In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Changes

Jump to navigation Jump to search

Wii U system flaws (view source)

Revision as of 00:57, 15 January 2018

768 bytes added ,  00:57, 15 January 2018
no edit summary
Line 27: Line 27:     
==boot1==
 
==boot1==
 +
{| class="wikitable" border="1"
 +
!  Summary
 +
!  Description
 +
!  Successful exploitation result
 +
!  Fixed in system version
 +
!  Discovered by
 +
|-
 +
| boot1hax (unsafe "boot_info" pointer)
 +
| boot1 communicates with IOS-MCP using the "boot_info" structure. A pointer to this structure is stored in the PRSH/PRST section in MEM2 which is given back to boot1 on a warmboot.
    +
Due to this pointer not being validated by boot1, an attacker can craft a malicious PRSH/PRST section where the "boot_info" pointer will point to anywhere inside boot1's memory region and thus achieving a semi-arbitrary write.
 +
| boot1 code execution
 +
| None
 +
| derrek, [[User:Plutoo|plutoo]], [[User:Naehrwert|naehrwert]], [[User:Yellows8|yellows8]], [[User:Shuffle2|shuffle2]] and [[User:Hexkyz|hexkyz]]
 +
|}
    
==ARM software (IOSU)==
 
==ARM software (IOSU)==
Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/2629"

Navigation menu