Changes

Jump to navigation Jump to search

Switch System Flaws (view source)

Revision as of 16:14, 29 January 2021

1 byte removed ,  16:14, 29 January 2021
→‎Hardware
Line 133: Line 133:  
One can then use blind ROP against the TSEC secure bootrom (which is execute only, and cannot be dumped).
 
One can then use blind ROP against the TSEC secure bootrom (which is execute only, and cannot be dumped).
   −
With sufficient effort, an attacker can construct a ROP chain that leads to csigauth being executed with fully controlled arguments.
+
With sufficient effort, an attacker can construct a ROP chain that leads to csigcmp being executed with fully controlled arguments.
    
This allows for arbitrary heavy secure mode code execution with the current signature set to an arbitrary value.
 
This allows for arbitrary heavy secure mode code execution with the current signature set to an arbitrary value.
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/10616"

Navigation menu