9
edits
Changes
no edit summary
| April 29, 2018
| April 29, 2018
| [[User:Hexkyz|hexkyz]], probably others (independently).
| [[User:Hexkyz|hexkyz]], probably others (independently).
|-
| Keygenldr compromise
| Given that we can control keyarea data (since its not authenticated) and boot (as mentioned in another exploit), as well as the fact NS and HS code share the same stack, we can use this to attack keygenldr. In keygenldr, theres a function that uses memcpy to copy over a payload to DMEM to verify it. These can be abused to smash the stack (which is also in DMEM) and write over the return addr of said function.
| ROP under keygenldr during HS mode.
| None
| [[8.0.1]]
| Spring 2019 (Earlier for some)
| Spring 2019
| [[User:Rei|Reisyukaku]] and [[User:Govanify|Govanify]]/ [[User:SciresM|SciresM]] and [[User:motezazer|motezazer]].
|-
|-
| pk1ldrhax
| pk1ldrhax