Switch System Flaws: Difference between revisions
No edit summary |
|||
| Line 1,116: | Line 1,116: | ||
| May 4, 2025 | | May 4, 2025 | ||
| [[User:Yellows8|yellows8]] | | [[User:Yellows8|yellows8]] | ||
|- | |||
| [[SSL_services|ssl]] Certificate verification bypass | |||
| The ssl sysmodule keeps a list of trusted certificates, that are imported by an app with ImportServerPki. During certificate verification, if the certificate that is provided by the server has the same subject key id as a trusted certificate, the certificate is accepted, even if self-signed. A blog post about this vulnerability can be found [https://reversing.live/sslbypass.html here]. | |||
| Man-in-the-middle for any connection that uses ImportServerPki. | |||
| [[20.2.0]] | |||
| [[20.2.0]] | |||
| June 6, 2025 | |||
| August 8, 2025 | |||
| Yannik | |||
|- | |- | ||
| [[LDN_services|ldn]] AdvertiseData OOB-memcpy with EncryptionType3 (AES-128-GCM) actionframes (ldnhax) | | [[LDN_services|ldn]] AdvertiseData OOB-memcpy with EncryptionType3 (AES-128-GCM) actionframes (ldnhax) | ||
| Line 1,285: | Line 1,294: | ||
| December 31, 2020 | | December 31, 2020 | ||
| [[User:Yellows8|yellows8]] | | [[User:Yellows8|yellows8]] | ||
|} | |||
=== NEX === | |||
This section documents client-side vulnerabilities for [https://github.com/Kinnay/NintendoClients/wiki/NEX-Overview-(Game-Servers) NEX]. | |||
{| class="wikitable" border="1" | |||
|- | |||
! Summary | |||
! Description | |||
! Successful exploitation result | |||
! Fixed in version | |||
! Timeframe this was discovered | |||
! Public disclosure timeframe | |||
! Discovered by | |||
|- | |||
| Buffer overflow in StringConversion::T2Char8 | |||
| StringConversion::T2Char8 is used to convert IP addresses from a platform-specific encoding to UTF-8. On the 3DS and Switch, the implementation is simply a strcpy. By sending a long IP address string, a buffer overflow can be triggered on the stack. The vulnerability can be triggered through the NAT traversal protocol. A blog post about this vulnerable can be found [https://reversing.live/hacking-hundreds-of-wii-us-at-once.html here]. | |||
| Stack overflow in any game that uses NEX for matchmaking | |||
| Fixed server-side | |||
| December, 2022 | |||
| May, 2024 | |||
| Yannik | |||
|} | |} | ||
| Line 1,465: | Line 1,496: | ||
| Early April 2022 | | Early April 2022 | ||
| November 16, 2022 | | November 16, 2022 | ||
| [[User:Rambo6Glaz|Rambo6Glaz]], | | [[User:Rambo6Glaz|Rambo6Glaz]], Yannik (massive RE help) | ||
|} | |} | ||
There's another one more interesting but it will have to wait a bit :) | There's another one more interesting but it will have to wait a bit :) | ||