One correction
To use this exploit
You will need 20.0.0+ fw at switch 2 to enable switch 1 compatibility
Any physical cartridge with 20.0.0 fw will be needed to manually update fw
I created switch 1/2 userland exploit that is not webkit or save exploit
"But we already have userland exploit from day 1"
The difference is existing userland exploit is based on save exploit which can't be used without save transfer using Nintendo Online Service
Which forces you to be at latest fw
So even if kexploit or some sw based privilege escalation is found 99% people can't use save exploit.
But this one works without any restriction and works at all fw
Why not hack the webkit?
Switch 2 webkit has Arm PAC(Pointer Authentication Code) that prevents ROP code execution
So I avoided it as there was more easy one to exploit it
Dear PlayStation.
I'm sorry you don't want my money anymore. I'm sure I'll find other ways to spend it. Good luck with your future endeavours.
All the best,
An ex-customer
Physical media forever. X
https://t.co/sLRcXu8KR1
(PS5 12.00)
NEED SOMEONE TO COMPILE THIS, Can't access my computer rn
What this does:
Find kernel offsets for future patching
Extract BD pairing data for analysis
Discover hidden keys in kernel memory
Map system structure for exploit development
https://t.co/sLRcXu8KR1
(PS5 12.00)
NEED SOMEONE TO COMPILE THIS, Can't access my computer rn
What this does:
Find kernel offsets for future patching
Extract BD pairing data for analysis
Discover hidden keys in kernel memory
Map system structure for exploit development
https://t.co/sLRcXu8KR1
(PS5 12.00)
NEED SOMEONE TO COMPILE THIS, Can't access my computer rn
What this does:
Find kernel offsets for future patching
Extract BD pairing data for analysis
Discover hidden keys in kernel memory
Map system structure for exploit development
https://t.co/sLRcXu8KR1
(PS5 12.00)
NEED SOMEONE TO COMPILE THIS, Can't access my computer rn
What this does:
Find kernel offsets for future patching
Extract BD pairing data for analysis
Discover hidden keys in kernel memory
Map system structure for exploit development
@notnotzecoxao deci5s_context_handle_packet()
deci5s_context_handle_sdbgp_packet()
deci5s_sdbgp_context_handle_get_mmu()
These parse variable-length packets from the debug host. If the x86 side can inject malformed packets , buffer overflows or type confusions it could give it code execution.