No, ROP in web applet.Pluto got a NAND dump working,
No, ROP in web applet.Pluto got a NAND dump working,
A nand dump would not begin with NRO0. That's a relocatable object.Nope, definitely an eMMC dump.
https://twitter.com/qlutoo/status/838095607390679040
if true, this will be super useful in some years #joyconhac (hac because "hac" stands on the top left of the Motherboard I think and also on the back of the tablet)Apparently the Joy-cons have full kernel access.
thats some dns change with js notification
doesnt sound way too difficult
He admitted that he'd 'been found out' it was just a jokeMaybe not, but it should occur to you that the browser was locked out for a reason, they likely realized that it had a vulnerability, else they would have pitched this as an additional feature, and not hid it away. This is speculative, but it honestly makes sense.
They are not dumb... The developers that did "hide" the browser or figured you need a browser to login to certain public WiFi, knew exactly people could exploit the router/dns/whatever into making it display normal web pagesMaybe not, but it should occur to you that the browser was locked out for a reason, they likely realized that it had a vulnerability, else they would have pitched this as an additional feature, and not hid it away. This is speculative, but it honestly makes sense.
Source please. I don't see why the Joy-Cons would be connected as anything other than an I2C slave device when docked, and I2C devices typically don't have *any* system access.Apparently the Joy-cons have full kernel access.