Haxing 3DS using Row Hammer?

Discussion in '3DS - Flashcards & Custom Firmwares' started by AtlanticBit, Mar 9, 2015.

  1. AtlanticBit
    OP

    AtlanticBit Yeh, fuck this

    Member
    365
    189
    Jan 15, 2015
    Poland
    DEEP IN SPACE
    If you haven't heared of Row Hammer a basic bit hax looks like this:
    Code:
    code1a:
    mov (X), %eax // Read from address X
    mov (Y), %ebx // Read from address Y
    clflush (X) // Flush cache for address X
    clflush (Y) // Flush cache for address Y
    jmp code1a
    Is there any chance to make a spiderhax on the go ram editor/thing?
     
    Margen67 likes this.
  2. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,964
    3,238
    Nov 18, 2012
    United States
    Las Vegas
    That looks like an x86 specific exploit vector tbh, and it wouldn't work on the 3DS because you cannot flush the cache for a specific address from usermode, needs kernel.
     
  3. yifan_lu

    yifan_lu @yifanlu

    Member
    660
    1,373
    Apr 28, 2007
    United States
    Harder to exploit on arm than x86 because no unpriviledged cache flushing. Not impossible but very hard. Much easier to exploit the kernel through the usual means.