科技回声

8 条评论

<rant value="verbose">It's circuit bending, or Fritzing, not finding a clever exploit in DRAM. Even an ECC module isn't going to help you if it's on the CPU data bus.I just hope we don't all end up suffering through yet another 50% slowdown in patches to the Kernel to avoid this nonsense because someone buys the BS and now it has to be "fixed", like the row hammer software fixes, instead of just fixing the dam DRAM modules, and better hardware.</rant>Another analogy:It's like when a brain surgeon probes your cerebellum and suddenly you smell strawberry or hear Brahms. The surgeon certainly doesn't know what reaction you have unless you tell them.You wouldn't go around later saying "Dr Jones made me smell strawberries, on a whim, certainly he's a G*d"

评论 #41752219 未加载

评论 #41761639 未加载

captn3m08 个月前

Some context from the author’s fedi account:> I'm exploring this because I think it might be useful for console hacking - where you have physical access, and the ability to execute sandboxed code (say, inside a web browser)ID: @retr0id@retr0.id (they ask not to link to their fedi instance).

sans_souse8 个月前

This is some low level hacking right here

backspace_8 个月前

Do I need a lighter or the matrix soundtrack to accomplish this hack.

评论 #41750345 未加载

dan_linder8 个月前

So if we don't have the addition of the antenna wire, is the usual case shielding sufficient or do we just need larger/intense pulses, more of them, or somewhere in between? is like to try this at home, but not if I have to solder a wire on the already small RAM traces.

评论 #41749949 未加载

评论 #41752193 未加载

azalemeth8 个月前

Yet again, I wish we all had ECC ram!Here's the code: <a href="https://github.com/DavidBuchanan314/dram_emfi/blob/main/linux_x86_64_lpe.c">https://github.com/DavidBuchanan314/dram_emfi/blob/main/linu...</a> -- the basic idea is> Hardware setup: This time I put the "antenna" wire on DQ25, which will fault 64-bit values to +/-32MiB> Exploit strat: We fill up as much of physical memory as possible with page tables.> When we fault a PTE read, we have a good chance of landing on a page table, giving us R/W access to a page table from userspace.

CTDOCodebases8 个月前

I remember kids using these things into Street Fighter II machines to get free credits.

ano-ther8 个月前

Impressive! And a music track like that should be standard for all progress bars.

8 条评论

mikewarot8 个月前

评论 #41752219 未加载

评论 #41761639 未加载

captn3m08 个月前

sans_souse8 个月前

This is some low level hacking right here

backspace_8 个月前

Do I need a lighter or the matrix soundtrack to accomplish this hack.

评论 #41750345 未加载

dan_linder8 个月前

评论 #41749949 未加载

评论 #41752193 未加载

azalemeth8 个月前

CTDOCodebases8 个月前

I remember kids using these things into Street Fighter II machines to get free credits.

ano-ther8 个月前

Impressive! And a music track like that should be standard for all progress bars.

Exploiting DRAM bitflips to get a root shell

8 条评论

Exploiting DRAM bitflips to get a root shell

8 条评论