Nintendo Switch Brew

Switch System Flaws: Difference between revisions

← Older editNewer edit →
edit for accuracy, since I guess --xploit is public now , writing the arbitrary signature rop chain was an absurd amount of effort
typo
Line 128: Line 128:
| [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently).
| [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently).
|-
|-
| ROM under TSEC secure bootrom via DMA engine stack overwrite (--xploit)
| ROP under TSEC secure bootrom via DMA engine stack overwrite (--xploit)
| TSEC DMA engine does not stop when entering TSEC secure bootrom. By pointing TSEC DMA to current stack before secure bootrom entry, stack can be controlled.  
| TSEC DMA engine does not stop when entering TSEC secure bootrom. By pointing TSEC DMA to current stack before secure bootrom entry, stack can be controlled.  


Retrieved from "https://switchbrew.org/wiki/Switch_System_Flaws"