Changes

Jump to navigation Jump to search

Switch System Flaws (view source)

Revision as of 20:19, 21 May 2019

670 bytes added ,  20:19, 21 May 2019
no edit summary
Line 138: Line 138:  
|  April 29, 2018
 
|  April 29, 2018
 
|  [[User:Hexkyz|hexkyz]], probably others (independently).
 
|  [[User:Hexkyz|hexkyz]], probably others (independently).
 +
|-
 +
|  Keygenldr compromise
 +
|  Given that we can control keyarea data (since its not authenticated) and boot (as mentioned in another exploit), as well as the fact NS and HS code share the same stack, we can use this to attack keygenldr. In keygenldr, theres a function that uses memcpy to copy over a payload to DMEM to verify it. These can be abused to smash the stack (which is also in DMEM) and write over the return addr of said function.
 +
|  ROP under keygenldr during HS mode.
 +
|  None
 +
|  [[8.0.1]]
 +
|  Spring 2019 (Earlier for some)
 +
|  Spring 2019
 +
|  [[User:Rei|Reisyukaku]] and [[User:Govanify|Govanify]]/ [[User:SciresM|SciresM]] and [[User:motezazer|motezazer]].
 
|-
 
|-
 
|  pk1ldrhax
 
|  pk1ldrhax
Rei
9

edits

Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/6932"

Navigation menu