> I'm exploring this because I think it might be useful for console hacking - where you have physical access, and the ability to execute sandboxed code (say, inside a web browser)
ID: @[email protected] (they ask not to link to their fedi instance).
Here's the code: https://github.com/DavidBuchanan314/dram_emfi/blob/main/linu... -- the basic idea is
> Hardware setup: This time I put the "antenna" wire on DQ25, which will fault 64-bit values to +/-32MiB
> Exploit strat: We fill up as much of physical memory as possible with page tables.
> When we fault a PTE read, we have a good chance of landing on a page table, giving us R/W access to a page table from userspace.
It's circuit bending, or Fritzing, not finding a clever exploit in DRAM. Even an ECC module isn't going to help you if it's on the CPU data bus.
I just hope we don't all end up suffering through yet another 50% slowdown in patches to the Kernel to avoid this nonsense because someone buys the BS and now it has to be "fixed", like the row hammer software fixes, instead of just fixing the dam DRAM modules, and better hardware.
</rant>
Another analogy:
It's like when a brain surgeon probes your cerebellum and suddenly you smell strawberry or hear Brahms. The surgeon certainly doesn't know what reaction you have unless you tell them.
You wouldn't go around later saying "Dr Jones made me smell strawberries, on a whim, certainly he's a G*d"