WiiBrew

Changes

Wii system flaws (view source)

Revision as of 00:58, 16 July 2021

787 bytes added ,  00:58, 16 July 2021
Weird boot0 bug I found a couple months ago
Line 24: Line 24:  
| {{SortableMonth|Jul|2008}}
 
| {{SortableMonth|Jul|2008}}
 
| {{User|bushing}}
 
| {{User|bushing}}
 +
|}
 +
 +
== boot0 ==
 +
 +
{| class="wikitable sortable" border="1"
 +
|-
 +
!  Summary
 +
!  Description
 +
!  Successful exploitation result
 +
!  Fixed in boot0 version
 +
!  Discovered
 +
!  Discovered by
 +
|-
 +
|  Dead jump instruction after jump to panic
 +
|  [[boot0]] has a common panic routine that runs under a number of scenarios, one of which is when the [[boot1]] hash check fails. For unknown reasons, there is an extra jump to the normal boot1 loading code after panic returns ([[boot0/Code dump|offset FFFF04E0]]), despite panic never having any possibility of returning. It may be possible to time a voltage attack correctly to skip over the jump-to-panic instruction, allowing for certain recovery software.
 +
|  Bypassing the boot1 hash check
 +
|  Unfixed
 +
|  {{SortableMonth|May|2021}}
 +
|  {{User|Hallowizer}}
 
|}
 
|}
  
Hallowizer
5,579

edits

Retrieved from "https://wiibrew.org/wiki/Special:MobileDiff/112501"