Nintendo Switch Brew

Switch System Flaws: Difference between revisions

← Older editNewer edit →
No edit summary
Line 82: Line 82:
|  OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names)
|  OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names)
|  Prior to [[3.0.0]], pl:u (Shared Font services implemented in the NS sysmodule) service commands 1,2,3 took in a signed 32-bit index and returned that index of an array but did not check that index at all. This allowed for an arbitrary read within a 34-bit range (33-bit signed) from pl:u .bss. In [[3.0.0]], sending out of range indexes causes error code 0x60A to be returned.
|  Prior to [[3.0.0]], pl:u (Shared Font services implemented in the NS sysmodule) service commands 1,2,3 took in a signed 32-bit index and returned that index of an array but did not check that index at all. This allowed for an arbitrary read within a 34-bit range (33-bit signed) from pl:u .bss. In [[3.0.0]], sending out of range indexes causes error code 0x60A to be returned.
|  Dumping pl:u (part of the the NS module)'s virtual memory (including code); obtaining base addresses for NS module .text (thus defeating ASLR)
|  Dumping full NS .text, .rodata and .data, infoleak, etc
|  [[3.0.0]]
|  [[3.0.0]]
|  [[3.0.0]]
|  [[3.0.0]]
Retrieved from "https://switchbrew.org/wiki/Switch_System_Flaws"