Hacking Haxing 3DS using Row Hammer?

AtlanticBit

Yeh, fuck this
OP
Member
Joined
Jan 15, 2015
Messages
365
Trophies
0
Age
55
Location
DEEP IN SPACE
XP
389
Country
Poland
If you haven't heared of Row Hammer a basic bit hax looks like this:
Code:
code1a:
mov (X), %eax // Read from address X
mov (Y), %ebx // Read from address Y
clflush (X) // Flush cache for address X
clflush (Y) // Flush cache for address Y
jmp code1a
Is there any chance to make a spiderhax on the go ram editor/thing?
 
  • Like
Reactions: Margen67

shinyquagsire23

SALT/Sm4sh Leak Guy
Member
Joined
Nov 18, 2012
Messages
1,977
Trophies
2
Age
26
Location
Las Vegas
XP
3,765
Country
United States
If you haven't heared of Row Hammer a basic bit hax looks like this:
Code:
code1a:
mov (X), %eax // Read from address X
mov (Y), %ebx // Read from address Y
clflush (X) // Flush cache for address X
clflush (Y) // Flush cache for address Y
jmp code1a
Is there any chance to make a spiderhax on the go ram editor/thing?

That looks like an x86 specific exploit vector tbh, and it wouldn't work on the 3DS because you cannot flush the cache for a specific address from usermode, needs kernel.
 

yifan_lu

@yifanlu
Member
Joined
Apr 28, 2007
Messages
663
Trophies
0
XP
1,671
Country
United States
Harder to exploit on arm than x86 because no unpriviledged cache flushing. Not impossible but very hard. Much easier to exploit the kernel through the usual means.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://youtu.be/G9XbIhfBxjw?si=DjfZaPRTXNRECs47