Yea @AmpBenzScientist there was one more, i'm not sure we talked about it yet.

Have You ever heard of DARPA Cyber Grand Challange?

@PawelK I wasn't inactive while I was silent. I have a problem with the Xbox One and it not being cracked. 8 cores and fast memory are very useful. It seems that the only feasible way to run unauthorized code is through browser exploits.

It seems to me that only going after the AMD Secure Platform ARM core and hitting the TPM would result in a usable break. I had various ideas about how to exploit it but that system is the most secure Microsoft product of all time.

@AmpBenzScientist
Where do the AMD and ARM sit there and how do they interact?

Something like CA/CI smartcard system from settopboxes/digitvs or harder/easier to craig.

@PawelK AMD implemented the ARM core on the CPU die in 2013. I have an A10 without it and an A4 with it. It's physically on the die and controls the CPU functions. AMD still has this on their CPUs.

If you want information about it there was a certain Lenovo laptop that had it in the UEFI. It was reverse engineered. A problem quickly arises with exploiting the PSP and that would be a series of checksums. Microsoft signed code would need to be run to get in that way. That's why I thought of an FPGA to inject code directly to the processor. The ARM core is running a RTOS and could potentially be hit through Ethernet.

The ARM core has complete control of the CPU. I believe it has trustzone too. Own the ARM core and, there's an exploit for many AMD processors, beat the other security checks to free the system.

All that work on securing the hardware and they still used garbage thermal paste.

@AmpBenzScientist

Hmm. Nice way, I would prolly try to go after the little guy over there too, or the way the check is made on checksums, or against the predetermined prior against which the incoming one is checked.

Cant the same scenario of attack used against lenovo be applied here or cant the proceedings thereof?

@PawelK Lenovo has terrible firmware and it was so bad that it revealed some PSP secrets. Security on the Xbox One is much better. I believe they used a more advanced TPM or equivalent and that is not on the CPU. It's a real challenge unless one has advanced machinery, which is less costly now due to dye size, as the goal of the security team was to make the console require more money to crack than the retail price.

The Security Team said that and kinda hinted that the processor was the way to crack it. So it would require more precision than the ~1mm gaps I can solder. It might require something in the 14nm range.

@AmpBenzScientist
Id think here, unless the root certificate varying between the cpus from many boxes is burned into die, the CPU is just algo, and the varying root certificate must be stored elsewhere.

Basically, it seems right assumption, one has to think of such craigs in a way: it will cost you say 1M to crack it, but one has indeed to aim for shared weak point between all boxes.

As of crakin tpms/trustzones, i had a source on those. Brb.

@AmpBenzScientist

Yea id lookup weaknesses in "ARM's specific trustzone's mech name" etc in usenix secu conf proceedings.

I am pretty sure I saw something there, maybe thats why they introed Pluto.

@PawelK Allegedly some Israeli Team cracked PSP but they were discredited (paid off likely). So AMD has an even better target than Intel's old CPUs.

@AmpBenzScientist
Id be scared to try Intel or Amd, i'd try to aim for any smaller be it peripheral, controller etc

@PawelK If I fry a console I could probably get another for not much cost. Microsoft hardened everything. The PS4 with its nearly identical hardware has been cracked. This seems like it will require exploiting the CPU itself.

So that's what has been keeping me up at night and busy researching. For such a low value target, modems look like easy money in comparison.

@AmpBenzScientist
Id head for modems. One of wisdoms of my life is to choose one's opponents and allies with better judgements.

@PawelK That is good advice. I don't have the resources to throw at the Xbox One. A modem should be easier and should be oddly familiar.

It's crazy how far they have come. Cold War radar systems technology is being used. I think beam forming and smart antennas are being used in modems now. It's not really important to study that but it's impressive.

@AmpBenzScientist
Both on terminals and on base stations these BF algos.

@PawelK It seems like a smart phone could be used in an inexpensive MANPADS system. A modification of the Wild Weasel runs could be used against the latest fighters. Get them to use radar, lock onto the signal and let a few varieties of missiles loose.

@AmpBenzScientist

Nice idea. I never thought about this. Thank You.

@PawelK The cameras could easily get to a helicopter. I don't think the original Stinger could touch fighter planes but it sure did hit the helicopters. Multi spectra sensors could just connect to the smart phone and possibly hit the stealth planes or better yet, send ceramic beads into the air around the fighter. Those turbines would be shredded.