flat assembler
Message board for the users of flat assembler.

Index > Heap > Joanna Rutkowska strikes again

Author
Thread Post new topic Reply to topic
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Post 09 Apr 2007, 21:09
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Interesting stuff, but imho pretty theoretical - I don't think we should fear seeing this in generic rootkits or whatever. But for specific, targetted attacks... yeah.
Post 10 Apr 2007, 06:21
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Note that since the target is the memory controller INSIDE Athlon64 the target is widely available. I think that we shouldn't fear due to the fact that is very uncommon to have one of those hardware RAM dumpers so that anti detection technique doesn't add much Razz
Post 10 Apr 2007, 10:54
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Widely available, but still pretty specific considering that there's a lot of non-athlon64 machines available (yeah yeah, could probably be rewritten for other archs as well, but then you have multi-specific targetting and larger malware code), requires a driver, etc.

So I stand by that this is pretty nasty stuff if a hacker has a very specific target, but not something I'm afraid of for general malware.

The "hardware ram dumper" isn't as uncommon as you think, by the way. As I understand it, you just connect two PCs with a firewire cable...
Post 10 Apr 2007, 22:02
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Right, I didn't see this before:
Quote:
OHCI
• Asynchronous functions
• Can be used to access on-board RAM
and RAM on extension cards (PCI)
physical requests, including physical read, physical write
and lock requests to some CSR registers (section 5.5),
are handled directly by the Host Controller without
assistance by system software
.” (OHCI Standard)
Post 10 Apr 2007, 23:46
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.