Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.


This is an exploit for boot1.5

It is a bug in how boot1.5 loads boot2. Boot1.5 has a base address of 11200000. boot1.5 does not check the signature before copying the image to the base address, so If you make a boot2 image with 11200000 as a base address, it will overwrite boot1.5's code in RAM while it is running and run your code instead. 

it probably works on all other versions too if you change the overwrite address and nop sled length

On CR4 emulator it doesn't work; it restarts the exploit, and then claims "wrong boot2 version". It works on real hardware.

nMaker was created by Xavier Andréani (critor).