Sponsored Links

Sponsored Links

Results 1 to 7 of 7



  1. #1
    Contributor parkerparker's Avatar
    Join Date
    Feb 2008
    Posts
    70
    Sponsored Links

    Question Cold Boot Attack Theory

    Sponsored Links
    Hi just dropped in to tell you guys a thought....

    Basically reading info tonight about the already known cold boot attacking of systems. I was wondering since "Mr Wesley McGrew" the guy who made this discovery. There are files available for download. Like syslinux etc. I was wondering if it is possible to somewhat prepare the usb stick prepare it all in the linux side and then rebooting linux... would it dump the exact memory at time of starting linux? maybe at this stage there is some unecrypted data?!?!?! I hear that before decryption of data takes place the key must be available?!?!

    just a thought!

  2. #2
    Contributor wiseman's Avatar
    Join Date
    Feb 2008
    Posts
    13
    Sponsored Links
    Sponsored Links
    Isn't that Cold Boot Attack require to remove the memory chip without switching off the machine and dump the data from the memory chip?

    I guess no one can make a XDR Memory BGA Socket for PS3.

    Even someone can do such thing, it will be very costly for them.

  3. #3
    Contributor parkerparker's Avatar
    Join Date
    Feb 2008
    Posts
    70
    Sponsored Links
    Sponsored Links
    Wesley’s tool is called msramdump and is designed to run from a USB thumb drive, using SysLinux (a very small Linux bootloader). He includes detailed instructions (complete with screenshots) on how to create a working thumb drive for booting a computer and dumping memory straight to the drive

    it doesn't require anything but a thumb drive?!?! we could boot this when linux started?!? maybe with a bit of reconfiguration!

    these files are freely available mcgrewsecurity!

  4. #4
    Banned User CoreTX's Avatar
    Join Date
    Jan 2008
    Posts
    20
    This attack vector will not work one on one, because of the hypervisor and over architecture of the PS3. However, the "Basics" of the attack can be done, if you have acces to a university with VERY expensive equipment..... (And a few PS3's to fry)

  5. #5
    Senior Member jabberosx's Avatar
    Join Date
    Dec 2006
    Posts
    199
    Quote Originally Posted by parkerparker View Post
    Wesley’s tool is called msramdump and is designed to run from a USB thumb drive, using SysLinux (a very small Linux bootloader). He includes detailed instructions (complete with screenshots) on how to create a working thumb drive for booting a computer and dumping memory straight to the drive

    it doesn't require anything but a thumb drive?!?! we could boot this when linux started?!? maybe with a bit of reconfiguration!

    these files are freely available mcgrewsecurity!
    Sorry guy!.. Nice Idea. But wont work. Simply because if we were at a level to boot off a USB stick in PS3. we could run code in ps3. Also, like the gentleman above stated. PS3 hypervisor wont give access to the hardware behind it.

    The only way you can do this is to open up the PS3 and then build a custom socket for the PS3 memory and pul the info off of there.

  6. #6
    Banned User CoreTX's Avatar
    Join Date
    Jan 2008
    Posts
    20
    Quote Originally Posted by jabberosx View Post
    Sorry guy!.. Nice Idea. But wont work. Simply because if we were at a level to boot off a USB stick in PS3. we could run code in ps3. Also, like the gentleman above stated. PS3 hypervisor wont give access to the hardware behind it.

    The only way you can do this is to open up the PS3 and then build a custom socket for the PS3 memory and pul the info off of there.
    With special equipment you could also read out the electromagnetic radiation from it When you have a sequence of for example 11111111, the spike will be bigger then, when you have a sequence of 00000000.

    When we read this data, it is possible to extract the key from the data flow since somewhere in memory it must be exchanged.

  7. #7
    Contributor robots's Avatar
    Join Date
    May 2008
    Posts
    12
    even if you were able to "cold boot", you would probably need to use the other os, and before entering the "other os" hypervisor erases all of the memory.

 

Sponsored Links
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News