Switch System Flaws: Difference between revisions
| Line 558: | Line 558: | ||
| Everyone | | Everyone | ||
|- | |- | ||
| Broken RNG for [[Loader_services|Loader]] ASLR | |||
| The RNG used for generating the ASLR slide is only seeded with 32bits, with the data from [[SVC|svcGetInfo]]. Hence, one could bruteforce the seed if one has infoleaks from any programs. This can be successfully bruteforced with at least 2 sample codebin addrs from different programs (with only 1 sample a lot of invalid seeds are found), however in some cases more than 1 seed might be found. | |||
With [15.0.0+] Loader now uses csrng_GenerateRandomBytes for determining the ASLR slide. | |||
See also [https://github.com/switchbrew/loader-aslr-solver loader-aslr-solver]. | |||
| Breaking ASLR for all non-KIP processes, allowing predicting the main-codebin base addr for all non-KIP processes until the next reboot. | |||
| [[15.0.0]] | |||
| [[15.0.0]] | |||
| January 30, 2022 (presumably found much earlier?) | |||
| October 11, 2022 | |||
| Everyone | |||
|} | |} | ||