Hacking Haxing 3DS using Row Hammer?

AtlanticBit

Yeh, fuck this
OP
Member
Joined
Jan 15, 2015
Messages
365
Trophies
0
Age
53
Location
DEEP IN SPACE
XP
369
Country
Poland
If you haven't heared of Row Hammer a basic bit hax looks like this:
Code:
code1a:
mov (X), %eax // Read from address X
mov (Y), %ebx // Read from address Y
clflush (X) // Flush cache for address X
clflush (Y) // Flush cache for address Y
jmp code1a
Is there any chance to make a spiderhax on the go ram editor/thing?
 
  • Like
Reactions: Margen67

shinyquagsire23

SALT/Sm4sh Leak Guy
Member
Joined
Nov 18, 2012
Messages
1,970
Trophies
0
Age
25
Location
Las Vegas
XP
3,648
Country
United States
If you haven't heared of Row Hammer a basic bit hax looks like this:
Code:
code1a:
mov (X), %eax // Read from address X
mov (Y), %ebx // Read from address Y
clflush (X) // Flush cache for address X
clflush (Y) // Flush cache for address Y
jmp code1a
Is there any chance to make a spiderhax on the go ram editor/thing?

That looks like an x86 specific exploit vector tbh, and it wouldn't work on the 3DS because you cannot flush the cache for a specific address from usermode, needs kernel.
 

yifan_lu

@yifanlu
Member
Joined
Apr 28, 2007
Messages
663
Trophies
0
XP
1,671
Country
United States
Harder to exploit on arm than x86 because no unpriviledged cache flushing. Not impossible but very hard. Much easier to exploit the kernel through the usual means.
 

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3N1 @ K3N1: https://youtube.com/shorts/5_yMwLMHhjc?feature=share