The bootrom vulnerability isn't an entry point at first. I keep using these examples because you aren't understanding that. In the 3ds, the bootrom is not an entry point until you use A SEPARATE entry point to install the bootrom exploit. Once the exploit is installed then yes it is an entry point. Once installed you have code execution at boot. But you need to install the exploit first, and then after you do that you have code execution at boot. Your fundamental understanding of how these things work is extremely flawed.I understand the principal of a coldboot exploit and the strengths of it. I also understand the 3ds but I'm not referring to that right now - appreciate we do not know everything about it at this point but it gives you a permanent entry point in which you can exploit the target. We don't have the whole 9-11 handoff situation here we have essentially trustzone manipulation. If you have root at the start anything is potentially available (hardmod or not). The updates to the firmware are all mitigation tactics and not fixes. They're defensively coding against attack vectors. If this wasn't an issue i'd hazard a guess they would not have bumped a major version, blown a fuse and essentially made all new future software signed from the new key.
We don't have code execution at boot until we install the bootrom exploit, which in most cases requires code execution. And we don't get code execution at boot with bootrom until we install the exploit, meaning it will likely require code execution later in boot (ie with the browser after boot) in order to install the exploit and get code execution at boot.
Edit: most of this is talking about the 3ds exploit, and using it and basic understanding of electronics to explain why the exploit itself is patchable, but the method to access it and install it may be patchable (ie requiring any kind of code execution).
If it just had automatic code exec without requiring any previous code execution why would they still have been pushing for kernel and trustzone even after these bootrom exploits were known? Wouldn't bootrom have been the end all solution at that point?
Last edited by TheCyberQuake,