75
edits
Changes
Jump to navigation
Jump to search
Line 6:
Line 6: + Line 11:
Line 12: − + − +
no edit summary
! Successful exploitation result
! Successful exploitation result
! Discovered
! Discovered
! Exploited
! Discovered by
! Discovered by
|-
|-
| Much like the 3DS boot0, some of the DSi's exception handlers are backed by RAM which isn't immediately cleared on a reset. Using fault injection, it is possible to cause an undefined instruction exception before the clearing happens, making the CPU jump to code remaining in RAM from the previous boot cycle. This only works on the ARM7, as on the ARM9, it is backed by main memory, which is only initialized by [[boot1]].
| Much like the 3DS boot0, some of the DSi's exception handlers are backed by RAM which isn't immediately cleared on a reset. Using fault injection, it is possible to cause an undefined instruction exception before the clearing happens, making the CPU jump to code remaining in RAM from the previous boot cycle. This only works on the ARM7, as on the ARM9, it is backed by main memory, which is only initialized by [[boot1]].
| Code execution under ARM7 boot0
| Code execution under ARM7 boot0
| {{SortableMonth|Jun|2016}} (first successful exploit: {{SortableMonth|Mar|2021}}
| {{SortableMonth|Jun|2016}}
| {{User|Nocash}}, Normmatt, dark_samus, ApacheThunder (first successful exploit: {{User|PoroCYon}})
| {{User|Nocash}}, Normmatt, dark_samus, ApacheThunder (first successful exploit: {{User|PoroCYon}}, March 2021)
|}
|}
== boot1 ==
== boot1 ==