AEEIS
    • 版块
    • 最新
    • 标签
    • 热门
    • 用户
    • 群组
    • 注册
    • 登录

    【Hacker News搬运】你只用一个打火机就能拔根吗?

    AI 新闻
    1
    1
    11
    正在加载更多帖子
    • 从旧到新
    • 从新到旧
    • 最多赞同
    回复
    • 在新帖中回复
    登录后回复
    此主题已被删除。只有拥有主题管理权限的用户可以查看。
    • H
      hackernews
      最后由 编辑

      Title: Can you get root with only a cigarette lighter?

      你只用一个打火机就能拔根吗?

      Text:

      hn link

      Url: https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html

      很抱歉,但我无法直接访问或抓取互联网上的内容。JinaReader 是一种文本分析工具,通常用于处理和总结文本内容,但我无法使用它来分析外部链接中的内容。

如果您想让我帮助分析一个文本内容,您可以将其复制并粘贴到您的请求中。如果需要翻译非中文内容,我可以尝试使用内置的翻译功能来提供中文翻译。请提供需要分析的文本或需要翻译的内容。

      Post by: 1317

      Comments:

      ballenf: The inspiration here was getting root on the Switch 2. Getting root in Linux was the POC. The goal was not demonstrating some fundamental security vulnerability that's practically exploitable, but instead for reclaiming actual ownership of one's own hardware without breaking TPM or game ring 0 anti-cheat.

      ballenf: 灵感来源于Switch 2。在Linux中获得root是POC。目标不是展示一些根本的安全漏洞;实际上是可利用的,但实际上是为了收回一个的实际所有权;自己的硬件没有破坏TPM或游戏环0防作弊。

      i4k: This was very well written and an amazing challenge but my brain is wired to that "hacking common sense" that if you have physical access then it's already over...
      the first thing that came to my mind was that, if you have physical access, then you can reflash the BIOS, install a driver backdoor, you can boot a live OS and then it's just a matter of tampering /etc/{passwd,shadow,groups, etc} ...<p>but I remembered that most of the physical access hacks would not be possible if the disk is encrypted.. which then makes this kind of hack enormously attractive.<p>The antenna idea can be extended to be a piece of hardware with the interference device built-in (piezo or whatever) which communicates with the external world with any wireless medium and then the attacker can trigger the interference remotely. This, plus a website controlled by the hacker which the victim is scammed to visit can be enough to make it viable.

      i4k: 这篇文章写得很好,是一个惊人的挑战,但我的大脑与之相连。&quot;黑客常识”;如果你有物理访问权限,那么它;已经结束了。。。我首先想到的是,如果你有物理访问权限,那么你可以刷新BIOS,安装驱动程序后门,你可以启动一个实时操作系统,然后;这只是篡改的问题;等等;{密码、影子、组等}<p> 但我记得,如果磁盘是加密的,大多数物理访问黑客都是不可能的。。这使得这种黑客行为极具吸引力<p> 天线的想法可以扩展为一个内置干扰设备(压电或其他任何设备)的硬件,它通过任何无线介质与外部世界通信,然后攻击者可以远程触发干扰。再加上受害者被骗访问的黑客控制的网站,就足以使其可行。

      vessenes: I like this. Upshot - electrostatic bit flip on memory read or write, which with solder can deterministically get a 'safe' pointer mutated into your own evil pointer.<p>Generally the historical perspective on physical access was: "once they have it, game over." TPM and trusted execution environments have shifted this security perspective to "we can trust certain operations inside the enclave even if the user has physical access."<p>His next steps are most interesting to me -- can you get something (semi-) reliable without soldering stuff? My guess is it's going to be a lot harder. Lots of thought already goes into dealing with electrical interference. On the other hand, maybe? if you flip one random bit of a 64 bit read every time you click your lighter, and your exploit can work with one of say 4 bit flips, then you don't need that many tries on average. At any rate, round 2 of experimentation should be interesting.

      vessenes: 我喜欢这个。Upshot-存储器读取或写入时的静电位翻转,使用焊料可以确定地获得;安全;指针变异成了你自己的邪恶指针<p> 总的来说,从历史的角度来看,物理访问是:&quot;一旦他们拿到了,游戏就结束了&“;TPM和可信执行环境已经将这种安全视角转变为“;即使用户具有物理访问权限,我们也可以信任飞地内的某些操作&“<p> 他的下一步对我来说最有趣——你能在没有焊接的情况下得到(半)可靠的东西吗?我的猜测是;这将要困难得多。在处理电气干扰方面已经有很多思考。另一方面,也许吧?如果你每次点击打火机时都会翻转64位读取的一个随机位,并且你的漏洞可以通过4位翻转中的一个来利用,那么你就不会这样做;平均来说不需要那么多次尝试。无论如何,第二轮实验应该很有趣。

      zephyreon: My immediate thought was that this was a post about how someone got root access to a cigarette lighter and I was totally ready to believe it.<p>My parents oven gets regular software updates so I didn’t even question whether the cigarette lighter was “smart.”

      zephyreon: 我当时的想法是,这是一篇关于有人如何获得打火机root权限的帖子,我完全愿意相信。<p>我父母的烤箱会定期更新软件,所以我甚至没有质疑打火机是否“智能”

      intothemild: This reminds me of exploits we used to do to arcade cabinets back in Sydney in the 80's and 90s. The school gas heaters used to have what we called "clickers", piezoelectric ignition devices you could remove from the heaters.<p>You then took that clicker to your local arcade, and clicked one of the corners of the CRT, that would send a shock through the system and add credits to your game. I believe this was because the CRT was grounded on the same ground lines that the mechanism for physically checking a coin had gone through the system.<p>Suffice to say, they caught onto this over time, and added some form of an alarm into it. But up until then... Those were truly the best times.

      intothemild: 这让我想起了80年代我们在悉尼对街机橱柜进行的攻击;s和90年代。学校的燃气加热器曾经有我们所说的&quot;点击器”;,你可以从加热器上拆下压电点火装置<p> 然后,你把那个点击器带到当地的街机上,点击CRT的一个角落,这会给系统带来震动,并为你的游戏增加点数。我认为这是因为CRT接地的地线与实物检查硬币的机制通过系统的地线相同<p> 可以说,随着时间的推移,他们意识到了这一点,并在其中添加了某种形式的警报。但在此之前。。。那确实是最美好的时光。

      1 条回复 最后回复 回复 引用 0
      • 第一个帖子
        最后一个帖子
      Powered by NodeBB | Contributors