Switch System Flaws: Difference between revisions
m Flesh out detail on Splatoon 3 report based on HackerOne summary. |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1,124: | Line 1,124: | ||
| June 6, 2025 | | June 6, 2025 | ||
| August 8, 2025 | | August 8, 2025 | ||
| Yannik | | [https://github.com/kinnay Yannik] | ||
|- | |- | ||
| [[LDN_services|ldn]] AdvertiseData OOB-memcpy with EncryptionType3 (AES-128-GCM) actionframes (ldnhax) | | [[LDN_services|ldn]] AdvertiseData OOB-memcpy with EncryptionType3 (AES-128-GCM) actionframes (ldnhax) | ||
| Line 1,328: | Line 1,328: | ||
| December, 2022 | | December, 2022 | ||
| May, 2024 | | May, 2024 | ||
| Yannik | | [https://github.com/kinnay Yannik] | ||
|} | |} | ||
| Line 1,509: | Line 1,509: | ||
| Early April 2022 | | Early April 2022 | ||
| November 16, 2022 | | November 16, 2022 | ||
| [[User:Rambo6Glaz|Rambo6Glaz]], Yannik (massive RE help) | | [[User:Rambo6Glaz|Rambo6Glaz]], [https://github.com/kinnay Yannik] (massive RE help) | ||
|} | |} | ||
There's another one more interesting but it will have to wait a bit :) | There's another one more interesting but it will have to wait a bit :) | ||
== Games == | |||
{| class="wikitable" border="1" | |||
|- | |||
! Game | |||
! Summary | |||
! Description | |||
! Impact | |||
! Fixed in version | |||
! Timeframe this was discovered | |||
! Public disclosure timeframe | |||
! Discovered by | |||
|- | |||
| Mario Kart World | |||
| ASLR leak in application data | |||
| A memory address can be leaked by changing your username to something short, and hosting a network session in LAN mode (press L + R + Left Stick on the main menu to enable this). The memory address can be found in bytes 12 - 19 of the application data that is transmitted in response to a browse request. | |||
'''Note:''' there is more uninitialized data in the packet, but the memory address is probably the most interesting part. The vulnerability was fixed by clearing the application data with zeros, before filling in the information. | |||
[https://hackerone.com/reports/3463719 HackerOne report] | |||
This stack infoleak was also present in the [[LDN_services|ldn]] AdvertiseData. | |||
| A memory address can leaked (this is a requirement for many types of attacks). | |||
| 1.5.0 | |||
| December 12, 2025 | |||
| February 19, 2026 | |||
| [https://github.com/kinnay Yannik], yellows8 (ldn) | |||
|- | |||
| Splatoon 3 | |||
| Anticheat Seed Randomization Weakness | |||
| This oversight of seed generation would allow an attacker to quickly compute all code hashes, and modify game code, while still producing a valid ch1 hash. | |||
[https://hackerone.com/reports/3042475 HackerOne report] | |||
| Allows an attacker to bypass the ch1 anti-cheat hashing mechanism. | |||
| 10.0.0 | |||
| March 17, 2025 | |||
| February 19, 2026 | |||
| hana2736 | |||
|} | |||