Switch System Flaws: Difference between revisions

oops
Motezazer (talk | contribs)
Fun stuff
Line 28: Line 28:


With a way to modify the encrypted state buffer, one can thus dump keys from "write-only" keyslots, etc.
With a way to modify the encrypted state buffer, one can thus dump keys from "write-only" keyslots, etc.
This also bypasses the SBK protection of the bootROM: indeed, at warmboot, bootROM will always clear keyslot 0xE to prevent malicious code from saving the SBK. Moving the SBK to another keyslot in the saved context renders this protection moot.
| None
| None
| HAC-001
| HAC-001