Print

[telo{+}]

I'm sure it would work with a good scope but... as far as a homemade hardware unit to do this I'm unsure.

Nyquist's theory would mean that even if it was only running at 800Mhz you would need to sample every 1600Mhz, but since we're only going on two clock cycles per instruction (I think) you could get it back down to 800Mhz.... Either way, those sample speeds are pretty damn far out of cheap microcontroller range.

[Base8]

kind of reminds me of picking a combination lock. pulling up on the clasp and seeing what binds.

[nickolasj80]

The reason why this device may be priced so high is demand.  If this hack proves promising, and becomes VERY public, than someone will most likely began to mass produce simple ones that work just for this purpose.  Possibly being produced by a modchip mfr, and therefore becoming a lot more inexpensive <crosses fingers>

[PedrosPad]

QUOTE(ConteZero76 @ Jul 28 2007, 08:41 AM)

If you aren't able to detect a 2 clock cycles (at 3,2 GHz) it's really difficoult to "capture" differences.

Agreed.  Timing-based approaches at modern clock speeds are rarely practical.

QUOTE(ConteZero76 @ Jul 28 2007, 08:41 AM)

This hack was first used 20+ years ago to steal root passwords on some paged architecture system.
The malicious code put the known password part plus the guessed char at a page boundary, a pass check call plus a page fault detection made the work:
If a page fault occours then the guessed char was right, so add the char to the known password part, and retry.
If page fault doesn't occour then the guessed char is wrong, retry with another char.

Now that's clever  

[arnezami]

Great news !

Robinsod has just been successful in downgrading his bricked box using the timing attack:

http://www.xboxhacke...g52970#msg52970



arnezami

PS. There have been quite some developments and Q&A's so its advisable to read both threads (1 2) at XBH.