More actions
(Created page with "{{Infobox Switch Homebrews |title=Fusee Launcher |image=fuseelauncherswitch.png |description=A reference implementation launcher for the Fusée Gelée Tegra X1 bootROM exploit. |author=Qyriad |lastupdated=2019/04/18 |type=Payload senders (Software) |version=v1.0 |license=GPL-2.0 |download=https://dlhb.gamebrew.org/switchhomebrews/fuseelauncherswitch.7z |website=https://github.com/Qyriad/fusee-launcher |source=https://github.com/Qyriad/fusee-launcher |donation= }} {{#seo:...") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Infobox Switch Homebrews | {{Infobox Switch Homebrews | ||
|title=Fusee Launcher | |title=Fusee Launcher | ||
|image= | |image=fuseelaunchernx.png | ||
|description=A reference implementation launcher for the Fusée Gelée Tegra X1 bootROM exploit. | |description=A reference implementation launcher for the Fusée Gelée Tegra X1 bootROM exploit. | ||
|author=Qyriad | |author=Qyriad | ||
| Line 8: | Line 8: | ||
|version=v1.0 | |version=v1.0 | ||
|license=GPL-2.0 | |license=GPL-2.0 | ||
|download=https://dlhb.gamebrew.org/switchhomebrews/ | |download=https://dlhb.gamebrew.org/switchhomebrews/fuseelaunchernx.7z | ||
|website=https://github.com/Qyriad/fusee-launcher | |website=https://github.com/Qyriad/fusee-launcher | ||
|source=https://github.com/Qyriad/fusee-launcher | |source=https://github.com/Qyriad/fusee-launcher | ||
|donation= | |donation= | ||
}} | }} | ||
The Fusée Launcher is a proof-of-concept arbitrary code loader for a variety of Tegra processors, which takes advantage of CVE-2018-6242 ("Fusée Gelée") to gain arbitrary code execution and load small payloads over USB. | |||
The vulnerability is documented in the report subfolder. | |||
== | ==User guide== | ||
The main launcher is "fusee-launcher.py". Windows, Linux, macOS and FreeBSD are all natively supported. Instructions for Windows specifically can be found on the [https://github.com/Qyriad/fusee-launcher/wiki wiki]. | |||
With a Tegra device in RCM and connected via USB, invoke the launcher with the desired payload as an argument, e.g. <code>./fusee-launcher.py payload.bin</code>. Linux systems currently require either that the Tegra device be connected to an XHCI controller (used with blue USB 3 ports) or that the user has patched their EHCI driver. | |||
==Screenshots== | ==Screenshots== | ||
https://dlhb.gamebrew.org/switchhomebrews/ | https://dlhb.gamebrew.org/switchhomebrews/fuseelaunchernx2.png | ||
==Credits== | |||
Fusée Gelée (CVE-2018-6242) was discovered and implemented by Kate Temkin (@ktemkin); its launcher is developed and maintained by Mikaela Szekely (@Qyriad) and Kate Temkin (@ktemkin). | |||
Credit goes to: | |||
*Qyriad - maintainership and expansion of the code. | |||
*SciresM, motezazer - guidance and support. | |||
*hedgeberg, andeor - dumping the Jetson bootROM. | |||
*TuxSH - help with a first pass of bootROM RE. | |||
*the ReSwitched team. | |||
Love / greetings to: | |||
*Levi / lasersquid. | |||
* | *Aurora Wright. | ||
*f916253. | |||
*MassExplosion213. | |||
*CVE-2018-6242 was also independently discovered by fail0verflow member shuffle2 as the "shofEL2" vulnerability-- so that's awesome, too. | |||
== External links == | == External links == | ||
* | * GitHub - https://github.com/Qyriad/fusee-launcher | ||
* | * FAQ: Fusée Gelée - https://www.ktemkin.com/faq-fusee-gelee/ | ||
Revision as of 04:17, 7 July 2023
| Fusee Launcher | |
|---|---|
 | |
| General | |
| Author | Qyriad |
| Type | Payload senders (Software) |
| Version | v1.0 |
| License | GPL-2.0 |
| Last Updated | 2019/04/18 |
| Links | |
| Download | |
| Website | |
| Source | |
The Fusée Launcher is a proof-of-concept arbitrary code loader for a variety of Tegra processors, which takes advantage of CVE-2018-6242 ("Fusée Gelée") to gain arbitrary code execution and load small payloads over USB.
The vulnerability is documented in the report subfolder.
User guide
The main launcher is "fusee-launcher.py". Windows, Linux, macOS and FreeBSD are all natively supported. Instructions for Windows specifically can be found on the wiki.
With a Tegra device in RCM and connected via USB, invoke the launcher with the desired payload as an argument, e.g. ./fusee-launcher.py payload.bin. Linux systems currently require either that the Tegra device be connected to an XHCI controller (used with blue USB 3 ports) or that the user has patched their EHCI driver.
Screenshots
Credits
Fusée Gelée (CVE-2018-6242) was discovered and implemented by Kate Temkin (@ktemkin); its launcher is developed and maintained by Mikaela Szekely (@Qyriad) and Kate Temkin (@ktemkin).
Credit goes to:
- Qyriad - maintainership and expansion of the code.
- SciresM, motezazer - guidance and support.
- hedgeberg, andeor - dumping the Jetson bootROM.
- TuxSH - help with a first pass of bootROM RE.
- the ReSwitched team.
Love / greetings to:
- Levi / lasersquid.
- Aurora Wright.
- f916253.
- MassExplosion213.
- CVE-2018-6242 was also independently discovered by fail0verflow member shuffle2 as the "shofEL2" vulnerability-- so that's awesome, too.
External links
- GitHub - https://github.com/Qyriad/fusee-launcher
- FAQ: Fusée Gelée - https://www.ktemkin.com/faq-fusee-gelee/