3dbrew

Changes

3DS System Flaws (edit)

Revision as of 20:44, 20 May 2017

982 bytes added ,  20:44, 20 May 2017
Boot9 code execution via MMIO and sighax + factory firmware vulnerable to sighax
Line 127: Line 127:  
| November 2015
 
| November 2015
 
| [[User:Derrek|derrek]]
 
| [[User:Derrek|derrek]]
 +
|-
 +
| Boot9 FIRM loading doesn't blacklist memory-mapped I/O
 +
| [[Bootloader|Boot9]]'s FIRM loading blacklists Boot9 data regions, but forgets to do other important regions, including Memory-mapped I/O. Combined with sighax, by loading a malicious FIRM section to MMIO, one can get Boot9/Boot11 code execution.
 +
| None
 +
| New3DS
 +
| 2015(?)
 +
| [[User:Derrek|derrek]] (2015?), [[User:Normmatt|Normmatt]] and [[User:SciresM|SciresM]] independently (January 2017).
 
|}
 
|}
   Line 258: Line 265:  
| January 20, 2016
 
| January 20, 2016
 
| [[User:Jakcron|jakcron]]
 
| [[User:Jakcron|jakcron]]
 +
|-
 +
| Factory firmware is vulnerable to sighax
 +
| During the 3DS's development, presumably boot9 was written (including the sighax) vulnerability. This vulnerability is also present in factory firmware (and earlier, including 0.11). This was fixed in version 1.0.0-0.
 +
| Deducing the mechanics of the sighax vulnerability in boot9 without having boot9 prot. Arm9 code execution on factory/earlier firmware.
 +
| [[1.0.0-0|1.0.0-X]]
 +
| [[1.0.0-0|1.0.0-X]]
 +
| May 9, 2017
 +
| May 19, 2017
 +
| [[User:SciresM|SciresM]], [[User:Myria|Myria]]
 
|-
 
|-
 
| safefirmhax
 
| safefirmhax
SciresM
29

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/20017"