David BuchananOct 2, 2024
If you solder a ~10cm long "antenna" wire to a laptop's DRAM data bus, it makes it extra sensitive to electromagnetic interference.

So much so that clicking a piezo-electric arc lighter nearby can induce bit-flips.

I wrote an exploit to turn those bitflips into a shell:
Show threadDavid BuchananOct 2, 2024
PoC source: https://github.com/DavidBuchanan314/dram_emfi/blob/348bd15c9e767bff5968a4fcc80a97b81dc63bda/ddr3_dq7.py
dram_emfi/ddr3_dq7.py at 348bd15c9e767bff5968a4fcc80a97b81dc63bda · DavidBuchanan314/dram_emfi

playing with DDR DRAM bus fault injection. Contribute to DavidBuchanan314/dram_emfi development by creating an account on GitHub.

GitHub
Show threadDavid BuchananOct 2, 2024
I'm exploring this because I think it might be useful for console hacking - where you have physical access, and the ability to execute sandboxed code (say, inside a web browser)
Show threadDavid BuchananOct 5, 2024
now with 100% more root. prototype-quality exploit source: https://github.com/DavidBuchanan314/dram_emfi/blob/main/linux_x86_64_lpe.c
dram_emfi/linux_x86_64_lpe.c at main · DavidBuchanan314/dram_emfi

playing with DDR DRAM bus fault injection. Contribute to DavidBuchanan314/dram_emfi development by creating an account on GitHub.

GitHub
Show threadKarl
@retr0id That's impressive.
Oct 5, 2024 at 1:04pmWeb