Changes

Jump to navigation Jump to search
241 bytes added ,  21:44, 28 March 2015
no edit summary
Line 1: Line 1:  
Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of publicly known system flaws, for userland applications/applets flaws see [[3DS_Userland_Flaws|here]].
 
Exploits are used to execute unofficial code (homebrew) on the Nintendo 3DS. This page is a list of publicly known system flaws, for userland applications/applets flaws see [[3DS_Userland_Flaws|here]].
   −
==Stale / Rejected Efforts==
+
=Stale / Rejected Efforts=
 
* Neimod has been working on a RAM dumping setup for a little while now. He's de-soldered the 3DS's RAM chip and hooked it and the RAM pinouts on the 3DS' PCB up to a custom RAM dumping setup. A while ago he published photos showing his setup to be working quite well, with the 3DS successfully booting up. However, his flickr stream is now private along with most of his work.
 
* Neimod has been working on a RAM dumping setup for a little while now. He's de-soldered the 3DS's RAM chip and hooked it and the RAM pinouts on the 3DS' PCB up to a custom RAM dumping setup. A while ago he published photos showing his setup to be working quite well, with the 3DS successfully booting up. However, his flickr stream is now private along with most of his work.
   Line 13: Line 13:  
Note that the publicly-available <v5.0 total-control exploits are [[FIRM|Process9]] exploits, not "kernel exploits".
 
Note that the publicly-available <v5.0 total-control exploits are [[FIRM|Process9]] exploits, not "kernel exploits".
   −
==System flaws==
+
=System flaws=
=== Hardware ===
+
== Hardware ==
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
!  Summary
 
!  Summary
Line 36: Line 36:  
|}
 
|}
   −
=== [[TWL_FIRM]] ===
+
== ARM9 software ==
==== Process9 ====
+
=== arm9loader ===
 
  −
=== [[FIRM]] Process9 ===
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 49: Line 47:  
!  Timeframe this was discovered
 
!  Timeframe this was discovered
 
!  Discovered by
 
!  Discovered by
|-
  −
| RSA signature padding checks
  −
| The TWL_FIRM RSA sig padding check code used for all TWL RSA sig-checks has issues, see [[FIRM|here]].
  −
The main 3DS RSA padding check code(non-certificate) uses the function used with the above to extract PKCS padding + the actual hash from the message. This is not a problem here however.
  −
|
  −
| None
  −
| [[9.5.0-22|9.5.0-X]]
  −
| March 2015
  −
| [[User:Yellows8|Yellows8]]
   
|-
 
|-
 
| Uncleared New3DS keyslot 0x11
 
| Uncleared New3DS keyslot 0x11
Line 68: Line 57:  
|  
 
|  
 
| February 3, 2015 (one day after [[9.5.0-22|9.5.0-X]] release)
 
| February 3, 2015 (one day after [[9.5.0-22|9.5.0-X]] release)
 +
| [[User:Yellows8|Yellows8]]
 +
|}
 +
 +
=== Process9 ===
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Summary
 +
!  Description
 +
!  Successful exploitation result
 +
!  Fixed in [[FIRM]] system version
 +
!  Last [[FIRM]] system version this flaw was checked for
 +
!  Timeframe this was discovered
 +
!  Discovered by
 +
|-
 +
| RSA signature padding checks
 +
| The TWL_FIRM RSA sig padding check code used for all TWL RSA sig-checks has issues, see [[FIRM|here]].
 +
The main 3DS RSA padding check code(non-certificate) uses the function used with the above to extract PKCS padding + the actual hash from the message. This is not a problem here however.
 +
|
 +
| None
 +
| [[9.5.0-22|9.5.0-X]]
 +
| March 2015
 
| [[User:Yellows8|Yellows8]]
 
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
Line 170: Line 180:  
|}
 
|}
   −
=== ARM11 kernel ===
+
== ARM11 software ==
 +
=== Kernel11 ===
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 303: Line 314:  
|}
 
|}
   −
=== [[FIRM]] ARM11 modules ===
+
=== [[FIRM]] Sysmodules ===
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 327: Line 338:  
|}
 
|}
   −
=== ARM11 system modules ===
+
=== Standalone Sysmodules ===
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-

Navigation menu