Meltdown and Spectre CPU exploits and PS4/Xbox one encryption

Discussion in 'Xbox One Modding' started by bluefrog, Jan 4, 2018 with 17 replies and 4,743 views.

  1. bluefrog

    bluefrog Enthusiast

    Messages:
    364
    Ratings:
    150
    My understanding on these like almost everyone else's is still limited. But I believe this means the end for PS4 and Xbox one security?
     
  2. CaptainSkeet

    CaptainSkeet Enthusiast

    Messages:
    93
    Ratings:
    23
    I believe this is the wrong forum for this topic however back on to the discussion I don't believe this will go very far with the Xbox one. They already rolled out an update to windows 10 unless you have a certain anti-virus that makes system calls that conflict with the update/patch. The one console runs a modified version of windows 10 right now so it wouldn't surprise me if it has already sent out an update to patch this exploit. Another thing is this was just released so to actually use this someone would need to find a way to implement it on the console which would be a challenge itself for the fact everything requires to be signed and verified by Microsoft with private keys. Not like a regular pc that you can throw some code together then compile in a .Exe with the exploit. Only time will tell. But I wouldn't hold your breath on this round.
     
    Last edited: Jan 4, 2018
  3. Sketch

    Sketch Enthusiast

    Messages:
    696
    Ratings:
    316
    No, it does not actually impact these consoles. Well, not the Xbox One. At least from what I've been told.

    Edit: should've probably expanded more. I can only speak for the One which if was impacted then it would still require quite a bit to even get anywhere. Security would still be tight.
     
  4. POPINSMOKE

    POPINSMOKE Ryzen Master ®

    Messages:
    267
    Ratings:
    54
    Hay the 360 was bumped by slowing down the cpu years after the E-fuze patch, (after a fashion and not exact but you get my point) who knows what comes of this or even the DIMM “Rowhammer”.
     
  5. OP
    bluefrog

    bluefrog Enthusiast

    Messages:
    364
    Ratings:
    150
    On further reading the Meltdown can't work on the PS4 or Xbox one but Spectre can. I think the PS4 is in for a problem.. because there are plenty of PS4s out there that can have code ran on them and that wont be updated. Once the exploits are released and understood there's going to be a way in on the PS4. But your right I can't see the Xbox being broken now that I thought about it a bit more :smile:
     
  6. POPINSMOKE

    POPINSMOKE Ryzen Master ®

    Messages:
    267
    Ratings:
    54
    If you dig past the media hype and Microsofts play down of it there some good reads out there on this “Project Zero’s” information on the “Spectre” side of things, leads me to believe that
    “Meltdown” collects the data ??
     
  7. 133T7S

    133T7S Enthusiast

    Messages:
    65
    Ratings:
    4
    Thanks for the hands up, I need to dig some more and do my own research.
     
  8. pyro2028

    pyro2028 Newbie

    Messages:
    1
    Ratings:
    0
    randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/
     
  9. HexDecimal

    HexDecimal Getting There

    Messages:
    522
    Ratings:
    122
    To even run the exploit on Xbox One would take quite a bit of work. The console then has additional hardware measures that I am sure will stop or greatly decrease the severity of the exploit.
     
  10. The404Spartan

    The404Spartan Enthusiast

    Messages:
    251
    Ratings:
    62
    Completely different architecture
     
  11. decima7e

    decima7e Contributor

    Messages:
    1,819
    Ratings:
    957
    Microsoft is claiming that due to the security architecture of the Xbox One, it is not affected by Spectre. But if it was, would they really admit it? Personally, I don't see a reason why spectre couldn't be used to at least obtain a decrypted ram dump and hypervisor and perhaps even the cpu keys.
     
  12. HexDecimal

    HexDecimal Getting There

    Messages:
    522
    Ratings:
    122
    The console's security processor (PSP) migrates the threat. There also are not "cpu keys" per say.
     
  13. POPINSMOKE

    POPINSMOKE Ryzen Master ®

    Messages:
    267
    Ratings:
    54
    GlAD my RYZEN bulids,kept me off the xbone for weeks, until something can come of this thats how it will stay. A shader fk the 360 mabe this its the golden ticket
     
  14. decima7e

    decima7e Contributor

    Messages:
    1,819
    Ratings:
    957
    Right, except the PSP is the exact thing that's being exploited by spectre afaik
     
  15. Sketch

    Sketch Enthusiast

    Messages:
    696
    Ratings:
    316
    It really isn't. Maybe with desktop CPU's but the firmware is different for Xbox One :smile:
     
    • Like Like x 1
    Last edited: Jan 12, 2018
  16. HexDecimal

    HexDecimal Getting There

    Messages:
    522
    Ratings:
    122
    Lol. How do you plan to run any code on the PSP let alone the spectre exploit? PSP code exec would require full console control if even then, making the spectre exploit pointless.
     
  17. decima7e

    decima7e Contributor

    Messages:
    1,819
    Ratings:
    957
    I was getting my exploits mixed up. I was talking about this exploit, also released by a Google engineer on the same day as Spectre:
    https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
    https://www.scmagazineuk.com/securi...s-platform-security-processor/article/735414/
    https://www.bleepingcomputer.com/ne...cure-chip-on-chip-processor-disclosed-online/
    http://seclists.org/fulldisclosure/2018/Jan/12
     
  18. Sketch

    Sketch Enthusiast

    Messages:
    696
    Ratings:
    316
    [REMOVED]
     
    • Like Like x 2
    Last edited: Apr 7, 2019

Share This Page