869
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − ==Stale / Rejected Efforts==+ Line 13:
Line 13: − ==System flaws==+ − === Hardware ===+ Line 36:
Line 36: − + − ==== Process9 ====+ − − Line 49:
Line 47: − |- − | RSA signature padding checks − | The TWL_FIRM RSA sig padding check code used for all TWL RSA sig-checks has issues, see [[FIRM|here]]. − The main 3DS RSA padding check code(non-certificate) uses the function used with the above to extract PKCS padding + the actual hash from the message. This is not a problem here however. − | − | None − | [[9.5.0-22|9.5.0-X]] − | March 2015 − | [[User:Yellows8|Yellows8]] Line 68:
Line 57: + + + + + + + + + + + + + + + + + + + + + Line 170:
Line 180: − + + Line 303:
Line 314: − + Line 327:
Line 338: − +
no edit summary
Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of publicly known system flaws, for userland applications/applets flaws see [[3DS_Userland_Flaws|here]].
Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of publicly known system flaws, for userland applications/applets flaws see [[3DS_Userland_Flaws|here]].
=Stale / Rejected Efforts=
* Neimod has been working on a RAM dumping setup for a little while now. He's de-soldered the 3DS's RAM chip and hooked it and the RAM pinouts on the 3DS' PCB up to a custom RAM dumping setup. A while ago he published photos showing his setup to be working quite well, with the 3DS successfully booting up. However, his flickr stream is now private along with most of his work.
* Neimod has been working on a RAM dumping setup for a little while now. He's de-soldered the 3DS's RAM chip and hooked it and the RAM pinouts on the 3DS' PCB up to a custom RAM dumping setup. A while ago he published photos showing his setup to be working quite well, with the 3DS successfully booting up. However, his flickr stream is now private along with most of his work.
Note that the publicly-available <v5.0 total-control exploits are [[FIRM|Process9]] exploits, not "kernel exploits".
Note that the publicly-available <v5.0 total-control exploits are [[FIRM|Process9]] exploits, not "kernel exploits".
=System flaws=
== Hardware ==
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Summary
! Summary
|}
|}
=== [[TWL_FIRM]] ===
== ARM9 software ==
=== arm9loader ===
=== [[FIRM]] Process9 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Timeframe this was discovered
! Timeframe this was discovered
! Discovered by
! Discovered by
|-
|-
| Uncleared New3DS keyslot 0x11
| Uncleared New3DS keyslot 0x11
|
|
| February 3, 2015 (one day after [[9.5.0-22|9.5.0-X]] release)
| February 3, 2015 (one day after [[9.5.0-22|9.5.0-X]] release)
| [[User:Yellows8|Yellows8]]
|}
=== Process9 ===
{| class="wikitable" border="1"
|-
! Summary
! Description
! Successful exploitation result
! Fixed in [[FIRM]] system version
! Last [[FIRM]] system version this flaw was checked for
! Timeframe this was discovered
! Discovered by
|-
| RSA signature padding checks
| The TWL_FIRM RSA sig padding check code used for all TWL RSA sig-checks has issues, see [[FIRM|here]].
The main 3DS RSA padding check code(non-certificate) uses the function used with the above to extract PKCS padding + the actual hash from the message. This is not a problem here however.
|
| None
| [[9.5.0-22|9.5.0-X]]
| March 2015
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|-
|-
|}
|}
=== ARM11 kernel ===
== ARM11 software ==
=== Kernel11 ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
|}
|}
=== [[FIRM]] ARM11 modules ===
=== [[FIRM]] Sysmodules ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
|}
|}
=== ARM11 system modules ===
=== Standalone Sysmodules ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-