next time add more info in your title, so we don't have to enter your thread.
D
Deleted User
Guest
?
--------------------- MERGED ---------------------------
I just want to know?
--------------------- MERGED ---------------------------
Ignored
--------------------- MERGED ---------------------------
I just want to know?
--------------------- MERGED ---------------------------
Ignored
Well, if it's publicly documented, don't you think someone would've taken advantage of it if possible already? -_-
"it's unknown if anyone actually exploited this successfully at the time of writing"
ARM9's and ARM11's exception vectors are hardcoded to point at the CPU's internal memory (0x08000000 region for ARM9, AXIWRAM for ARM11). While the bootrom does set them up to point to an endless loop at some point during boot, it does not do so immediately. As such, a carefully-timed fault injection (via hardware) to trigger an exception (such as an invalid instruction) will cause execution to fall into ARM9 RAM.
Since RAM isn't cleared on boot (see below), one can immediately start execution of their own code here to dump bootrom, OTP, etc. The ARM9 bootrom does the following at reset: reset vector branches to another instruction, then branches to bootrom+0x8000. Hence, there's no way to know for certain when exactly the ARM9 exception-vector data stored in memory gets initialized.
ARM9's and ARM11's exception vectors are hardcoded to point at the CPU's internal memory (0x08000000 region for ARM9, AXIWRAM for ARM11). While the bootrom does set them up to point to an endless loop at some point during boot, it does not do so immediately. As such, a carefully-timed fault injection (via hardware) to trigger an exception (such as an invalid instruction) will cause execution to fall into ARM9 RAM.
Since RAM isn't cleared on boot (see below), one can immediately start execution of their own code here to dump bootrom, OTP, etc. The ARM9 bootrom does the following at reset: reset vector branches to another instruction, then branches to bootrom+0x8000. Hence, there's no way to know for certain when exactly the ARM9 exception-vector data stored in memory gets initialized.
Thing is that's not going to lead to an exploit most (if any) people would use because A. It needs existing access to arm9 RAM (which would probably turn into an exploit in itself) and B. It's a hardware exploit, which means practically nobody will use it, and an extremely timing-sensitive one at that. The only thing it would be useful for is dumping the bootrom.
But that exploit was not patched yet so people with a hardmod can dump otp on 11.0
--------------------- MERGED ---------------------------
--------------------- MERGED ---------------------------
Possibly
- Joined
- Sep 7, 2015
- Messages
- 951
- Reaction score
- 245
- Trophies
- 0
- Location
- garfield kart grand prix
- XP
- 499
- Country
Similar threads
- Question
Site & Scene News
New Hot Discussed
-
-
22K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
15K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
11K views
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
11K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
10K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
9K views
Low-level 3DS emulator 3Beans released alongside setup tutorial video
When you talk about 3DS emulation, most people would jump to Citra. As the defacto choice since its first release it's seen tremendous success, and even after its... -
9K views
The long awaited EarthBound Beginnings Remake romhack is now available after almost 2 decades in development
What once seemed like a far off dream, and after many, many community restarts throughout the years, the elusive Mother 1 / EarthBound Beginnings Remake, which is a... -
8K views
Steam Machine waiting list goes live, starting at £879 with a 512GB SSD
After much speculation, a lot of which being caused by dbrand's unceremonious reveal of their Companion Cube casing, the Steam Machine is finally available to order... -
7K views
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
7K views
Super Mario 64 gets a brand new port on the Nintendo DS, brings support for full local multiplayer
Since being decompiled Super Mario 64 has seen a considerable amount of interest. We've had multiple PC ports, but the efforts beyond that are really astounding. It's...
-
-
-
207 replies
Steam Machine waiting list goes live, starting at £879 with a 512GB SSD
After much speculation, a lot of which being caused by dbrand's unceremonious reveal of their Companion Cube casing, the Steam Machine is finally available to order... -
176 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
141 replies
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
117 replies
Grand Theft Auto VI pre orders go live tomorrow, physical release limited to code in box
The delays may be behind us, but the news isn't all good for Grand Theft Auto VI. Rockstar have today announced that pre-orders for the game will go live tomorrow, on... -
103 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
91 replies
What do you want to see in the next Nintendo Direct?
With rumours circulating about a Nintendo Direct in the coming days and weeks, fans are left speculating and hoping as to what might be included. At the centre of all... -
80 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
Nintendo Direct to air on the 9th of June, set to feature 50 minutes of Switch and Switch 2 games launching this year
After much speculation and rumour, the fabled Nintendo Direct is upon us. Set to go live tomorrow, the 9th of June, at 3pm in the UK, it'll feature 50 minutes of... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
65 replies
Nintendo fined 35 million euros by the French government due to Switch 1 Joycon malfunctions
Following an investigation over misleading commercial practices, today Nintendo has been imposed a fine of 35 million euros related to the controller malfunctions...
-
