Difference between revisions of "IQue Player System Flaws"

Revision as of 04:16, 26 April 2018

Summary	Description	Timeframe this was discovered	Discovered by
No known hardware exploits

Summary	Description	Successful exploitation result	Timeframe this was discovered	Discovered by
psychic paper: Secure Kernel could incorrectly consider a self-signed certificate chain as valid	The function for verifying certificate chains at `0x9FC028BC` is passed an array of pointers to certificates. For the first 5 elements, it checks to see if the certificate was issued by `Root`, if so it checks if the certificate was signed by the hardcoded `Root` public key (and returns immediately with the result). If the certificate wasn't signed by `Root`, it checks if the certificate was signed by the public key of the next certificate in the array. If all 5 certificates verified correctly, the function will return success.	Assuming this function can be called with an attacker-controlled array of certificates, self-signing of certificates (and thus, arbitrary code execution, with full non-Secure Mode privileges) (This is not the case for Secure Applications, the code in SK for verifying those sets up a hardcoded array on the stack for the certificate verification function)	April 2018	Riley

Summary	Description	Successful exploitation result	Exploitable System Applications	Timeframe this was discovered	Discovered by
No known System Application exploits

@@ Line 35: / Line 35: @@
 |}
-==Secure Applications==
+==System Applications==
 {| class="wikitable" border="1"
 |-
@@ Line 41: / Line 41: @@
 !  Description
 !  Successful exploitation result
-!  Exploitable Secure Applications
+!  Exploitable System Applications
 !  Timeframe this was discovered
 !  Discovered by
 |-
-|  No known Secure Application exploits
+|  No known System Application exploits
 |
 |