>>1317+(OP)
You know when your employee quits how you have to block all their accounts? Now imagine they have access to the server room!

>>1317+(OP)
I read this wrong.

>>QuiDor+d1
And that's why server rooms should have proper physical security.

>>pantul+U2
And why “they’ve got physical access, so all bets are off” isn’t an excuse to stop trying

>>1317+(OP)
>I only want glitches to happen on-demand, not all the time.

>My injected ELF also flushes the page cache

The difference between a padawan and a jedi

Amazing write up and bonus points for the reproducibility of this creativity.

>>pantul+U2
And be wrapped in tinfoil.

>>1317+(OP)
Back in the day of analog electronic locks a piezo zap into the lock case would unlock 4 out of 5 apartment building locks, root access IRL.

>>1317+(OP)
My immediate thought was that this was a post about how someone got root access to a cigarette lighter and I was totally ready to believe it.

My parents oven gets regular software updates so I didn’t even question whether the cigarette lighter was “smart.”

>>1317+(OP)
Sure, if you solder an antenna to your memory first :-)

But good and thorough write-up about how to actually exploit such a glitch.

And you could also use the cigarette lighter for hanging out at the data center back door and wait until the admin comes for a smoke.

>>1317+(OP)
I like this. Upshot - electrostatic bit flip on memory read or write, which with solder can deterministically get a 'safe' pointer mutated into your own evil pointer.

Generally the historical perspective on physical access was: "once they have it, game over." TPM and trusted execution environments have shifted this security perspective to "we can trust certain operations inside the enclave even if the user has physical access."

His next steps are most interesting to me -- can you get something (semi-) reliable without soldering stuff? My guess is it's going to be a lot harder. Lots of thought already goes into dealing with electrical interference. On the other hand, maybe? if you flip one random bit of a 64 bit read every time you click your lighter, and your exploit can work with one of say 4 bit flips, then you don't need that many tries on average. At any rate, round 2 of experimentation should be interesting.

>>ano-th+M3
> This should theoretically work with bit-flips in any bit position between 29 [...] and 12 [...] Therefore, soldering the antenna wire perhaps isn't totally necessary, if you can generate strong enough electromagnetic interference

>>1317+(OP)
This reminds me of exploits we used to do to arcade cabinets back in Sydney in the 80's and 90s. The school gas heaters used to have what we called "clickers", piezoelectric ignition devices you could remove from the heaters.

You then took that clicker to your local arcade, and clicked one of the corners of the CRT, that would send a shock through the system and add credits to your game. I believe this was because the CRT was grounded on the same ground lines that the mechanism for physically checking a coin had gone through the system.

Suffice to say, they caught onto this over time, and added some form of an alarm into it. But up until then... Those were truly the best times.

>>1317+(OP)
The inspiration here was getting root on the Switch 2. Getting root in Linux was the POC. The goal was not demonstrating some fundamental security vulnerability that's practically exploitable, but instead for reclaiming actual ownership of one's own hardware without breaking TPM or game ring 0 anti-cheat.

>>ano-th+M3
Down in the "practical use" section, one use case is bypassing copy protection on consoles.

>>intoth+k4
This brings back a vague memory of smacking the side of a pinball machine just right and getting a free game. I bet it was the same concept.

>>1317+(OP)
...

"Finally, I'd like to thank JEDEC for paywalling all of the specification documents that were relevant to conducting this research."

>>1317+(OP)
"It's just one resistor (15 ohms) and one wire, soldered to DQ26. The wire acts like an antenna, picking up any nearby EM interference and dumping it straight onto the data bus."

really neat hack. using the lighter to create EM interference. better go light up next to my DDR bus and see what happens :)

>>zephyr+y3
From the title I half expected an incendiary version of rubber hose cryptography.

>>vessen+64
> if you flip one random bit of a 64 bit read every time you click your lighter

Without the antenna it would be hard to limit it to a single bit getting flipped. At least that’s what I suspect.

>>1317+(OP)
>Can You Get Root with Only a Cigarette Lighter?

No, you can't. That long lead to couple your ersatz pulse generator defeats all the engineering put into making the computer reliable and quiet in the EMI sense.

Circuit bending is fun stuff, but it's not a remote exploit.

>>onioni+c7
On the flip-side (heh) flipping multiple bits at once should make it possible to bypass ECC

>>1317+(OP)
When I saw the title, I was expecting this to be about hacking a modern car with one of those USB-C cigarette lighter devices.

>>1317+(OP)
Just wanted to say it was an amazing write-up.

>>chasd0+a5
I imagine (with zero research) that the mechanism for adding credit would be the coin goes through a slot, and either itself completed a circuit, or the coin as it travels moves some lever to complete a circuit. So I imagine if you hit the machine just right, you'd also move that lever.

>>intoth+k4
Reminds me of an arcade machine a friend would get behind, turn it off and back on, and it would give you a free token. Maybe its designed that way so the employee can test it for free, not sure. But he climbed behind it, and proceeded to play for free.

>>chasd0+a5
You were likely causing the spring-loaded mechanism that detects a coin insertion to make physical contact.

>>1317+(OP)
I reckon you can get a root with just a cigarette lighter if you hang around outside the right bars in Australia

>>onioni+c7
we need a tinfoil waveguide clearly

>>1317+(OP)
Next, a balloon and carpet!

>>devmor+y9
Yup - the first few minutes of one of Technology Connections' videos on electromechanical pinball machines shows this mechanism in action:

https://www.youtube.com/watch?v=E3p_Cv32tEo

>>gianca+s9
Those who lived in USSR remembers soda vending machines (they poured your drink in a glass cup; you were expected to wash it before using by pressing on a cup, which stood upside down on plastic plate with holes, kinda inverted shower head; very unhygienic, I know). Well it had a button behind that let you have a free drink. You could also "upgrade" pure carbonated water (1 kopeyek) to a sweet soft drink (3 kopeyek) by pressing another button. needless to say schoolchildren would abuse the hell out of this "feature".

>>chasd0+a5
Just like The Fonz.

>>intoth+k4
This trick worked in Telefonica's phone booths in Spain in the 90s too :-)

>>1317+(OP)
Nice trick, now do it with cosmic rays!

>>mikewa+q7
Where in the article does he say this is a remote exploit?

>>mikewa+q7
The old saying of "if you've got physical access, game over", is where this applies.

>>append+j3
I don't follow; isn't this proof that physical access does trump everything else?

>>gianca+s9
I believe some of those early arcade games were more electrical engineering than software engineering, so perhaps it was easier to set it up that way?

To my understanding some of those early arcade games also had jumpers to control some of the behavior. It could be that a tech set the "free credit on reboot" jumper and forgot to reset it when they were done.

>>IWeldM+Yc
> pressing on a cup, which stood upside down on plastic plate with holes, kinda inverted shower head

I think they still use these in bars

https://barsupplies.com/collections/glass-washers

>>IWeldM+Yc
> you were expected to wash it before using by pressing on a cup, which stood upside down on plastic plate with holes, kinda inverted shower head; very unhygienic, I know

Those systems are occasionally used in bars in the US, though they've dropped the whole plate and it's usually just arms where the holes are.

To my understanding, at least in the US, they aren't used for deep-cleaning anything. That happens with soap and water in the back still. The upside-down-showers are used to clean out the dregs of someone's glass when they get a refill (you give them a glass, they give it a quick rinse, refill it and hand it back), and as a quick rinse for new glasses to clean up water stains/detergent residue and anything that might have fallen in since they were cleaned (hair, dust, etc).

>>smcl+z9
And worst case there is always the rubber hose.

>>luisme+Wg
I vaguely remember (sometime in the 80s) sticking a straightened paperclip into a small hole on the face of a payphone to avoid having to drop a dime / quarters, and being able to call anywhere.

>>1317+(OP)
This was very well written and an amazing challenge but my brain is wired to that "hacking common sense" that if you have physical access then it's already over... the first thing that came to my mind was that, if you have physical access, then you can reflash the BIOS, install a driver backdoor, you can boot a live OS and then it's just a matter of tampering /etc/{passwd,shadow,groups, etc} ...

but I remembered that most of the physical access hacks would not be possible if the disk is encrypted.. which then makes this kind of hack enormously attractive.

The antenna idea can be extended to be a piece of hardware with the interference device built-in (piezo or whatever) which communicates with the external world with any wireless medium and then the attacker can trigger the interference remotely. This, plus a website controlled by the hacker which the victim is scammed to visit can be enough to make it viable.

>>everfo+5l
I think for beer there's a reason of bringing the glass to a colder temperature, which (from what I've heard) should reduce the amount of foam (not sure that's the exact term) in the glass.

>>everfo+5l
Yes right, the key difference that the were used to clean between uses by different customers; this is clearly insufficient; at least because a good deal of customers - drunks, children, people with mental issues would not wash at all before use, a good vector for disease spread. Late USSR I happen to remember always had problems with hepatitis spread, which is considerably less of a problem today, due to adoption of disposable food containers/utensils.

>>QuiDor+d1
This kind of work can't be done under pressure at least not a PoC.

>>i4k+en
The motivation in the introduction is rooting/jailbreaking a handheld game console. I think this is a perfectly plausible situation where you have physical access but still want to obtain "unauthorized" access.

>>i4k+en
> I remembered that most of the physical access hacks would not be possible if the disk is encrypted..

Only if you have not booted into your system through using a keyfile or a passphrase to decrypt the data, i.e. if your PC is shut down. I have full disk encryption, and when I boot into my system, it uses the keyfile with which it would perform the decryption, and boom, I have my PC ready to be accessed physically.

>>Stefan+Rm
...or a $5 wrench

>>intoth+k4
This also worked in the USA. By the 1990s most arcades operated on proprietary tokens rather than coin currency. Many had skill-gambling machines that had sliding rows covered in tokens, that you would try to dislodge with your own tokens and keep what was displaced.

The "Jungle Jive" version of this would dispense tokens out the opposite side of the machine if the electric ignition of a cigarette lighter was used to lightly shock the metal intake slot. If you clicked it too much too quickly it would go into an alert mode. While this could be accomplished solo, the ideal MVP setup was a team of three: one scout to watch for employees, one to click, and one to collect.

>>1317+(OP)
I’m gonna do one with “ Can You Get Root With Only my bare hands?”

>>luisme+Wg
I remember when Verizon phone booths in the US started accepting the credit cards, for a while they would accept any 16-digit number with a valid IIN that passed the Luhn check.

>>candle+Cd
Henry Winkler is actually just as cool as the character he played!

>>Retr0i+74
Mentioned elsewhere in this thread, but you need not only "strong" but "highly directed" electromagnetic interference. Each of those pins is ~0.5mm, flipping a single bit "wirelessly" is probably impossible, as your inference will cause issues in many more places than just your target.

Maybe that unlocks different and exciting hacks, maybe it just melts your machine.

>>intoth+k4
We did the exact same thing early 80's except that we used the clicker found in disposal lighters.

We did it for a couple of years until they figured it out and started to conver the arcade cabinets with transparent plastic.

At the same time they also drilled holes at the back of the machine for ventilation as the rest of the case now was sealed in plastic.

We found out that using a bamboo stick you could press the lever that register when a coin has been paid into the slot.

That made them relocate the holes for the ventilation to the top of the case instead of the back so we couldn't get the lever anymore. Or so they thought. haha

We discovered that by pressing a coin up the return slot — the one where you get your coin back if it isn’t accepted — you could also trigger the lever for coin registration and the free gaming continued.

Eventually they put in sharp screws into that coin return box so you would cut your finges.

After that we got a SEGA. Was great fun :)

>>chrisw+an
If I recall, you’d stick the straightened paperclip into one of the holes on the mouthpiece and touch the other end of the paperclip to some metal part on main phone body.

War Games used a pull tab from an aluminum can to a similar effect?

(It’s been a while.)

>>TowerT+ex
At what point does the arcade just kick you out? I can't imagine them seeing you continuously tamper with their equipment to circumvent paying and think, "the best way to handle this is to keep modifying our machines."

>>Stefan+Rm
I think you misunderstood the Australian slang. That person was not referring to the XKCD concept. They were referring to another meaning of the word "root."

>>everfo+5l
Its been a long time since I worked in a bar, but in the front-of-house we used a three-sink station where the sinks were: soap, water, sanitizing-solution. Then you sit the glasses to drip-dry.

Actually here is a link explaining it: https://www.webstaurantstore.com/article/620/three-compartme...

>>1317+(OP)
2 days ago

>>41748861

>>jacobg+yA
If you kick someone out, you lose them as a customer, and they'll tell all their friends about the free play trick out of spite, so you'll have to patch the machine anyway.

>>1317+(OP)
Not only is it a fun exploit, this is also a cool mini-introduction to how caching works for CPUs.

I remember a year ago or so there was a submission here which detailed how computers work and are build starting at the tiniest part: starting with logic gates, IIRC. Anybody remember what that website was?

>>an_ko+LE
You're making me wonder what the stats are for how many people try to abuse arcade machines in a country like Japan versus the United States. (Not that people in any country are gonna be entirely honest, but the entitlement to break the system and the comfort to brag about it seems cultural.)

In fact, that could be why some of the machines weren't better protected against that stuff in the first place, right?

>>intoth+k4
super cool

>>Retr0i+v7
You'd likely take an exception for a multi-bit error and the handler would likely just retry the read. Single-bit errors are often just corrected on the fly by ECC logic as you mention.

>>baud14+wn
Oh, are the lines refrigerated or otherwise thermally controlled? I always presumed it was regular tapwater; i.e. probably slightly below room temp, but not much.

Mileage obviously varies, but the "beer nerd/snob" bars I've been to simply don't re-use glasses without a full wash. They'd rather just charge a little more to hire more dishwashers and be able to absolutely guarantee that there's no leftover beer/water in your glass when they refill it, and that the glass is refrigerated if that's something they want.

I've always heard the head/foam had more to do with how you pour the beer (more impact/movement = more foam), but it makes sense that temperature affects it as well. There's some kind of official course on how to pour Guinness to get the correct head on it. I don't remember the whole thing, but it was something about holding the glass the correct distance from the tap and tilting it so that the beer "slides" down the side of the glass rather than a direct perpendicular impact with the beer already in the glass (which makes more foam).

>>JamesS+MC
I've seen something like this in the Netherlands, although even more disgusting: They take the used glass, dunk it in a bucket that has brushes all around and in the middle and is full of soapwater, rotate the glass three times against the glass, take it out, and pour the beer in the glass.

Yes, the glass's sides are still full of the disgusting soapwater from the bucket that's now basically 95% other people's drink dregs.

>>jacobg+yA
Maybe the staff at the arcade, aren't the owners of the place, so they don't personally care that much. They'd rather be friends with everyone, than to be the "angry police"? (And I'm guessing the tampering players were nice people to have around)

And the technicians "improving" the machines -- maybe they had a good time too, I'm wondering. @TowerTall and friends made their job more interesting / fun?

>>jacobg+fB
Ha! Thanks for the elucidation. My assumptions around the GP did include the assumption of sex, but it was more in a honeypot context rather than as an end in an of itself.

>>mmsc+NF
Do you mean nand2tetris? https://www.nand2tetris.org/course

>>1317+(OP)
I thought OP was going to do this without soldering anything.

But I feel like soldering something is no different than just like splicing a telephone cable in half and putting your own headset in the middle…

Except instead of putting a headset, you crudely use a lighter…

>>jacobg+yA
Arcades were big dark noisy rooms, and quite often had only one or two people on staff who were usually either busy dealing with other customers and were paid far too little to care about the owners' profit margins. They were basically there to hand out prizes to little kids for the ticket machines and make sure nobody walked out with Dig Dug on a hand cart.

>>pvitz+DR
Hmm, no but similar. This was about full-scale personal computers.

>>1317+(OP)
I thought this was about getting the root password by burning the sysadmin with a cigarette lighter (https://xkcd.com/538/)

>>1317+(OP)
fun read. wonder if someone can do it with one of those lemon batteries, u know.. when life gives u lemons... get root!

>>zephyr+y3
ooh i want a smart lighter, so i can use my phone in one hand to light the lighter in the other hand :O

>>menset+nb
socks! and kickng device thru the room!

>>mikewa+q7
This guy literally got root using a cigarette lighter, and your attempt to debunk it is to suggest that physical exploits don't count?

If you only care about remote exploits, fine, but don't go scolding others for accomplishing things you can't.

>>intoth+k4
I remember reading about this in this book, about the hacker named Pengo who was known for adding credits to arcade games in the same manner.

https://www.amazon.com/CYBERPUNK-Outlaws-Hackers-Computer-Fr...

>>1317+(OP)
Three men on a boat.

With four cigarettes, but no lighter.

How are they going to smoke?

>>pantal+E91
they throw 1 cigarette overboard :-)

>>QuiDor+d1
I find the idea of being escorted out of the building after giving notice a bit insulting. I’ve been interviewing for weeks, I’ve probably been holding this piece of paper since last night when I printed it out at home.

I’ve had plenty of time to fuck with things before I told you I was leaving. You’re just screwing over my coworkers by taking access to me away with zero notice.

>>jacobg+dG
There are some great scenes in Rebels of the Neon God [1992] by Tsai Ming-Liang (Taiwanese filmmaker) where the main characters steal the main pcbs from some arcade machines and try to resell them to the arcade owner lol. Wonderful film, recommend it - some great scenes in those arcades.

>>i4k+ac1
That’s worse than the elephant joke.

>>1317+(OP)
I followed him on mastodon, the article is cool too. On Mastodon, there is a video of the root access where one can see the screen.

https://mastodon.xyz/@retr0id@retr0.id/113252910481164528

>>intoth+k4
how did you stumble across this one?

>>1317+(OP)
Just burned my sysadmin with a lighter. The root passwrod is "OWWhAThtefuck'.

>>1317+(OP)
I read it as "Can you get A root with only a cigarette lighter?"

>>zxexz+Zt
Toronto’s parking meter boxes were like this. They just had GPRS so they’d do an overnight dump (possibly a part of their data deal with the telecom back when data was actually saturated during the day).

So people were using cancelled or empty prepaid visa/mastercards.

Initially they’d just push out blacklists.

Once they really caught on, they did a firmware upgrade to do online verification and it took fooooreeeeveeeeerrrrr to do a credit card purchase.

>>1317+(OP)
I can get root with only a spoon!

However, I'm not sure the kind of root you want unless you're into horticulture.

>>1317+(OP)
Can someone explain why the EMI would cause a Bitflip and not always a high read? Why would a pulse invert the signal that’s read? Don’t the voltages effectively get added?

>>Lance_+JI
If you can induce enough correct errors (yes that is contradicting), the ECC won’t be able to detect the error because the modified data is correct again. The ECC schemes I’ve seen used can correct 1 bit and detect 2 bit error, so 3 flips at the right position would be enough to get new data that would be valid again.

>>echoan+An1
It depends on how the analog signal is encoded. In some protocols, a 1 is encoded as high-then-low and 0 is encoded as low-then-high.

>>echoan+An1
You need to think of EMI as having a magnitude and a direction. Half the time you are adding a negative voltage.

>>sim7c0+Y31
Sell pyromaniacs this product, find the lighter two months later in a burned-out building, use it to identify which phone did it, catch perp.

>>amengh+0p1
Ah good point, I was assuming simple TTL where signal level is the bit that’s transferred, RAM is probably using something more complex

>>1317+(OP)
reminds me of using a modified milty zerostat to use the spark gap to induce emp for glitching.

>>missin+Ep1
Since he’s using a Piezo lighter, shouldn’t it be just a single DC pulse like discharging a capacitor?

>>i4k+en
AFAIC, reflashing BIOS won't give you anything, you need to sign it first with proper private key which is checked by the CPU hardware before execution begins. This EMI trick fools CPU itself and I cannot see how it can be fixed, unless new paging algorithm is invented.

>>TowerT+ex
I always wondered why arcade cabinets were covered in plastic. Till now i thought it was for spills or something.

>>echoan+Uq1
I was confused on the lighter type so I deleted that part of my response. I think you're correct but I can't say for sure.

>>sfc32+Tf1
Depends how desperate for a smoke the other person is.

>>ruslan+vs1
This specifically is trivially defeated by ECC, though it wouldn't be that much harder to instead flip 3 bits and ECC would be unable to help. ECC has very poor penetration outside the server world though, so we're still safe. For now.

>>RIMR+X81
Do it without the precisely connected wire, and then you can say "only a cigarette lighter" as mentioned in the title, otherwise it's click-bait

>>stavro+LJ
People in the UK bery often do the whole "washing dishes in the bucket" thing which is ridiculous

>>zephyr+y3
Well, the soldering iron I use most often has modifiable firmware running on a RISC-V SOC. (https://pine64.com/product/pinecil-smart-mini-portable-solde...) Who knew that melting lead could be that complicated. So I would totally believe an article about rooting a lighter.

>>vessen+64
If you have physical access to a device that you can solder an antenna you can compromise a TPM or anything else by sticking a custom DIMM in there that you can program from the “back side” so you can replace any part of memory with anything you want anytime you want. You don’t have to randomly flip a bit and hope for the best. You just inject your entire program.

>>1317+(OP)
This is the kind of content I come to HN for, thanks OP. Really mind blowing how talented some folks are.

How long would it take someone to acquire these skills?

>>1317+(OP)
What is the purpose of the "_" in "0x100_0000"? AFAICT, it doesn't change anything.

  >>> 0x100_0000
  16777216
  >>> 0x100_0001
  16777217
  >>> 0x1000001
  16777217
  >>> 0x100000_1
  16777217

>>metada+QK1
It visually separates digits in numeric literals.

>>metada+QK1
Compare for readability: 0x0100000100001000 vs 0x0100_0001_0000_1000

>>1317+(OP)
This is so awesome! I just love this stuff, I hope that I can be at this level one day. Also I love how we're side-eyeing the switch 2 lmaooo thats bold considering Yuzu, Ryujinx and the 100+ YT creators Nintendo has either taken down or copyright struck this past week.

>>333c+7o
I get it, makes sense

>>ruslan+vs1
It depends on the target hardware.

- https://github.com/binarly-io/SupplyChainAttacks/tree/main/M...

- https://github.com/binarly-io/SupplyChainAttacks/tree/main/L...

- https://github.com/binarly-io/SupplyChainAttacks/tree/main/P...

>>1317+(OP)
Reading this as an Australian, it interprets differently. Yes, depending on your negotiation skills you can get a root with only a cigarette lighter.

>>bityar+RY
In our case the arcades was in a ajourning room to our local cinema with no staff present and no CCTV so we had plenty of time to fiddle with the machines.

>>ballen+u4
I appreciate the sentiment, but I suppose don't understand the point. 20 years ago, when consoles were powerful computers sold at a loss or low margin, it made more sense. Now though, Nintendo sells their consoles at a profit (and the Switch 2) is likely to be the same.

This is impressive, and I'm glad people are working to preserve software freedom, but I'd rather just support the alternatives.

Why give them the perceived install base, and profit? Why not get a steam deck or one of the many other handhelds that you have - day 0 as a feature - root access on?

>>treflo+aY
I'm looking forward to your write up on getting root with a headset

>>zephyr+y3
I thought they are calculating square roots using the shape of flame...

>>karlgk+YV1
People tend to care about the games, and buy whatever platform those games run on, not the other way around.

>>karlgk+YV1
Exclusive games, support the types of games they make, the services/events they provide, etc.

You can still like all that and want to gain full control of the device you own.

>>King-A+YP1
Oh, look at mr(s) attractive here..

>>King-A+YP1
Thanks for the laugh - Fellow aussie

>>beefle+Fe1
Children in a large group that's unsupervised is about as close to infinite monkeys on infinite typewriters as you can get. If you present them with a challenge that has some tangible reward at the other end (free games), you are guaranteed a solution at some point.

The universe's RNG just happened to roll favourably in Sydney in the 90s and the rest is history.

>>zephyr+y3
So ... a lighter with a little solar panel, and a battery, which generates sparks like a tiny taser when the lidar detects a suitably proximate cigarette or cigar. But not a finger or hot dog.

No button pushing. No lighter fluid refilling ... ever. The world waited a long time for this.

And obviously it needs a chip to run the lidar, and generate the simultaneous brilliant LED flash and fade, haptic jolt, and accompanying sound effects.

(Can some demo freak please create this? And make it look like a little revolver? But for finger and hot dog safety, you are going to have to harden the virtual memory controller...)

>>1317+(OP)
I wish i could root my redmi note 8 pro like this

>>echoan+An1
Sign matters as well as magnitude. The pulse created will have both a positive and negative part - waveform sort of like --^v-- and so you can get either direction bit flip. It's not equivalent to connecting a battery to the pin; EMI's more like AC in that it goes both directions.

>>echoan+Uq1
Even your example of discharging a capacitor can end up with a pulse both directions, caused by the inductance of the wires.

In this specific situation, there's no common reference level, and so the induced pulse will go both directions. You can think of this as being about the edges of the pulse being the parts that actually cause radio to be transmitted, and there's both a positive-going edge and a negative-going edge on a pulse.

>>1317+(OP)
If you wanted to defend a system from this, a big chunk of defence would be to choose a system with ECC, and then to halt() the whole system when an ECC error occurs.

Since the attacker is very unlikely to flip the exact right bits to make ECC match, their exploit is very likely to be detected before it succeeds. halt() is necessary so the attacker cannot have more tries at it.

Obviously you have the downside that real memory errors cause the system to crash.

>>1317+(OP)
Would things like AMD's "Secure encrypted virtualization" protect against this? Is the data XORed with a key (therefore letting bitflips propogate) or is the data actually encrypted (meaning a bitflip in the input leads to a totally different address)

>>Stefan+GP
Haha well you were at least thinking along the right lines! Yeah so "root" in Australian slang refers to having sex.

>>beAbU+Ge2
Reminds me of the story of the kids in Ethiopian village that were given tablets by One Laptop Per Child. The kids had figured out how to turn it on within minutes, in five days they were using 47 apps per child, in two weeks they were singing the English alphabet, and then within five months they had hacked Android. https://www.theregister.com/2012/11/01/kids_learn_hacking_an...

>>baud14+wn
For Weizen beer, you always give the glass a quick rinse beforehand to get rid of detergent remains, so you can actually get a foam "crown" - if there is even the tiniest amount of detergent present, the foam collapses.

>>mmsc+NF
The one by Ben Eater?

>>themoo+Sw1
I've thought a little bit more about this case and came to conclusion that to mitigate this attack paging agorimths can be improved by using redundancy and CRC checks with not too much overhead. Yet it takes a lot of work and investment, so it won't happen any time soon. Yes we are safe for now.

>>1317+(OP)
Cranky comment: Putting your code comments in line with the code is less readable than putting the comment on the preceding line. Most people get what you're going to talk about from the context.

>>wang_l+aF1
Unless the hardware employs some variant of encrypted RAM, see cool paper by the NSA from a few months back that includes benchmarks in FPGA and silicon https://eprint.iacr.org/2024/1240

>>johnis+qo
Would flashing BIOS post-boot really work though?

Also don't see how the article's exploit would be useful pre-decryption.

>>mgauna+K82
Ad avoidance is a good solution to caring about the games. You can't covet the product if you don't even know it exists. With Nintendo games in particular, it helps that Nintendo is the kind of asshole corporation that copyright strikes third parties showing off their games online. That makes it even easier to not know what their games are.

>>mgauna+K82
I don't really know how prevalent the phenomenon is nowadays, but there have been "fanboys" for specific console manufacturers for decades now. Even "console wars". In any case, it seems now most people play on PC, barring--yuck--mobile phones.

>>lupusr+kr3
Nintendo doesn't necessarily need advertising, because their franchises are so strong. I think people know there's gonna be a new Mario Party, or new Mario Kart, or new 3D Mario game, and they'll buy them if they like those games. Odds are if you like Mario Party 8 then Superstars will be right up your alley.

Nintendo also has the somewhat unique position of being the only one providing high-quality games in a variety of categories. If you want a couch racing game, you're playing nintendo. If you want a 3D platformer, you're playing nintendo. If you want a couch party games, you're playing nintendo. In fact if you want couch co-op at all you're playing nintendo, pretty much everyone else gave it up because you lose money.

>>1317+(OP)

  csh% Got a light?
  No match.
  csh% sudo got a light?
  No match.
  csh% man 5 betteridge

>>1317+(OP)
Before reading the article, my approach would be so much darker… a bit of gasoline and a lighter can do wonders for the memory of a person who “forgot” a password.

Might need duct tape and a chair as well.

>>everfo+Gj
Maybe they never reset it since it was too convenient to let employees just do it every morning, not sure, but yeah I think you might be right.

>>stavro+LJ
I certainly won't be first in line for that beer, but I'd wager that from a hygiene perspective they're cleaner than the door. It takes surprisingly little to sanitize dishes; that 3 part system is basically lightly scrubbing twice, and then either using a sanitizer or 30 seconds or more in water over 171F.

From a health perspective, I'd be more worried about the leftover sanitizer in the water in the glass. Bleach is pretty common, and it's honestly a tossup whether I'd rather drink someone else's dregs or bleach. It's probably the dregs, I'll take a stomach flu over melting my stomach lining with chronic low-grade bleach exposure.

>>everfo+Qj4
I'm fairly sure it's just dish soap in there, so it's not really a risk. Disgusting, though.

>>Funes-+ev3
the switch is also a popular platform because you can take it with you, and provides a better experience than a touch phone.

>>lupusr+kr3
All game publishers are evil corporations.

There are a number of great studios which happen to have financial ties to a given publisher. If you like these studios you have no choice but to indirectly give money to the publisher in question.

One obvious example for Nintendo is Monolith Software.

>>wang_l+aF1
A bit late in reply but dont forget that PUFs are a thing too.

Threat models vary of course. I personally believe my iPhone is safe against back side memory hardware swaps if I have turned it off. I could be wrong though!

>>1317+(OP)
Apply the flame to the sysadmin's hand and get root access. I mean, it's a cool demo, but if you can solder crap to the hardware, might as well do anything that physical access provides normally. Like, you can just install the payload without the exploit.