4,620
edits
Changes
Jump to navigation
Jump to search
Line 558:
Line 558: + + + + + + + + + + + +
→FIRM-package System Modules
| Everyone
| Everyone
|-
|-
| Broken RNG for [[Loader_services|Loader]] ASLR
| The RNG used for generating the ASLR slide is only seeded with 32bits, with the data from [[SVC|svcGetInfo]]. Hence, one could bruteforce the seed if one has infoleaks from any programs. This can be successfully bruteforced with at least 2 sample codebin addrs from different programs (with only 1 sample a lot of invalid seeds are found), however in some cases more than 1 seed might be found.
With [15.0.0+] Loader now uses csrng_GenerateRandomBytes for determining the ASLR slide.
See also [https://github.com/switchbrew/loader-aslr-solver loader-aslr-solver].
| Breaking ASLR for all non-KIP processes, allowing predicting the main-codebin base addr for all non-KIP processes until the next reboot.
| [[15.0.0]]
| [[15.0.0]]
| January 30, 2022 (presumably found much earlier?)
| October 11, 2022
| Everyone
|}
|}