Nintendo Switch Brew

Changes

Switch System Flaws (view source)

Revision as of 21:06, 26 March 2024

788 bytes added ,  26 March
→‎System Modules
Line 1,004: Line 1,004:  
| February 25, 2022
 
| February 25, 2022
 
| October 24, 2023
 
| October 24, 2023
 +
| [[User:Yellows8|yellows8]]
 +
|-
 +
| [[Audio_services|audctl]] GetTargetDeviceInfo infoleak
 +
| audctl GetTargetDeviceInfo calls an impl func with a ptr to a stackbuf, then if successful memcpys the 0x100-bytes from that buffer to output. This stackbuf is not memset. This func (after doing various state checks) copies a string to output, other than always writing a NUL-terminator there's no clearing of the buffer.
 +
 +
This will leak audio-sysmodule stack into the output buffer as long as the state/input checks pass (for the remainder of the buffer following the string NUL-terminator).
 +
 +
With [18.0.0+] data is written directly to the outbuf instead of the stack tmpbuf.
 +
| audio-sysmodule infoleak, which allows defeating ASLR.
 +
| [[18.0.0]]
 +
| [[18.0.0]]
 +
| December 24, 2022
 +
| March 26, 2024
 
| [[User:Yellows8|yellows8]]
 
| [[User:Yellows8|yellows8]]
 
|}
 
|}
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/12720"