Sponsored Links

Sponsored Links

Page 18 of 18 FirstFirst ... 8161718
Results 171 to 179 of 179



  1. #171
    Banned User oyashio's Avatar
    Join Date
    Feb 2010
    Posts
    38
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by plains203 View Post
    With part 5, it's not a matter of throwing on some liquid as you will end up shorting out the memory chip and causing a little wisp of smoke.
    No, it won't, because liquid air or h20 destillata has a very low thermal conductivity = condctivity of electricy... It could do a shortcut, but only if the RAM got >100W, which is actually impossible.

    Liquid Air or clean H2O (destillata) will work...
    Quote Originally Posted by jayjo View Post
    freezing the SRAM dosnt work anymore.. [Register or Login to view links]
    This from 2002. In 2002, there weren't any DRAM (DoubleDataRAM)... Only DRAM keep their data if it's cold...

    But thank you!!! espcially for your interests... I think you should get +Rep

    @ chipsy: Yeah, I think you've understood it well!!
    Last edited by oyashio; 02-22-2010 at 09:22 AM Reason: Automerged Doublepost

  2. #172
    Registered User hagisbasheruk's Avatar
    Join Date
    Feb 2010
    Posts
    18
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by jayjo View Post
    freezing the SRAM dosnt work anymore.. [Register or Login to view links]
    Have a look at pages 4 and 5 here: [Register or Login to view links]

    PC A using SDRAM
    PC B " DDR
    PC C " DDR
    PC D DDR2
    PC E DDR2
    PC F DDR2

    It goes on to say that newer memory technologies decay data at a faster rate but that even the shorter times are enough to facilitate most attacks

    Thanks to Princeton University, EFF and Wind River Systems for making this info available in 2008.
    Last edited by hagisbasheruk; 02-22-2010 at 10:14 AM Reason: Automerged Doublepost

  3. #173
    Contributor sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Sponsored Links
    Sponsored Links
    You already got a very minimal Linux at your hands in the form of kboot / petitboot. You can drop into a shell from the bootloader, mount your HDD, load the exploit module from there and dump the system memory to it.

    I don't know if it's possible to use the RSX memory - it would definately involve some serious kernel hacking. The current implementation of ps3vram uses it as a block device rather than "real" memory. If it were possible to use it as system memory I'm sure someone would have implemented it already because wasting ~200 MiB of perfectly good memory would be pretty stupid, wouldn't it?

    As for the argument of "software reboot" vs. "cold boot": you want to avoid the OS to clean up after itself on reboot. It won't clear all of memory (that would make reboots awfully slow) but it definately will destroy some of it's more important data structures, stop processes etc etc. With a hard power-off you avoid that and ensure that the RAM contents represent the state of a fully operational system.

    From my limited knowledge of this form of side channel attack it would have to go down like this (your PS3 would have to be disassembled):

    1. Prepare kernel modules so they can be used from kboot / petitboot shell
    2. Write a script to do the module loading / dumping so you can do it fast
    3. Boot into GameOS and set the default OS to OtherOS - do not select automatical reboot
    4. Spray liquid air or nitrogen on your memory
    5. Yank the power cord
    6. Keep applying coolant
    7. Power on the PS3 booting into the bootloader shell
    8. Start dumping process

    One alternative would be to dump the system memory to RSX memory instead of disk since writes to RSX memory are a lot faster than writes to disk. This would help in saving the memory contents as fast as possible but would also require a working ps3vram module within your kboot / petitboot environment. Once the system RAM has been stored in RSX memory you can write it to disk from there without a hurry.

  4. #174
    Senior Member CodeKiller's Avatar
    Join Date
    Nov 2009
    Posts
    130
    Quote Originally Posted by sapperlott View Post
    One alternative would be to dump the system memory to RSX memory instead of disk since writes to RSX memory are a lot faster than writes to disk. This would help in saving the memory contents as fast as possible but would also require a working ps3vram module within your kboot / petitboot environment. Once the system RAM has been stored in RSX memory you can write it to disk from there without a hurry.
    I think lot of people miss the point: When the system powered on, the automatic DRAM-refresh cycles takes care of the content-refresh. In short: if switched on, the data in the mem will remain, regardless of what was in there. In working system only overwrite of datas can destruct content.

    If the footprint of a small linux cannot be shrinked further, i think it still can map to other parts of the mem, so after multiple dump/multiple allocation near complete dump can be done...

  5. #175
    Contributor lavatar's Avatar
    Join Date
    Dec 2009
    Posts
    35

    Question

    Did anyone ask Mathieulh? because he did already dump lvl2. I think he will not share his dump but he can give the right direction...

  6. #176
    Contributor tridentsx's Avatar
    Join Date
    Feb 2010
    Posts
    25
    Quote Originally Posted by CodeKiller View Post
    I think lot of people miss the point: When the system powered on, the automatic DRAM-refresh cycles takes care of the content-refresh. In short: if switched on, the data in the mem will remain, regardless of what was in there. In working system only overwrite of datas can destruct content.

    If the footprint of a small linux cannot be shrinked further, i think it still can map to other parts of the mem, so after multiple dump/multiple allocation near complete dump can be done...
    Exactly my point. No need to hurry all the time in the world. That was why I was skeptical about doing the power off since that would potentially clear the memory. As soon as that machine has power the memories will refresh them self keeping their content.

  7. #177
    Banned User oyashio's Avatar
    Join Date
    Feb 2010
    Posts
    38
    Quote Originally Posted by CodeKiller View Post
    I think lot of people miss the point: When the system powered on, the automatic DRAM-refresh cycles takes care of the content-refresh. In short: if switched on, the data in the mem will remain, regardless of what was in there. In working system only overwrite of datas can destruct content.

    If the footprint of a small linux cannot be shrinked further, i think it still can map to other parts of the mem, so after multiple dump/multiple allocation near complete dump can be done...
    Yes, that's the "negative" point. Or we must recode the linux, so it uses the HDD/VRAM/whatever instead of the XDR-RAM...

    But after dumping a big part of the RAM, the PS3 could still get really hacked... That little part doesn't matter much. As I said a linux which uses VRAM/HDD/whatever but RAM/... instead of the XDR-RAM, will be just great!!!

    @tridentsx: A hard poweroff won't clear the RAM, if you keep the RAM at a very low temperature (-50C)...
    Last edited by oyashio; 02-22-2010 at 05:49 PM Reason: Automerged Doublepost

  8. #178
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    28,604

    Arrow

    Quote Originally Posted by lavatar View Post
    Did anyone ask Mathieulh? because he did already dump lvl2. I think he will not share his dump but he can give the right direction...
    Sadly you are gravely mistaken. The day Mathieulh first ran around announcing and tweeting it CJPC gave him that opportunity on MSN, more than once, and he not only refused to share any lv2 dump details but also told CJPC (as he did like a hypocrite before with the lv0/lv1 dumps he didn't do himself) to "do it yourself" so he definitely has no intention of helping others dump their own.

    Mathieulh did, however, tell CJPC they plan to post some information dragged out slowly over the course of several months (extending their "bragging period" in attempt to make themselves feel important) so this is why many PS3 Devs are now sitting back and letting them do all the work, as it appears that is the way GeoHot and Mathieulh want it.

    To anyone still wishing to pursue GeoHot's coldboot ramblings, I suggest you read einzwei's thread as it seems he's one of few able to see through them.

  9. #179
    Contributor sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Quote Originally Posted by CodeKiller View Post
    I think lot of people miss the point: When the system powered on, the automatic DRAM-refresh cycles takes care of the content-refresh. In short: if switched on, the data in the mem will remain, regardless of what was in there. In working system only overwrite of datas can destruct content.
    OK - good point. Cooling would only be needed if the RAM was to be removed from the system (which it can't in this particular case since it isn't socketed).

    Quote Originally Posted by CodeKiller View Post
    If the footprint of a small linux cannot be shrinked further, i think it still can map to other parts of the mem, so after multiple dump/multiple allocation near complete dump can be done...
    But only if LV2 maps to the same areas of memory every time. Otherwise it would be a nice puzzle to put back together

    Quote Originally Posted by tridentsx View Post
    Exactly my point. No need to hurry all the time in the world. That was why I was skeptical about doing the power off since that would potentially clear the memory. As soon as that machine has power the memories will refresh them self keeping their content.
    Again - the hard power off is necessary to get an image from a state where the system is actually running normally (cause that's what we're interested in). On a soft shutdown / reboot it will alter the contents of memory and might perform some "housekeeping" (although I'm pretty sure that it won't clear all the memory).

    One method to strip linux to its bare minimum would be to build a kernel that only contains the modules necessary for the dumping process (no bluetooth, networking etc) and put the dumping software into the initrd to run as the init process. This could be combined into a single image (like kboot / petitboot already does) and stored in flash instead of kboot / petitboot. It would then have to write the dump to an USB attached disk containing for example an ext3 partition.

 
Sponsored Links

Page 18 of 18 FirstFirst ... 8161718
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News