6,264
edits
Changes
Jump to navigation
Jump to search
Line 14:
Line 14: − − == Fixed vulnerabilities == − * The following was fixed with [[7.0.0-13]], see here for [[7.0.0-13|details]]. Too long or corrupted strings (01Ah 2 Nickname length in characters 050h 2 Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) causing it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). − + Line 37:
Line 34: + + + Line 151:
Line 151: − + Line 164:
Line 164: + + + + + + + + + + + + + +
no edit summary
* A loser (who will remain unnamed) has released CFW and CIA installers along with other stolen and illegal stuff.
* A loser (who will remain unnamed) has released CFW and CIA installers along with other stolen and illegal stuff.
==Failed attempts==
==Failed attempts==
Here are listed all attempts at exploiting 3DS software that have failed so far.
Here are listed all attempts at exploiting 3DS software that have failed so far.
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. The only possible crashes are triggered by out-of-bounds values, these crashes are caused by the application attempting to load a ptr from a buffer located at NULL.
* Pushmo (3DSWare), QR codes: level name is properly limited to 16 characters, game doesn't crash with a longer name. The only possible crashes are triggered by out-of-bounds array index values, these crashes are not exploitable.
==System flaws==
==System flaws==
=== [[FIRM]] Process9 ===
=== ARM11 kernel ===
=== ARM11 kernel ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|}
|}
=== FIRM ARM11 modules ===
=== [[FIRM]] ARM11 modules ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
This flaw was needed for exploiting the <=v4.x Process9 PXI vulnerabilities from ARM11 userland ROP, since most applications don't have access to those service(s).
This flaw was needed for exploiting the <=v4.x Process9 PXI vulnerabilities from ARM11 userland ROP, since most applications don't have access to those service(s).
| [[7.0.0-13]]
|}
=== ARM11 system modules ===
=== ARM11 system applications and applets ===
{| class="wikitable" border="1"
|-
! Summary
! Description
! Fixed in system version
|-
| 3DS [[System Settings]] DS profile string stack-smash
| Too long or corrupted strings (01Ah 2 Nickname length in characters 050h 2 Message length in characters) in the NVRAM DS user settings (System Settings->Other Settings->Profile->Nintendo DS Profile) cause it to crash in 3DS-mode due to a stack-smash. The DSi is not vulnerable to this, DSi launcher(menu) and DSi System Settings will reset the NVRAM user-settings if the length field values are too long(same result as when the CRCs are invalid). TWL_FIRM also resets the NVRAM user-settings when the string-length(s) are too long.
| [[7.0.0-13]]
| [[7.0.0-13]]
|}
|}