Comments for root labs rdist

Comment on How the PS3 hypervisor was hacked by Nate Lawson

Nate Lawson — Mon, 08 Mar 2010 21:19:29 +0000

I don’t think you’re right that this provides a software-only method to compromise the hypervisor. Now that they’ve dumped the HV, they may find software flaws in it that could later be exploited. But simply knowing the syscall addresses and code doesn’t mean you now have a software-only exploit.

The rest of what you said is loosely accurate.

Comment on How the PS3 hypervisor was hacked by here ya go

here ya go — Mon, 08 Mar 2010 18:33:27 +0000

Very nice detailed post- Now that he has all the call adresses for hypervisor he can simply release a injectable file that injects to hypervisor on system start up. Creating a complete hypervisor bypass and release small code files for individual games and a user controled injector for the everyday gamer to use and (pro claim themselves hackers/coders). Getting the code for the cheats isnt hard at all after this. A simple patch dump or cracking open a few files on your game with hex editor can lead to numerous code caves. Its the release of that auto inject on start up bypass everyone is waiting for then the ps3 will be swarmed by the coding community and there will be hacks for every mmo sony has to offer.

Just my word on the subject.

Comment on Smart meter crypto flaw worse than thought by Nate Lawson

Nate Lawson — Mon, 08 Mar 2010 04:58:47 +0000

Thanks for the nice reply. It’s good you’ve done some analysis, but more in-depth review of a cryptographic random source should be performed. Here’s one that I consider a good example review (disclaimer: I worked on some of it)

http://www.cryptography.com/resources/whitepapers/VIA_rng.pdf

Comment on Reverse-engineering a smart meter by Nate Lawson

Nate Lawson — Mon, 08 Mar 2010 04:52:30 +0000

Right. I think the ultimate goal of these systems is to link the remote control circuit of external meters to a house-area-network in order to control individual appliances.

Comment on Smart meter crypto flaw worse than thought by DoubleO

DoubleO — Mon, 01 Mar 2010 20:26:57 +0000

In Z-stack 2.3, the least significant bit of the ADC register (which is very noisy) is used to construct the seed values. It is read multiple times and those bits are used to construct the initial seed of the desired length. Chapter 19.12 in the CC2530 user’s guide explains the random number generator of the CC2530, including plots of random data from 20 million samples: http://focus.ti.com/lit/ug/swru191/swru191.pdf

Comment on Reverse-engineering a smart meter by kme

kme — Mon, 01 Mar 2010 01:04:03 +0000

Unfortunately, “cutting a house’s power to 2000 watts” is not really feasible, without the fine-grained ability to turn individual appliances on/off. It is, however, possible to put “non-critical” appliance on a separate circuit and just switch that circuit – that’s often done with air-conditioners.

By the way, the power company already has the ability to cut your power if the situation is dire enough – the difference is that without “smart meters” they can only do it at the granularity of an entire suburb (or worse).