]], sending out of range indexes causes error code 0x60A to be returned. | ||
| + | | Dumping full NS .text, .rodata and .data, infoleak, etc | ||
| + | | [[3.0.0]] | ||
| + | | [[3.0.0]] | ||
| + | | April 2017 | ||
| + | | On exploit's fix in [[3.0.0]] | ||
| + | | qlutoo, Reswitched team (independently) | ||
|- | |- | ||
| + | |} | ||
Latest revision as of 09:47, 21 June 2017
System Flaws are used to execute unofficial code (homebrew) on the Nintendo Switch. This page is a list of known and public Switch System Flaws.
Contents
List of Switch System Flaws
Hardware
| Summary | Description | Fixed with hardware model/revision | Newest hardware model/revision this flaw was checked for | Timeframe this was discovered | Discovered by |
|---|---|---|---|---|---|
| No public hardware exploits |
System software
Kernel
| Summary | Description | Successful exploitation result | Fixed in system version | Last system version this flaw was checked for | Timeframe this was discovered | Public disclosure timeframe | Discovered by |
|---|---|---|---|---|---|---|---|
| No public Kernel exploits |
TrustZone
| Summary | Description | Successful exploitation result | Fixed in system version | Last system version this flaw was checked for | Timeframe this was discovered | Public disclosure timeframe | Discovered by |
|---|---|---|---|---|---|---|---|
| No public ARM TrustZone exploits |
System Modules
| Summary | Description | Successful exploitation result | Fixed in system version | Last system version this flaw was checked for | Timeframe this was discovered | Public disclosure timeframe | Discovered by |
|---|---|---|---|---|---|---|---|
| OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names) | Prior to 3.0.0, pl:u (Shared Font services implemented in the NS sysmodule) service commands 1,2,3 took in a signed 32-bit index and returned that index of an array but did not check that index at all. This allowed for an arbitrary read within a 34-bit range (33-bit signed) from NS .bss. In 3.0.0, sending out of range indexes causes error code 0x60A to be returned. | Dumping full NS .text, .rodata and .data, infoleak, etc | 3.0.0 | 3.0.0 | April 2017 | On exploit's fix in 3.0.0 | qlutoo, Reswitched team (independently) |
