Precentral reports that a user has eventually made to unlock european GSM Palm Pre’s. This unlock is not proxy SIM based, it is a software unlock.
Luckily this unlocking thing does not apply to german Palm Pre’s as they we got factory unlocked Pre’s anyway.
Read more on PreCentral.net…
Notorious hacker Marc Maiffre said in an interview with CNet.com that OS X is less secure than Windows. The reason why Windows is more attacked anyway is Windows’ market penetration.
Read more on CNet.com…
Notorious XorLoser has fully rewritten GeoHot’s PS3 glitch attack programs, that allow more convenient exploiting. He names it XorHack.
It allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program. To give an example of how it can be used I have included the following example programs:
- ps3exploit – Runs the software required to exploit the ps3, it loops a number of times which can be specified as a parameter. (This still must be used along with the “button pressing”, it will not exploit the PS3 via software alone).
- dumphv – Dumps the hypervisor to a file in the current directory.
- dumpbl – Dumps the bootloader to a file in the current directory.
- dumprom – Dumps the system rom to a file in the current directory.
Links
» XorLoser: XorHack – The PS3 Exploit Toolkit…
» GeoHot: Here’s Your Silver Platter…
Picture is courtesy of XorHack…
Obviously notorious George Hotz has managed to get all 7 SPUs of the Playstation 3’s CPU under his control. This means although he cannot access the CPU’s root key, he now can decrypt everything that’s going thru these SPUs like datastreams of (encrypted) commercial games.
The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.
In the meantime another hacker going under the nick XorLoser has released a more detailed manual of how to use GeoHot’s exploitation files and how to do the glitching.
Besides that XorLoser maintains a plugin for reverser’s beloved Interactive Disassembler (IDA) that contains special PPC instructions for Xbox360 and PS3.
Congratulations to GeoHot. Kudos fly out to XorLoser.
Links
» GeoHot: On Isolated SPUs…
» XorLoser: PS3 Exploit – Software…
» XorLoser: PS3 Exploit – Hardware…
» XorLoser: PS3 and Xbox360 IDA PlugIn…
» Hex-Rays.com: IDA Pro…
On the Black Hat 2010 conference in Crystal City notorious smart card hacker Christopher Tarnovsky explained how he managed to hack current Trusted Platform Modules by Infineon.
This time Tarnovsky managed to read secured data from TPM chips like RSA and DES crypto keys. His approach took six months and a lab consisting of devices for about US$ 200,000. After having found out the exacty way to compromise Infineon’s chips it took only six hours to compromise an XBox 360’s TPM chip.
On the Black Hat 2008 in Amsterdam Tarnovsky said he was offered US$ 100,000 to crack the Xbox 360’s TPM:
A Microsoft engineer is wondering: “Did you take an interest in the processor of our Xbox360 game console?” – “I was offered 100’000 dollars to break it”, says Tarnovsky. “But I replied that that wasn’t enough.”
For people generally interested in approaching smart card security check this article with a video Wired.com featuring Tarnovsky in his security lab.
Security experts from the Computer Laboratory of the University of Cambridge have compromised the electronic autorization and verification process of major credit and debit cards like EC-Card, Eurocard, Mastercard and VISA (EMV).
The computer scientists team around Steven Murdoch found a flaw in the in the EMV protocol which allows criminals to use a stolen genuine card to make a payment without knowing the card’s PIN.
Using a man-in-the-middle attack they trick the electronic terminal into believing the PIN was verified correctly while telling the terminal to step back into signature based authorization mode.
This being said, credit card companies and banks worldwide will not be able to hide behind the phrase that their systems are secure and that customers who have been stolen credit cards have not observed the rule to destroy their credit card’s PIN. Insurance companies take care: customers recurse receivables against issueing banks are coming.
Links:
» IEEE Symposium on Security and Privacy: Chip and PIN is Broken (PDF)…
» BBC.co.uk: New flaws in chip and PIN system revealed…
» University of Cambridge: Computer Laboratory…
Documentary is courtesy of BBC.co.uk…
From the iPhone Dev Team’s Wiki:
What is it?
A cross-platform jailbreaking, unlocking, and customizing tool for iPhones and iPod touches. Customizations include boot logos, recovery logos, and “verbose” boot. It’s a standalone program that doesn’t use iTunes (no custom IPSWs are involved).
The download links are at the bottom of this page (but please read the whole page anyway!).
We’ve been offering redsn0w in various incarnations over the years (including poorlad’s Windows version of QuickPwn). The most recent release before this one was redsn0w 0.8, which targeted Apple firmware 3.0/3.0.1.
» More information and download here…
Notorious iPhone hacker GeoHot has succesfully circumvented the Playstation’s security system. According to his latest blog entry, he has dumped LV0 and LV1 code, thus allowing him to (theoretically) run code on the processor, bypassing the hypervisor.
The Playstation’s hypervisor is intended to run third party software (like Yellow Dog Linux) on a virtualized level, thus maintaining system integrity and protection of the host system. Within this virtualized environment arbitrary access to certain hardware devices has been disabled, thus allowing only basic access to the graphic processing unit (GPU) for example.
GeoHot seems to have broken the chain of trust. This means he can bypass the hypervisor to directly access hardware like the GPU with his custom code. Anyway he has not released any further information or proof of his work. But hey, it is not anyone, it is GeoHot, so it seems solid.
We compiled some links for people being interested in the hypervisor protection topic.
» GeoHot: Hello hypervisor, I’m GeoHot…
» WeboPedia.com: Virtualization – All About Hypervisors…
» PS3News: Overview on Security architecture of the PS3…
» PS2Dev Wiki: Details about hypervisor functions of the PS3 and Toshiba’s CellEB…
» PS3News: A PS3 Game’s Flow of Execution; PS3’s base AIX…
Massive Attack: Protection (1995)…
Multifl0w is an attempt to bring multi-tasking capabilities known from our latest toy – the Palm Pre – to the iPhone. Sadly this nice (and overdue) feature is only available to iPhone customers having jailbroken their devices.
It does not feature the Palm Pre’s multitasking gestures nor the ‘swipe up to exit’ functionality, but it seems to be a first good step into bringing the iPhone to the technological presence.
There is a free trial available via Cydia and Rockyourphone. It costs about 5US$.
Check this video and the Multifl0w website for further details:
via: TechRadar.com
Teateam a russian speaking Mac OS developer binary patched the latest Mac OS X 10.6.2 Mach Kernel to eventually reenable support for Intel Atom CPUs. His kernel seems to be running well in 32bit and in 64bit mode. Atom CPUs are now reported as Intel Core Solo or Core Duo.
The patch seems only to consist of modifying a couple of (simply) assembler instructions to permanently set the CPU type. In the meantime Apple has released kernel sources and people are working on adding Atom CPU support in a proper manner.
Congrats Teamteam. That’s what Ilfak made IDA for ;-)
» Tea’s Blog: Kernel 10.2 for Intel Atom 330…
» Apple.com: Sources for 10.6.2…
