Yea @AmpBenzScientist there was one more, i'm not sure we talked about it yet.

Have You ever heard of DARPA Cyber Grand Challange?

@PawelK I wasn't inactive while I was silent. I have a problem with the Xbox One and it not being cracked. 8 cores and fast memory are very useful. It seems that the only feasible way to run unauthorized code is through browser exploits.

It seems to me that only going after the AMD Secure Platform ARM core and hitting the TPM would result in a usable break. I had various ideas about how to exploit it but that system is the most secure Microsoft product of all time.

@AmpBenzScientist
Where do the AMD and ARM sit there and how do they interact?

Something like CA/CI smartcard system from settopboxes/digitvs or harder/easier to craig.

@PawelK AMD implemented the ARM core on the CPU die in 2013. I have an A10 without it and an A4 with it. It's physically on the die and controls the CPU functions. AMD still has this on their CPUs.

If you want information about it there was a certain Lenovo laptop that had it in the UEFI. It was reverse engineered. A problem quickly arises with exploiting the PSP and that would be a series of checksums. Microsoft signed code would need to be run to get in that way. That's why I thought of an FPGA to inject code directly to the processor. The ARM core is running a RTOS and could potentially be hit through Ethernet.

The ARM core has complete control of the CPU. I believe it has trustzone too. Own the ARM core and, there's an exploit for many AMD processors, beat the other security checks to free the system.

All that work on securing the hardware and they still used garbage thermal paste.

@AmpBenzScientist

Hmm. Nice way, I would prolly try to go after the little guy over there too, or the way the check is made on checksums, or against the predetermined prior against which the incoming one is checked.

Cant the same scenario of attack used against lenovo be applied here or cant the proceedings thereof?

@PawelK Lenovo has terrible firmware and it was so bad that it revealed some PSP secrets. Security on the Xbox One is much better. I believe they used a more advanced TPM or equivalent and that is not on the CPU. It's a real challenge unless one has advanced machinery, which is less costly now due to dye size, as the goal of the security team was to make the console require more money to crack than the retail price.

The Security Team said that and kinda hinted that the processor was the way to crack it. So it would require more precision than the ~1mm gaps I can solder. It might require something in the 14nm range.