On 1/24/2018 9:04 PM, Mike Franklin wrote:
On Thursday, 25 January 2018 at 04:59:55 UTC, Mike Franklin wrote:
Yes, ROM is at address 0. Address 0 contains the initial stack pointer. So
you read address 0, dereference it, and then do your damage.
This is from the "what were they thinking" school of CPU design. Blargh.
Keep in mind too that the ROM, on these devices, is actually reprogrammable from
the firmware itself, so one could do some clever exploitation of that feature to
insert whatever they want into the product's firmware.
I've posted online many times that people creating embedded systems should put
the firmware in ROM, so malware will not survive a reset.
The riposte I get is the firmware must be rewritable from the internet in order
to fix malware written to it from the internet :-)
