Topics: PCI-based DMA Attack. #hardware #exploit

https://github.com/carmaa/inception

Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe HW interfaces.

Topics: Exploits, Google Chrome. #exploit #reversing

Chrome in-the-wild bug analysis: CVE-2021-30632.

https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/

Topics: C++ Decompilation. #reversing #cpp

This pdf is useful if you want to understand the C++ structure in a low-level perspective, also it will help you when reverse engineering C++ applications.

Topics: DRAM Rowhammer. #hardware #hacking

In this article they use the rowhammer to gain kernel privileges. The idea is to mmap() a large block of memory and search for addresses where bits are flipped, then spray the physical memory with page tables in order to make the PTE's physical page number point to their process, and hammer the aggressor addresses.

The repeated toggling of a row's wordline can disturb nearby cells and make them lose charge, if a cell loses too much charge before it is restored, it experiences a disturbance error. The following code is used to disturb the cells:

code1a:
mov (X), %eax
mov (Y), %ebx
clflush (X) // See Vol 3 11.5.5
clflush (Y)
mfence // Not used in the Google's article.
jmp code1a

In this structure, when the access transistor is turned on by applying a voltage on the gate of the access transistor, a voltage representing the data value is placed onto the bitline and charges the storage capacitor. The storage capacitor then retains the stored charge after the access transistor is turned off and the voltage on the wordline is removed. However, the electrical charge stored in the storage capacitor will gradually leak away with the passage of time. To ensure data integrity, the stored data value in the DRAM cell must be periodically read out and written back by the DRAM device in a process known as refresh.

From Memory Systems: Cache, DRAM, Disk.

A little piece of Andromeda's Galaxy

#misc Full Adromeda's Galaxy picture

Topics: Embedded Engineer Roadmap. #roadmap #comp_arch #hardware

Source: https://github.com/vazeri/Embedded-Engineering-RoadMap-2018

Topics: Reverse Engineering Roadmap. #roadmap #hacking #reversing

Source: https://t.iss.one/c/1271381651/1765

Topics: Math, Integrals. #math

Original integral-table.com web page.

https://github.com/biomathman/integral-table.com

Topics: Exploit. #exploit #reversing

Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915).

https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/

Designing BSD rootkits

#bsd #hacking

Forth Encyclopedia: The Complete Forth Programmers Manual

1982

#forth