| Line 88: |
Line 88: |
| | | | |
| | == ARM9 software == | | == ARM9 software == |
| − | === boot9 ===
| |
| − | {| class="wikitable" border="1"
| |
| − | ! Summary
| |
| − | ! Description
| |
| − | ! Fixed with hardware model/revision
| |
| − | ! Newest hardware model/revision this flaw was checked for
| |
| − | ! Timeframe this was discovered
| |
| − | ! Discovered by
| |
| − | |-
| |
| − | | Incorrect padding check
| |
| − | | The signature has a flag byte that determines whether the padding should be checked. This makes you able to bruteforce the padding very easily, as only the flag byte has to be zero.
| |
| − | | N/A
| |
| − | | New3DS
| |
| − | | Summer 2015
| |
| − | | derrek
| |
| − | |-
| |
| − | | No bound checks inside of ASN.1 parser
| |
| − | | The hash inside of the signature is stored in an ASN.1 structure. However the length fields are not bounds-checked, allowing one to point the header hash to the hash the 3DS calculated before verification. This and because of the aforementioned bug, you can brute-force a signature that will always work easily, as essentially only a few bytes need to be valid.
| |
| − | | N/A
| |
| − | | New3DS
| |
| − | | Summer 2015
| |
| − | | derrek
| |
| − | |}
| |
| | | | |
| | === arm9loader === | | === arm9loader === |