Thread: Cold Boot Attack Theory
Cold Boot Attack Theory
Hi just dropped in to tell you guys a thought....
Basically reading info tonight about the already known cold boot attacking of systems. I was wondering since "Mr Wesley McGrew" the guy who made this discovery. There are files available for download. Like syslinux etc. I was wondering if it is possible to somewhat prepare the usb stick prepare it all in the linux side and then rebooting linux... would it dump the exact memory at time of starting linux? maybe at this stage there is some unecrypted data?!?!?! I hear that before decryption of data takes place the key must be available?!?!
just a thought!
Isn't that Cold Boot Attack require to remove the memory chip without switching off the machine and dump the data from the memory chip?
I guess no one can make a XDR Memory BGA Socket for PS3.
Even someone can do such thing, it will be very costly for them.
Wesley’s tool is called msramdump and is designed to run from a USB thumb drive, using SysLinux (a very small Linux bootloader). He includes detailed instructions (complete with screenshots) on how to create a working thumb drive for booting a computer and dumping memory straight to the drive
it doesn't require anything but a thumb drive?!?! we could boot this when linux started?!? maybe with a bit of reconfiguration!
these files are freely available mcgrewsecurity!
This attack vector will not work one on one, because of the hypervisor and over architecture of the PS3. However, the "Basics" of the attack can be done, if you have acces to a university with VERY expensive equipment..... (And a few PS3's to fry)
The only way you can do this is to open up the PS3 and then build a custom socket for the PS3 memory and pul the info off of there.
When we read this data, it is possible to extract the key from the data flow since somewhere in memory it must be exchanged.
even if you were able to "cold boot", you would probably need to use the other os, and before entering the "other os" hypervisor erases all of the memory.