Switch System Flaws: Difference between revisions
oops |
Fun stuff |
||
Line 28: | Line 28: | ||
With a way to modify the encrypted state buffer, one can thus dump keys from "write-only" keyslots, etc. | With a way to modify the encrypted state buffer, one can thus dump keys from "write-only" keyslots, etc. | ||
This also bypasses the SBK protection of the bootROM: indeed, at warmboot, bootROM will always clear keyslot 0xE to prevent malicious code from saving the SBK. Moving the SBK to another keyslot in the saved context renders this protection moot. | |||
| None | | None | ||
| HAC-001 | | HAC-001 |