AmpBenzScientist @AmpBenzScientist@qoto.org

@PawelK Lessons learned from American jets in desert environments. Also the horrible turbines in the F14, fire a missile and the exhaust could destroy the turbines. Also geese getting in turbines. It's a fragile thing that sucks in whatever it can to make thrust.

@PawelK The cameras could easily get to a helicopter. I don't think the original Stinger could touch fighter planes but it sure did hit the helicopters. Multi spectra sensors could just connect to the smart phone and possibly hit the stealth planes or better yet, send ceramic beads into the air around the fighter. Those turbines would be shredded.

@PawelK Perhaps so. It's probably all the mayonnaise and dumplings that help them survive.

@PawelK It seems like a smart phone could be used in an inexpensive MANPADS system. A modification of the Wild Weasel runs could be used against the latest fighters. Get them to use radar, lock onto the signal and let a few varieties of missiles loose.

@PawelK I just found it one day, Molchat Doma seems to lead to that.

I don't question the dancing cow but 5 grams?

@PawelK That is good advice. I don't have the resources to throw at the Xbox One. A modem should be easier and should be oddly familiar.

It's crazy how far they have come. Cold War radar systems technology is being used. I think beam forming and smart antennas are being used in modems now. It's not really important to study that but it's impressive.

@PawelK https://www.youtube.com/watch?v=OyDyOweu-PA

Curwa seems to be more versatile than I thought.

@PawelK If I fry a console I could probably get another for not much cost. Microsoft hardened everything. The PS4 with its nearly identical hardware has been cracked. This seems like it will require exploiting the CPU itself.

So that's what has been keeping me up at night and busy researching. For such a low value target, modems look like easy money in comparison.

@PawelK This feels like being trolled. Decade old hardware and firmware from Microsoft have yet to be publicly cracked. I only have an Xbox One because a friend was about to sell it or throw it away.

@PawelK Allegedly some Israeli Team cracked PSP but they were discredited (paid off likely). So AMD has an even better target than Intel's old CPUs.

@mzan Or COVID 19 and the culture of fear that manipulated the public while elected officials bought stocks.

@PawelK The PSP core is a MCU. I suspect that, like cache on CPUs or RAM, a row hammer attack could be performed successfully. That's part of the reason why I selected the (cheapest and most powerful FPGA I could find) Tang 20k.

Obviously the problem, aside from the FPGA and its associated hardware, is getting a RTOS that likely has little to no documentation running the code to safely gain that Ring -3? access.

@PawelK Finding a viable exploit would open PCs and Servers powered by AMD.

@PawelK The security keys are no joke. The security seems to be mainly handled by the PSP and the TPM thing. I think the new consoles also have the "Pluto" chip which is another layer. My guess is that the Pluto chip is intended to stop such attacks.

Perhaps they got sloppy and something could be revealed by RE the New Consoles to find out how to exploit the Decade old hardware.

@PawelK Lenovo has terrible firmware and it was so bad that it revealed some PSP secrets. Security on the Xbox One is much better. I believe they used a more advanced TPM or equivalent and that is not on the CPU. It's a real challenge unless one has advanced machinery, which is less costly now due to dye size, as the goal of the security team was to make the console require more money to crack than the retail price.

The Security Team said that and kinda hinted that the processor was the way to crack it. So it would require more precision than the ~1mm gaps I can solder. It might require something in the 14nm range.

@PawelK That's a great question. Perhaps the Ethernet port would reveal useful information. I considered using two. Without a very expensive lab, the best route I saw was Ethernet. I believe the PSP communicates over Ethernet to verify new firmware and potentially other things. There should be a path to the PSP through Ethernet.

@PawelK @mr_poindexter That sounds much better than what I feared.

@PawelK AMD implemented the ARM core on the CPU die in 2013. I have an A10 without it and an A4 with it. It's physically on the die and controls the CPU functions. AMD still has this on their CPUs.

If you want information about it there was a certain Lenovo laptop that had it in the UEFI. It was reverse engineered. A problem quickly arises with exploiting the PSP and that would be a series of checksums. Microsoft signed code would need to be run to get in that way. That's why I thought of an FPGA to inject code directly to the processor. The ARM core is running a RTOS and could potentially be hit through Ethernet.

The ARM core has complete control of the CPU. I believe it has trustzone too. Own the ARM core and, there's an exploit for many AMD processors, beat the other security checks to free the system.

All that work on securing the hardware and they still used garbage thermal paste.

@PawelK All of that just to run Linux. That was my goal and also to save a rather capable device from becoming E waste.

8 cores on the Jaguar arch (pre Zen) and 8GB of GDDR5, I think, are the reward. The containers used for emulation and apps only allow around 4GB to be utilized. It's still a custom chipset but close enough that an exploit on the PSP could potentially work.

I was thinking about using an FPGA with 20K LUTs to intercept or change some checks. The system is locked down tight. I think it's a Cortex A7 core that resides in the Processor.

Everything about the original Xbox One was a solid design. I hate the X Clamp but I understand that it could expand under heat to make better contact with the CPU. They understood that cold air sinks and exhaust the hot air up through a nicely designed duct. They still used garbage thermal paste on the chips.

I couldn't get ahold of my Artic Silver 5 that I trust so I bought some thermal paste from Best Buy. The active ingredient is Zinc Oxide (yes the same as sunscreen) and it actually brought the temperatures down.

The GPU has an equivalent in computers. It just makes me angry that the potential is just wasted on games. The fast ram is the most impressive part as a Laptop A10 quad core from the previous gen can perform about 75% as well. The newer models X and S have more powerful hardware but the security seems to be about the same.

@PawelK I wasn't inactive while I was silent. I have a problem with the Xbox One and it not being cracked. 8 cores and fast memory are very useful. It seems that the only feasible way to run unauthorized code is through browser exploits.

It seems to me that only going after the AMD Secure Platform ARM core and hitting the TPM would result in a usable break. I had various ideas about how to exploit it but that system is the most secure Microsoft product of all time.