|
|
|
|
|
|
by landr0id
1468 days ago
|
|
|
Super minor nitpick but ROP wasn’t used for the King Kong/SMC exploit. I would consider it a ROP exploit if multiple return-oriented gadgets were chained together to form a full exploit chain, but what happened here is the syscall handler was invoked with a malformed index causing a single jump to user-mode code with kernel-mode privileges. It’s not too dissimilar to calling an arbitrary function pointer. Otherwise this is a great comprehensive rundown! I was just recently talking to a coworker too about how I think the Xbox 360 was the first consumer device to have the following types of attacks done to it: 1. Hypervisor attack to then reboot the console into a newer system OS version to retain the vulnerable hypervisor but be able to play new games and get online. This required soldering a separate flash chip to hold the newer system files. 2. Fault injection (reset glitch hack) to attack the system's bootloader As a teenager who learned programming/hacking by messing with the Xbox 360, I'm thankful that Nintendo is still keeping the dream alive for our next generation of hackers. |
|
|