Attacking the Nintendo 3DS Boot ROMs
This addresses a security vulnerability in the Nintendo 3DS, enabling unauthorized access to protected memory, but it is incremental as it builds on known cryptographic attack techniques.
The researchers attacked the Nintendo 3DS boot ROMs to exfiltrate secret information and achieve persistent early code execution on uncompromised devices, exploiting RSA signature verification flaws to bypass security.
We demonstrate attacks on the boot ROMs of the Nintendo 3DS in order to exfiltrate secret information from normally protected areas of memory and gain persistent early code execution on devices which have not previously been compromised. The attack utilizes flaws in the RSA signature verification implementation of one of the boot ROMs in order to overflow ASN.1 length fields and cause invalid firmware images to appear valid to the signature parser. This is then used to load a custom firmware image which overwrites the data-abort vector with a custom data abort handler, then induces a data-abort exception in order to reliably redirect boot ROM code flow at boot time. This executes a payload which, due to its reliable early execution by a privileged processor, is able to function as a persistent exploit of the system in order to exfiltrate secret information (such as encryption keys) from normally protected areas of memory.