3dbrew

Changes

3DS System Flaws (edit)

Revision as of 22:14, 2 January 2017

457 bytes added ,  22:14, 2 January 2017
ntrcardhax description
Line 216: Line 216:  
|-
 
|-
 
| ntrcardhax
 
| ntrcardhax
|  
+
| When reading the banner of a NTR title, Process9 relies on a hardware register to know when the banner was fully read.
 +
However that register is shared between the ARM9 and the ARM11.
 +
An attacker with k11 control can so make Process9 believe the banner continues forever and so trigger a buffer overflow.
 +
With a custom banner for a NTR flashcart, this leads to code execution in Process9.
 +
 
 +
This was fixed by adding bound checks on the read data.
 
| ARM9 code execution
 
| ARM9 code execution
| 10.4.0-29
+
| [[10.4.0-29|10.4.0-X]]
 
|  
 
|  
 
| March 2015
 
| March 2015
Motezazer
19

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19130"