Hacking Meltdown Vulnerability

trasixes

New Member
OP
Newbie
Joined
Jan 4, 2018
Messages
2
Trophies
0
Age
42
XP
31
Country
United States
I'm sure everyone has seen the news of the Meltdown vulnerability in virtually all modern processors from AMD, Intel, ARM, etc.

My first thought - could this be used to hack the Xbox One (among other consoles)?

Anyone have any insight as to why it would, or would not, be useful?

Edit: This is what I get for posting in a hurry. It's Spectre, not meltdown, that is thought to affect AMD/Intel/ARM processors.
 
Last edited by trasixes,

guicrith

Well-Known Member
Newcomer
Joined
Apr 29, 2013
Messages
72
Trophies
0
Age
42
XP
618
Country
United States
Its also completely useless since it only lets you read memory not write or execute which is needed for any kind of console hack.
 
  • Like
Reactions: DinohScene

DinohScene

Gay twink catboy
Global Moderator
Joined
Oct 11, 2011
Messages
21,984
Trophies
3
Location
Восторг
XP
19,134
Country
Antarctica
this too, not even on the only intel based console, the OG xbox, would have any use

The original Xbox was made 17 years ago.
With production being 18 years old.
The Pentium 3 CPU is 19 years old.

Modern CPU's suffer from the bug, not old ones.


Scratch that.
 
Last edited by DinohScene,

brunocar

Well-Known Member
Member
Joined
Aug 14, 2017
Messages
790
Trophies
0
Age
38
XP
1,694
Country
Argentina
The original Xbox was made 17 years ago.
With production being 18 years old.
The Pentium 3 CPU is 19 years old.

Modern CPU's suffer from the bug, not old ones.
nope, also fake news propagated by intel to save ass, every processor since the pentium 2 is affected
 
  • Like
Reactions: weatMod

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,434
Trophies
2
XP
13,904
Country
Micronesia, Federated States of
Its also completely useless since it only lets you read memory not write or execute which is needed for any kind of console hack.
This couldn't be any less true. In the 3ds's case, knowing a certain console-unique key can open up the sd card to attacks (saves, dsiware, etc).
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,183
Trophies
1
XP
4,959
Country
United Kingdom
So what the hell are we supposed to do? Freak out in mass panic and hope our computers don't get hacked to hell?

Install the OS update & laugh at the people who are outraged at Intel. They just need to call the Waaambulance.

FWIW AMD appear to be affected by spectre and both Intel and ARM were working with AMD as all CPUs are affected. Then AMD took cheap shots at Intel, which is to be expected from AMD really. Hopefully researchers will now target AMD for a while, even though they are largely irrelevant.
 
Last edited by smf,
  • Like
Reactions: Subtle Demise

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
Install the OS update & laugh at the people who are outraged at Intel. They just need to call the Waaambulance.

I use Intel, not an AMD user, and I've installed the patch, but ugh. The only thing that blows is performance may take a hit somewhat, IDK. Luckily I can easily uninstall the patch if it sucks.
 

brunocar

Well-Known Member
Member
Joined
Aug 14, 2017
Messages
790
Trophies
0
Age
38
XP
1,694
Country
Argentina
Got any source on it?
https://meltdownattack.com/
"Which systems are affected by Meltdown?
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown."
 

guicrith

Well-Known Member
Newcomer
Joined
Apr 29, 2013
Messages
72
Trophies
0
Age
42
XP
618
Country
United States
This couldn't be any less true. In the 3ds's case, knowing a certain console-unique key can open up the sd card to attacks (saves, dsiware, etc).
You have to already have user mode code execution though and if you did you would not need to gain user mode code execution, which is all editing a decrypted save would get you if your lucky enough to have a bug in save parsing, as for dsiware, its signed like iOS apps, you may edit it but its not going to run since its signed with nintendos keys not just your consoles.
 

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,434
Trophies
2
XP
13,904
Country
Micronesia, Federated States of
You have to already have user mode code execution though and if you did you would not need to gain user mode code execution, which is all editing a decrypted save would get you if your lucky enough to have a bug in save parsing, as for dsiware, its signed like iOS apps, you may edit it but its not going to run since its signed with nintendos keys not just your consoles.
DSiWare execution == system pwned. Check plailect's guide regarding dsiware injection, b9sTool, etc. and the dsiware transfer method.

As far as dsiware exports being signed, well ...
https://www.3dbrew.org/wiki/3DS_System_Flaws (DSiWare_Exports CTCert verification)
They're self-signed which means they're not signed. Decrypt=pwned.
 

guicrith

Well-Known Member
Newcomer
Joined
Apr 29, 2013
Messages
72
Trophies
0
Age
42
XP
618
Country
United States
DSiWare execution == system pwned. Check plailect's guide regarding dsiware injection, b9sTool, etc. and the dsiware transfer method.

As far as dsiware exports being signed, well ...
https://www.3dbrew.org/wiki/3DS_System_Flaws (DSiWare_Exports CTCert verification)
They're self-signed which means they're not signed. Decrypt=pwned.
Ok your right, I did not know that I thought nintendo signed them, does nintendo sign the 3ds binarys or does this apply to them as well?
 

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,434
Trophies
2
XP
13,904
Country
Micronesia, Federated States of
Ok your right, I did not know that I thought nintendo signed them, does nintendo sign the 3ds binarys or does this apply to them as well?
3ds games are properly signed afaik. 3ds saves can be modified* if you have the movable.sed keyy and same with dsiware exports.
The actual srl binaries contained inside the dsiware exports (better known as .nds files) are signed and checked, but for some reason Nintendo doesn't check which signed binaries are present, so you can inject older, exploitable games in the export .bins.

*you can't sign saves since that would require the private key to be present on the system -since saves are modified on the system

Anyway, this is getting really off-topic so I'll just shut up :P
 
Last edited by zoogie,
General chit-chat
Help Users
  • No one is chatting at the moment.
    Psionic Roshambo @ Psionic Roshambo: Pumpkin Spice gaming accessories lol