D
Deleted User
Guest
OP
In case anyone wants to go looking for the bootrom exploit that caused this ktempkin drama, it's related to SDRAM warmboot.
Apparently there is a flaw in the bootrom that lets you takeover the bootrom itself when the bootrom is executing code during a warmboot reset.
How it fits together is you set up some special values in memory and trigger a warmboot reset. If you did it correctly it will trigger the vulnerability and will jump to your code, thus taking over the bootrom.
If you have a 4.1 exploit to trigger warm boot reset, you can have a softmod that does this.
Obviously I left out a few details, but someone more skilled knows where to look now...
Apparently there is a flaw in the bootrom that lets you takeover the bootrom itself when the bootrom is executing code during a warmboot reset.
How it fits together is you set up some special values in memory and trigger a warmboot reset. If you did it correctly it will trigger the vulnerability and will jump to your code, thus taking over the bootrom.
If you have a 4.1 exploit to trigger warm boot reset, you can have a softmod that does this.
Obviously I left out a few details, but someone more skilled knows where to look now...