| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 04 Dec 2003 18:39:56 +0100 From: Troed SĂ„ngberg <troed@...gberg.se> To: bugtraq@...urityfocus.com Subject: Re: [ANNOUNCE] glibc heap protection patch On Thu, 04 Dec 2003 12:10:05 +0100, Stefan Esser <se@...iracy.de> wrote: > Just an example: The gamecube was hacked by an information leak exploit. > A crc feature the Phantasy Star Online game allows to request checksums > of arbitrary memory positions (and sizes). > So it was possible for the smart guy who did it, to create a complete > memory dump from > remote. In that case your magic values are worthless... Which hack? The PSO-upload hack on the Gamecube is vastly different from tmbinc's truly embarrassing (for Nintendo) hack on the so-called crypto. In short: All communication between the serial chip holding the BIOS and the Gamecube's flipper-chip is two-way. Naturally, if a chip is only interested in receiving data it will shift out garbage. What tmbinc found out was that when the encrypted data was shifted to the Flipper (for decryption) the _decrypted data_ was shifted back. Since the encryption was nothing more than a XOR-seed from a PNRG it was trivial to XOR the encrypted BIOS image with the decrypted data and get access to the whole XOR-key (starting seed always the same) and thus it's trivial to produce BIOS replacements. I agree that this is an information leak, but PSO has very little to do with it. I do not consider the PSO-upload hack to be a hack of the Gamecube, but tmbinc's retrieval of the BIOS encryption "key" certainly is. We're straying off topic. Further off-topic discussions in mail. regards, Troed
Powered by blists - more mailing lists