Nintendo Switch Brew

Changes

Switch System Flaws (view source)

Revision as of 16:56, 11 October 2022

864 bytes added ,  16:56, 11 October 2022
→‎FIRM-package System Modules
Line 558: Line 558:  
| Everyone
 
| Everyone
 
|-
 
|-
 +
| Broken RNG for [[Loader_services|Loader]] ASLR
 +
| The RNG used for generating the ASLR slide is only seeded with 32bits, with the data from [[SVC|svcGetInfo]]. Hence, one could bruteforce the seed if one has infoleaks from any programs. This can be successfully bruteforced with at least 2 sample codebin addrs from different programs (with only 1 sample a lot of invalid seeds are found), however in some cases more than 1 seed might be found.
 +
 +
With [15.0.0+] Loader now uses csrng_GenerateRandomBytes for determining the ASLR slide.
 +
 +
See also [https://github.com/switchbrew/loader-aslr-solver loader-aslr-solver].
 +
| Breaking ASLR for all non-KIP processes, allowing predicting the main-codebin base addr for all non-KIP processes until the next reboot.
 +
| [[15.0.0]]
 +
| [[15.0.0]]
 +
| January 30, 2022 (presumably found much earlier?)
 +
| October 11, 2022
 +
| Everyone
 
|}
 
|}
  
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/11941"