Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Fusee Launcher Switch

From GameBrew
Revision as of 04:22, 9 July 2023 by HydeWing (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Fusee Launcher
Fuseelaunchernx.png
General
AuthorKate Temkin, Qyriad
TypePayload Senders (Software)
Version2019
LicenseGPL-2.0
Last Updated2019/04/18
Links
Download
Website
Source

The Fusée Launcher is a proof-of-concept arbitrary code loader for a variety of Tegra processors, which takes advantage of CVE-2018-6242 ("Fusée Gelée") to gain arbitrary code execution and load small payloads over USB.

The vulnerability is documented in the report subfolder.

User guide

The main launcher is "fusee-launcher.py". Windows, Linux, macOS and FreeBSD are all natively supported. Instructions for Windows specifically can be found on the wiki.

With a Tegra device in RCM and connected via USB, invoke the launcher with the desired payload as an argument, e.g. ./fusee-launcher.py payload.bin. Linux systems currently require either that the Tegra device be connected to an XHCI controller (used with blue USB 3 ports) or that the user has patched their EHCI driver.

Screenshots

fuseelaunchernx2.png

Credits

Fusée Gelée (CVE-2018-6242) was discovered and implemented by Kate Temkin (@ktemkin); its launcher is developed and maintained by Mikaela Szekely (@Qyriad) and Kate Temkin (@ktemkin).

Credit goes to:

  • Qyriad - maintainership and expansion of the code.
  • SciresM, motezazer - guidance and support.
  • hedgeberg, andeor - dumping the Jetson bootROM.
  • TuxSH - help with a first pass of bootROM RE.
  • the ReSwitched team.

Love / greetings to:

  • Levi / lasersquid.
  • Aurora Wright.
  • f916253.
  • MassExplosion213.
  • CVE-2018-6242 was also independently discovered by fail0verflow member shuffle2 as the "shofEL2" vulnerability-- so that's awesome, too.

External links

Advertising: