Phillip LaneOct 5, 2024
David Buchanan
If you solder a ~10cm long "antenna" wire to a laptop's DRAM data bus, it makes it extra sensitive to electromagnetic interference.

So much so that clicking a piezo-electric arc lighter nearby can induce bit-flips.

I wrote an exploit to turn those bitflips into a shell:
Oct 2, 2024 at 10:17pmWeb
Show threadDavid BuchananOct 2, 2024
PoC source: https://github.com/DavidBuchanan314/dram_emfi/blob/348bd15c9e767bff5968a4fcc80a97b81dc63bda/ddr3_dq7.py
dram_emfi/ddr3_dq7.py at 348bd15c9e767bff5968a4fcc80a97b81dc63bda · DavidBuchanan314/dram_emfi

playing with DDR DRAM bus fault injection. Contribute to DavidBuchanan314/dram_emfi development by creating an account on GitHub.

GitHub
Show threadDavid BuchananOct 2, 2024
I'm exploring this because I think it might be useful for console hacking - where you have physical access, and the ability to execute sandboxed code (say, inside a web browser)
Show threadDavid BuchananOct 5, 2024
now with 100% more root. prototype-quality exploit source: https://github.com/DavidBuchanan314/dram_emfi/blob/main/linux_x86_64_lpe.c
dram_emfi/linux_x86_64_lpe.c at main · DavidBuchanan314/dram_emfi

playing with DDR DRAM bus fault injection. Contribute to DavidBuchanan314/dram_emfi development by creating an account on GitHub.

GitHub
Show threadXenotime | Science/Coding VTuberOct 5, 2024
@retr0id @retr0id hell yeah, that’s awesome
Show threadUrdleOct 5, 2024
@retr0id thanks for sharing this, this is another level of physical attack I did not know about
Show threadwebhatOct 5, 2024
@retr0id nice 👍
Show threadJonasOct 5, 2024
@retr0id
Hot damn 😎
Show threadjoshOct 5, 2024
@retr0id the energy from your fingers flipped those bits
Show threadKarlOct 5, 2024
@retr0id That's impressive.
Show threadqwertyoruiopzOct 5, 2024
@retr0id gotta buy some bulk piezo clickers, when the next jailbreak hits prices are going to skyrocket
Show threadDrWhaxOct 5, 2024
@retr0id epic
Show threadMelroy van den BergOct 3, 2024
@retr0id especially with pcie maybe. Try to use m.2 to exploit the cpu.
Show threadRairii (bootloader unlocked, MSR_LE set)Oct 3, 2024
@retr0id don't consoles tend to have some form of hardware ram encryption?
Show threadDavid BuchananOct 3, 2024
@Rairii possibly, I'll be finding out how the nintendo switch reacts to it shortly
Show threadMethylzeroOct 3, 2024
@retr0id @Rairii Yeah I think all of the AMD SOCs have transparent RAM encryption
Show threadAlonely0 🦀 🇪🇺Oct 4, 2024
@Methylzero @retr0id @Rairii the switch has an Nvidia chip.
Show threadSaagar JhaOct 6, 2024
@retr0id @Rairii We’re kicking grandpa over here are we
Show threadMarioOct 3, 2024
@Rairii @retr0id I’d still expect a bit flip to be reflected in decrypted data — I’m assuming the way blocks of data are encrypted is some sort of xor against another pseudo random block of data, without any kind of authentication or serial dependency on previous blocks
Show threadhalcy​ Oct 2, 2024

@retr0id jesus

i‘ve seen glitching exploits but with a lighter is just hilarious

Show threadAlesandro Ortiz 🇵🇷🏳️‍🌈Oct 2, 2024
@retr0id 🔥 Don't let the DEF CON hotels look at this video.
Show threadKevin Bowrin ☕Oct 2, 2024
@retr0id CVE (Critical Vulnerability Entertainment) Score: 10/10.
Show threadWulfy—Speaker to the machinesOct 2, 2024

@retr0id

When I was a kid we would use piezo electric ciggy lighters to get credits on some of the arcade game machines

#oldschoolcool

Show threadhaifischOct 2, 2024
@n_dimension @retr0id semi fun fact, Nevada technical standards for casino gaming devices specify "electrical interference immunity" as the first standard. I like to think the hackers back in '89 inspired that one.
Show threadevilchiliOct 2, 2024
@retr0id why bit 7?
Show threaddemofoxOct 2, 2024
@evilchili @retr0id nobody bit 7 but 7 ate 9
Show threadDavid BuchananOct 2, 2024
@evilchili it's convenient because it either adds or subtracts 128 when flipped, which I use to "misalign" a pointer into an object
Show threadgeorgiaOct 3, 2024
@retr0id good for ghost huntin
Show threadm_on_stairOct 3, 2024
@[email protected] do you have source code / a WU?
Show threadVivien (dentelle & numérique)Oct 3, 2024
@retr0id M-x butterfly
Show threadVivien (dentelle & numérique)Oct 3, 2024
@retr0id #ALT4you video of a laptop console that reacts to lighter clicks
Show threadXenotime | Science/Coding VTuberOct 3, 2024
@retr0id This is friggin awesome
Show threadStefan EissingOct 3, 2024

@retr0id @catsalad

Won‘t work with Rust, right? Right?😬

Show threadLetoramOct 3, 2024
@retr0id Seen / Read https://ieeexplore.ieee.org/document/1199334 ?
Show threadAL WyvernOct 3, 2024
@retr0id cc @bean might be of interest to you
Show threadNK30  Oct 3, 2024
@retr0id I've got one of those light arc lighters. What would that do to the RAM?
Show threaduwu1baOct 3, 2024
@retr0id yeah... don't let anybody have physical access to your computers
Show threadProfessor_StevensOct 3, 2024

@a1ba @retr0id

The manufacturer has physical access.

Show threaduwu1baOct 3, 2024
@Professor_Stevens @retr0id your family members probably too.
Show threadProfessor_StevensOct 3, 2024

@a1ba @retr0id

True, though I trust them not to be for sale to hostile governments.

Show threadLudovic Archivist LagouardetteOct 5, 2024
@Professor_Stevens @a1ba @retr0id eh, some of my family members killed my pets because they didn't like cats. I am fairly sure they would sell me for 50 bucks despite being rich as fuck
Show threadProfessor_StevensOct 5, 2024

@Archivist @a1ba @retr0id

I believe you are on the verge of insight as to just why it is that they are rich as fuck.

Show threadLudovic Archivist LagouardetteOct 5, 2024
@Professor_Stevens @a1ba @retr0id I did not reject that part of my family telling them they are assholes and that I will not go to their funeral without a reason
Show threaduwu1baOct 5, 2024
@Archivist @Professor_Stevens @retr0id wtf O_o
Show threadLudovic Archivist LagouardetteOct 5, 2024
@a1ba @Professor_Stevens @retr0id they grabbed the occasion while I was doing a business trip to, while my brotherhad his husky outside, to let her out with her kitten. Then they said that it was my fault for going to work and not taking her with me. Note that the cat was at my apartment, and I had someone come regularly to care for them
Show threadCGdoppelpunktOct 3, 2024

@retr0id

"If you solder a ~10cm long "antenna" wire to a laptop's DRAM data bus, it makes it extra sensitive to electromagnetic interference."

Everybody should do this.

Show threadOct 3, 2024
It's happened again that this is not publicly linkable
@retr0id
Show threadDavid BuchananOct 3, 2024
@p intended
Show threadOct 3, 2024
Ok fair, I recall it happened previously unintentionally with your dragon hashquine
@retr0id
Show threadsounddrill Oct 3, 2024
@retr0id unrelated, but is that a Samsung RV 509/511?
Show threadblubOct 3, 2024
@retr0id is this the principle why the rpi2 was sensitive to photoflashes nearby?
Show threadMaxi 12x 💉Oct 4, 2024
@retr0id The archetypical fediverse post.
Show threadApril (@39c3) The Pink ⋆☾╶⃝⃤☽⋆ [AS208709]Nov 21, 2024
@retr0id genious