Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 96: | Line 96: | ||
and skips the last step to derive using 0x348. thus instead the master key | and skips the last step to derive using 0x348. thus instead the master key | ||
gc auth keys are derived using a constant that is obtainable.. | gc auth keys are derived using a constant that is obtainable.. | ||
< | <pre> | ||
ret = bigmac_aes256_cmac_to_keyring(key_1,0x21,0x345); | ret = bigmac_aes256_cmac_to_keyring(key_1,0x21,0x345); | ||
if (ret == 0) { | if (ret == 0) { | ||
Line 116: | Line 116: | ||
} | } | ||
return ret; | return ret; | ||
</ | </pre> | ||
=== sceIoDevctl does not clear stack buffer === | === sceIoDevctl does not clear stack buffer === | ||
(24/11/2014) | (24/11/2014) | ||
Line 141: | Line 141: | ||
When passed proper arguments, sceNetSyscallIoctl will execute a function from the socket's vtable at the end: | When passed proper arguments, sceNetSyscallIoctl will execute a function from the socket's vtable at the end: | ||
< | <pre> | ||
v13 = (*(int (__fastcall **)(int, signed int, unsigned int, char *))(*(_DWORD *)(socket + 24) + 28))( | v13 = (*(int (__fastcall **)(int, signed int, unsigned int, char *))(*(_DWORD *)(socket + 24) + 28))( | ||
socket, | socket, | ||
Line 147: | Line 147: | ||
flags_, | flags_, | ||
mem_); | mem_); | ||
</ | </pre> | ||
Fixed in 3.63. | Fixed in 3.63. |