On Thursday, 25 January 2018 at 04:59:55 UTC, Mike Franklin wrote:
Yes, ROM is at address 0. Address 0 contains the initial stack pointer. So you read address 0, dereference it, and then do your damage.
Keep in mind too that the ROM, on these devices, is actually reprogrammable from the firmware itself, so one could do some clever exploitation of that feature to insert whatever they want into the product's firmware.
Mike
