Hacking Question Warmboot exploit

[Phoenixrite]

To anyone with the appropriate knowledge what can this exploit do, can't do and if I update to the latest firmware after applying it would it stop working? Thank you.

 

[kitzuki]

I don't think we have too much information because the warmboot exploit has been under raps for now.

In case anyone wants to go looking for the bootrom exploit that caused this ktempkin drama, it's related to SDRAM warmboot.
Apparently there is a flaw in the bootrom that lets you takeover the bootrom itself when the bootrom is executing code during a warmboot reset.

How it fits together is you set up some special values in memory and trigger a warmboot reset. If you did it correctly it will trigger the vulnerability and will jump to your code, thus taking over the bootrom.
If you have a 4.1 exploit to trigger warm boot reset, you can have a softmod that does this.

https://gbatemp.net/threads/switch-bootrom-warmboot-exploit.511281/

 

[adrifcastr]

To anyone with the appropriate knowledge what can this exploit do, can't do and if I update to the latest firmware after applying it would it stop working? Thank you.

Said exploit, namely deja vu, is a TZ takeover while HOS is running, thus having ace in EL2 enables a warmboot (also reffered as soft reboot) which will then upon boot execute the specified executable payload at runtime