Changes

Jump to navigation Jump to search
757 bytes added ,  22:25, 19 January 2016
this has been leaking all over the place for the last year so i'm just throwing it up for the greater good
Line 72: Line 72:  
| February 2015
 
| February 2015
 
| [[User:Yellows8|Yellows8]], [[User:Plutooo|plutoo]]
 
| [[User:Yellows8|Yellows8]], [[User:Plutooo|plutoo]]
 +
|-
 +
| FIRM partitions known-plaintext
 +
| The [[Flash_Filesystem|FIRM partitions]] are encrypted with AES-CTR. Since this works by XOR'ing data with a static (per-console in this case) keystream, one can deduce the keystream of a portion of each FIRM partition if they have the actual FIRM binary stored in it.
 +
 +
This can be paired with many exploits. For example, it allows minor FIRM downgrades (i.e. 10.4 to 9.6 or 9.5 to 9.4, but not 9.6 to 9.5).
 +
 +
This can be somewhat addressed by having a FIRM header skip over previously used section offsets, but this would just air-gap newer FIRMs without fixing the core bug. This can also only be done a limited number of times due to the size of FIRM versus the size of the partitions.
 +
| None
 +
| New3DS
 +
|
 +
| Everyone
 
|}
 
|}
  
96

edits

Navigation menu