AmpBenzScientist @AmpBenzScientist@qoto.org

@PawelK Allegedly some Israeli Team cracked PSP but they were discredited (paid off likely). So AMD has an even better target than Intel's old CPUs.

@mzan Or COVID 19 and the culture of fear that manipulated the public while elected officials bought stocks.

@PawelK The PSP core is a MCU. I suspect that, like cache on CPUs or RAM, a row hammer attack could be performed successfully. That's part of the reason why I selected the (cheapest and most powerful FPGA I could find) Tang 20k.

Obviously the problem, aside from the FPGA and its associated hardware, is getting a RTOS that likely has little to no documentation running the code to safely gain that Ring -3? access.

@PawelK Finding a viable exploit would open PCs and Servers powered by AMD.

@PawelK The security keys are no joke. The security seems to be mainly handled by the PSP and the TPM thing. I think the new consoles also have the "Pluto" chip which is another layer. My guess is that the Pluto chip is intended to stop such attacks.

Perhaps they got sloppy and something could be revealed by RE the New Consoles to find out how to exploit the Decade old hardware.

@PawelK Lenovo has terrible firmware and it was so bad that it revealed some PSP secrets. Security on the Xbox One is much better. I believe they used a more advanced TPM or equivalent and that is not on the CPU. It's a real challenge unless one has advanced machinery, which is less costly now due to dye size, as the goal of the security team was to make the console require more money to crack than the retail price.

The Security Team said that and kinda hinted that the processor was the way to crack it. So it would require more precision than the ~1mm gaps I can solder. It might require something in the 14nm range.

@PawelK That's a great question. Perhaps the Ethernet port would reveal useful information. I considered using two. Without a very expensive lab, the best route I saw was Ethernet. I believe the PSP communicates over Ethernet to verify new firmware and potentially other things. There should be a path to the PSP through Ethernet.

@PawelK @mr_poindexter That sounds much better than what I feared.

@PawelK AMD implemented the ARM core on the CPU die in 2013. I have an A10 without it and an A4 with it. It's physically on the die and controls the CPU functions. AMD still has this on their CPUs.

If you want information about it there was a certain Lenovo laptop that had it in the UEFI. It was reverse engineered. A problem quickly arises with exploiting the PSP and that would be a series of checksums. Microsoft signed code would need to be run to get in that way. That's why I thought of an FPGA to inject code directly to the processor. The ARM core is running a RTOS and could potentially be hit through Ethernet.

The ARM core has complete control of the CPU. I believe it has trustzone too. Own the ARM core and, there's an exploit for many AMD processors, beat the other security checks to free the system.

All that work on securing the hardware and they still used garbage thermal paste.

@PawelK All of that just to run Linux. That was my goal and also to save a rather capable device from becoming E waste.

8 cores on the Jaguar arch (pre Zen) and 8GB of GDDR5, I think, are the reward. The containers used for emulation and apps only allow around 4GB to be utilized. It's still a custom chipset but close enough that an exploit on the PSP could potentially work.

I was thinking about using an FPGA with 20K LUTs to intercept or change some checks. The system is locked down tight. I think it's a Cortex A7 core that resides in the Processor.

Everything about the original Xbox One was a solid design. I hate the X Clamp but I understand that it could expand under heat to make better contact with the CPU. They understood that cold air sinks and exhaust the hot air up through a nicely designed duct. They still used garbage thermal paste on the chips.

I couldn't get ahold of my Artic Silver 5 that I trust so I bought some thermal paste from Best Buy. The active ingredient is Zinc Oxide (yes the same as sunscreen) and it actually brought the temperatures down.

The GPU has an equivalent in computers. It just makes me angry that the potential is just wasted on games. The fast ram is the most impressive part as a Laptop A10 quad core from the previous gen can perform about 75% as well. The newer models X and S have more powerful hardware but the security seems to be about the same.

@PawelK I wasn't inactive while I was silent. I have a problem with the Xbox One and it not being cracked. 8 cores and fast memory are very useful. It seems that the only feasible way to run unauthorized code is through browser exploits.

It seems to me that only going after the AMD Secure Platform ARM core and hitting the TPM would result in a usable break. I had various ideas about how to exploit it but that system is the most secure Microsoft product of all time.

@PawelK No I haven't but there was a large effort to replace SCADA years ago and I helped with our solution. I don't know what was picked but it wasn't our work. (The story was leaked but still I am hesitant to say anything about it.)

I highly doubt that I could win something put out by DARPA. That would mean going up against the brightest minds at MIT, UCB and other spooky Universities. I could try.

@freemo Deadpan comedy was great. Looks like I picked the wrong week to quit amphetamines.

@freemo I read that and recall the scene in Naked Gun where Nielsen asks for a Black Russian.

@freemo Libertarian views here, big government and the incestual cocktail parties of both sides prevent any meaningful changes taking hold. They morph societal rules into an unwinnable game. The Left is The Right and we are all living in their constructed reality and fighting the fights they want us to fight.

Divide and Conquer, so much for E Publis Unum.

@AmelieH@mastodon.social A hollow stainless steel tube that is perfectly safe if used correctly. It goes in the mouth and not the nose.

@freemo Masculinity: Doing something wrong so force can be used to accomplish the objective.

Femininity: Doing something the easy way.

They both work and complement the other. If the easy way doesn't work, use force. If force doesn't fix the problem, perhaps something obvious was overlooked.

It's a classic family tale, dad is usually stubborn and wrong and mom is right.