Unpatchable Apple Exploit Found!!!
HTML-код
- Опубликовано: 30 сен 2024
- Recorded live on twitch, GET IN
/ theprimeagen
Become a backend engineer. Its my favorite site
boot.dev/?prom...
This is also the best way to support me is to support yourself becoming a better backend engineer.
Follow Low Level!!!!
/ lowleveltweets
/ lowlevellearning
Article link: arstechnica.co...
By: Dan Goodin | da...
MY MAIN YT CHANNEL: Has well edited engineering videos
/ theprimeagen
Discord
/ discord
Have something for me to read or react to?: / theprimeagenreact
Kinesis Advantage 360: bit.ly/Prime-K...
Hey I am sponsored by Turso, an edge database. I think they are pretty neet. Give them a try for free and if you want you can get a decent amount off (the free tier is the best (better than planetscale or any other))
turso.tech/dee...
So annoying when researchers stumble over your government backdoor. 😞
☝️
No joke...
I wouldn't be surprised if there's a whooole lot of 0days we just don't know about.
And by 'we' i mean the common people, us plebs.
@@Volvith Of course there are. Stuxnet proves this. Using several zero day vulnerabilities and a leaked private key from Realtek.
it's just one of many...
One day is not a vacation, that's called sleeping in.
When you have a few thousand degenerate pseudo-children in the form of Twitch viewers, any day off would feel like a holiday.
You mean a weekend?
He's making an effort to take more "mini-retirements."
@@MegasXaos less than a weekend
Prime retiring from streaming. It’s official.
Chat message I saw was so funny…
> users act worried about a low level vulnerability, meanwhile they're giving league of legends a rootkit
Lmao.
_If you think it's just league of legends you should look up how many rootkit-access level anticheats/DRM's are employed in the gaming industry._
The best part is they don't even work. Cheaters can literally just sidestep nearly all of them. And what few they can't, they will some time in the future.
It's a good thing guys! a reason to finally ditch the game cuz tencent gonna data mine your pc through root kit
@@Volvithwhile they are frequently side stepped, they aren't that big of a deal to have on your pc. People have been whining about it for years and yet nothing bad has happened. This is why normies don't even care about that stuff.
@@OveRaDaMaNt ESEA literally used their kernel level anti cheat as a bitcoin miner. Vangaurd has been shown to cause multiple issues with end user machines crashing them over driver issues. Just because you aren't aware of issues doesn't mean they don't exist.
@@OveRaDaMaNt nothing bad has happened? didn't hackers use the rootkit DRM in that one chinese gacha game to install ransomware on people's computers? And then the one that helldivers uses has had loads of bad publicity. And I know these things definitely do interfere with drivers, lots of reports of people's peripherals refusing to work. These things literally tamper with other processes. They don't just read them, they write
much love to the LowLevelLearning drop in for more intel, that was cool
It’s not intel, it’s apple
@@svenmify i think he meant intelligence
@@marss4536 well yeah, obviously
The Meltdown is, basically, this: you say "CPU, take the value at this memory address I don't own, and treat it as the relative address in my current memory space". CPU retrieves the value you don't own, goes to the address in your address space, and fetches it into the cache. And then drops the result because of the security. But! As a 16-bit value can only have 65k variants, you can check which of the 65k memory values in your address space is in the cache - by trying to retrieve it and measuring the response time. The address of it is the value by that address you don't own.
We know
I didnt, this was a very concise explanation which helped me understand the problem@@StinkyCatFarts
Thanks! I didn’t watch the video but wanted to know the vulnerability.
@@StinkyCatFarts 🤓
@@deadchannel8431 🤡
"I want on a vacation for a day" is the most American thing ThePrimeagen has ever said.
LMAO
nail on the head , Americans dont understand
I WANT on a vacation for a day, as in they don't even get that 1 day off, it is only in their dreams.
"As an adult, I don't put stickers on my laptop"
Tough but fair - I needed to hear this.
Its so true
Putting stickers on stuff has absolutely nothing to do with maturity, it was a trash take from a guy who wanted to take a low swing at many Apple users because “I’m so much better with my Linux laptop, look how mature I am”. There is nothing wrong with putting something fun and whimsical and bringing just a little bit more happiness into your day instead of being a gruff, coffee-chugging grouchy computer engineer. Some of us want to actually be happy
@@duckyatsea You use a mac and put stickers on it? Do you get your fruit cut up into slices with a sippy cup as well lol
I'm old as dirt and the whole lid of my Thinkpad is stickerbombed.
Having stickers on a laptop is a security. It make your computer unique and reduce the risk of substitution (either on purpose or by mistake) when you use it in a public area.
Oh snap, it’s Low Level Learning! He rocks!
yea fr
Spectre and Meltdown described as "back in the day". Hooooo boy.
we gettin old son
i mean... thats almost 10 years ago
god we old. i have a laptop vulrable by spectre
@@nosleep7026 6 years is not almost 10 years
Spectre was possible on some high end chips from 2008 and many chips from 2012 onwards but you needed physical access to the socket.
In the 2017/2018 breach the problem was that you could do the same things via remote diagnostics if the system was setup for it. Which sadly many chipset-bios-cpu combination were out of factory.
Side channel attacks are a fascinating topic. I remember hearing of one where a specific encryption algorithm was cracked for a specific device, because the device had an LED that would blink when data was being written to memory, which would leak the cryptographic keys to an attacker looking at that LED.
and then it evolves into the LED is lit, but when the cpu draws slightly more power for some specific operation, the LED emits slightly less light D:
but the framerate of the security camera was too low, so they used the moving shutter effect to get a time resolution of the energyconsumption
@@juleswernesI remember seeing a video about that. It was absolutely wild that researchers were able to guess the card keys used by most hotels with a 24fps feed from a run-of-the-mill security camera.
It's like watching the HDD light on your PC to determine time of operation... You can see the time and rhythm of a bootup and how your computer processes information
Apple knew about this exploit, it's in M1 and M2 chips.M3 chips had a single bit flag added to the hardware to override the prefetch behaviour on demand... they knew. Chip design takes years to get from inception to production, this was found three or four years ago when M3 was a glimmer in Apple's eye...
This does not seem likely. Knowingly doing this would be super illegal and highly risky, and 95+% of users are not going to upgrade to patch a theoretical vulnerability. If your infosec team at work isn't taking away your M1 or M2, they're either incompetent or this isn't a big deal. Caveat I write JavaScript professionally so all this is speculation from a filthy casual.
If they knew, why not fix the issue instead of disabling the whole thing?
@@framegrace1 $$$
@@framegrace1Because if they don't fix it, people will buy both.
So you're saying that before Apple even released their first M1 chips, they knew about this and still chose to release computing systems with that vulnerable chip in there? Doesn't apple always prioritize your security and privacy though? /s
I had someone ask about the stickers on my laptop... I said they're the computer geek version of prison tattoos
I've got an ironic CIA sticker on my laptop. What's that the computer geek version of?
@@_Safety_Third_ Who knows, but it is not ironic.
@@_Safety_Third_ Letting your buddy, who 'totally has like done a lot of tattoos before yo', tattoo a d*ck on your forehead.
@@_Safety_Third_ blood gang tattoos
That's funny
This is totally patchable. Pop the CPU out of the socket and pop a new one in. That was the fix for the Pentium fdiv bug. Apple just has to mail everyone a new CPU. Expensive, for sure. But this is what companies with recalled products do. Oh, soldered in and glued together.... yeah "modern" computing is dumb.
M1 die soldered . But I get teh idea
boomer take. monolithic everytime. all day battery. i do not own a mac.
@@NotYourSpybig dum dum take. No replacement for displacement. Enjoy your Tesla.
Well, it's almost the entire machine is that "CPU". So the replacement item price would anyway be almost equal to the price of complete mainboard
SOCKET, ahahah hhaaqhahaha haaaaaaaaaaaaaaaaaa haha
no sockets, you have to use a BGA reflow station and pay $$$$ for specialized service. get rekt
Let's say hypothetically they knew that this "0day" was here, and love that it will force people to prematurely retire M1 machines.
The people who would care about this would change hardware…no?
@@mcchaderson Agree, but more so they would use software based disk encryption if they were really paranoid.
Stock is up despite being sued via anti-trust laws...
Appletards gonna be happy to buy another improved and secured device only for $6942.0 just because it doesn't have that backdoor.
@@doresearchstopwhiningwe're approaching the end of capitalism
It scares me how smart hackers are, and the techniques they have that I would never think to defend against.
because you don’t have the resources of a major nation state behind you….
It's just like taking a 3d cube and turning to it looks at the same cube but from a different angle.. basically reordering the information into another outcome based on what info you have and how you want to twist it.
@@garystinten9339 Interesting way to put it, Thank You.
Smart or not, its what they do. They that millions of other people used to do things, before computers put them out of business.
add (ft. LowLevelLearning) to the title for free views
Basically, a side-channel attack is being able to derive information from observing the operation of some system.
basically stop watching Microsoft porn kid🤣🤣🤣🤣🤣🤣🤣
You are the PRIME source of tech news. I love coming back to your videos EGEAN and EGEAN
Fitting pfp
fireship better
@@wafinashwan8242 they different things. fireship is shallow and just gives a short summary, while prime often gives great insight
He can't even talk about tech news without acting special for having a system76 laptop (which were vulnerable to Meltdown/Spectre in the past), I would hardly say he's a good source.
5:15 Someone had that same battle net update popup happen to them at the end of a no-hit run in Dark Souls and died because of it.
Zentreya. Was the saddest shi ever.
Original side-channel issues where (as I recall) first raised as an issue right after virtualization was becoming mainstream in datacenters... about 2003-2004 or there about. At the time VMware and other type-1 hypervisor publishers (most not yet mainstream) were struggling to create methods to protect VMs watching VMs on the same physical machines.... explaining this issue... to non-technical management... was I think one of the most difficult things I have had to do in my 30+ IT career in virtualization/security/infrastructure design work. And what is possible now, is light years more complex, you have only scratched the surface of what the real zero-day exploits are now.
are those encryption keys critical security flaws or are they the option to allow you to replace the ssd on the apple laptop has anyone checked out if that is possible with that leak?
Side channel sounds scary AF, the kinda thing you go into a habbit role of madness to avoid if you're really paranoid.
Low Level Learning X Prime 🔥🔥🔥🔥🔥
I'd imagine your isPointer(value) function would be something like - The HW MMU knows the pages allocated to the virtual memory sandbox the application is in. So the HW cache looks at the upper bits of values in the cache and if they match a virtual page address mapped in that processes virtual memory sandbox, that's pretty likely to be a pointer. I think it'd probably just look a few resent cache page addresses, like a TLB. Scanning through all allocated pages would obviously be a performance loss in a L1 or L2 cache.
I still wonder why they don't use pointer tagging via hardware, its just 3 extra bits, how much more expensive that can be ?
Additionally, in normal operation at a hardware level there are probably patterns that repeat, so tracking state over time you could probably build an engine that could improve performance by guessing if the next operation "isPointer"
Cool cameo by LowLevelLearning!
lol "cameo" its a voice "cameo"
@@monad_tcp I don't find that "cameo" is limited to visual media
Pc: vulnerability found and lessons learned in 2016.
Apple: well let’s do it in 2024
idc if someone physically has my laptop, I'll consider it compromised. vulnerability discovered or not discovered.
Really!? If you run full disk encryption you simply would consider your data p0wned if someone has your laptop? What is the point of full disk encryption then? Why even bother?
@@nb6175 Why are you so upset about full disk encryption all of a sudden?
Ya i dont use full disk encryption. I guess if someone is willing to desolder my ssd and do electronics black magic with it, ill consider that they just have all my stuff anyway, regardless of if this vulnerability existed or not.
Yea, but there are a lot of people with very sensitive data on their laptop where it does matter. It wouldn't necessarily be catastrophic to me (annoying nonetheless), but I could imagine people in intelligence, defense and financial sectors would probably be more paranoid about something like that.
I missed the part where the article mentioned it was a physical exploit. It doesn't seem to be. It actually says any software can get this access and it doesn't even need sudo access.
I don't think Apple would compromise regular user performance because some people would desolder SSDs from macbooks (which is very annoying and time consuming btw) and apply a very specific exploit that can take 10 hours to get something.
My noob self caught mention of the XOR swap earlier this year and I looked it up and found articles but man was I too stupid to grasp their explanation. That bit magic eludes me.
It's simple:
a XOR a = 0
a XOR 0 = a
a XOR b = b XOR a
That means that:
a XOR b XOR a = b
b XOR a XOR b = a
Think algebra terms
To explain it further, a side channel attack is an attack that doesn't use flaws in something, but observes how it is working.
The famous example is the pizzerias near the Pentagon: The pentagon is extremely secure so knowing then they're planning something is (let's say) impossible... But when everybody is working, they eat at the facility, so you see a spike in orders at nearby pizzerias!
The spectre/meltdown attacks work by making the CPU think it's gonna load something by for example running a function repeatedly that always returns something. Once it's "trained", you suddenly make the function return something else. The CPU will have already returned the value you repeatedly calculated before, and it has to redo the operation once it sees it's wrong. By timing how long the CPU takes to correct the mistake you're able to understand what it's doing!
Spectre/meltdown use this to gather data about what is in cache (for example, doing a simple operation multiple times on parts of memory you can access, then suddenly try to do the same operation on a part of memory you can't access so the CPU does it, realizes it can't, and corrects the mistake while you time it), without actually ever reading the cache. Super cool!
Explanation about the actual attack is very simplified because I don't know how it works more in depth than this lol. It's black magic
For the memory leak from the cache, an attacker could tell the CPU to return values from memory outside the range of where data is protected because the branching prediction doesn't check the memory space restrictions, therefore you can effectively get some data from the branch prediction outside of its own memory space. The data may be inaccurate because it's only a prediction, but it's still data regardless.
Well pointers (that aren't null) tend to be big positive numbers, so I guess every big positive number is a pointer now.
Personally i wouldn't trust apple with an encrypted drive, who knows what kind of bs stunts could they pull.
That we still load cryptographic secrets into general purpose hardware with caching and branch prediction &c. Is absolutely insane plus a general backdoor into all current computers. We only use specialized hardware for login and disk encryption, so why not also for all other crypto with universal kernel support and a common little C library? And I mean since 2014 or so, when timing attacks on otherwise unreachable memory were a big topic for the first time?
Seems that only cryptographic algorithms running on Application Processors are at risk, not Secure Enclave(SE)-backed ones like FileVault on internal SSDs or login passwords. So applications that don't utilize SE, including encrypted Time Machine backups on external drives, are no longer secure until patched.
the M1 chip is just asking its AI cores trained on exabytes of pointer addresses to distinguish between what is a pointer address and what is not
All M2-MaX owners. Shall we start a Class Action to demand a M3 chip upgrade 😶🌫
This only works if your Mac is already compromised, it’s an issue with the silicon but if it gets to that point then your machine is already infected.
Wrong, you would not call your machine infected because you run JavaScript on Amazon page. When meltdown and spectre happened, js engines exposed enough precision in their timing APIs it was a viable vector of attack.
It’s very easy to imagine a looks_like_ptr() function. Only some ARM instructions allow pointer operands. So if you have some data that is the same as an ARM machine code which takes a pointer operand, and the “pointer” looks like a viable virtual address, then the data looks like a pointer.
Bitwise math is cool, and more people should know it in programming
2:00 for real, I always cringe when I see people with stickers on their laptops...
The way Mac's encrypt the drives is done via hardware keys. Im going to assume none of that stuff is really exposed to the OS.
Depending on the architecture, the keys could be read with an oscilloscope as it passes over the motherboard. This is how Xbox was hacked back in the day. I would assume it’s something different but hardware keys are no safer than software keys. If it’s stored in memory anywhere it’s vulnerable somehow.
@@emptydata-xf7psI just store mine inside the laptops body chassis on a post it note
irrc this doesn't impact the T1 or T2 chips but unsure what the usage of that is with respect to how they interact with the cpu or other processes.
just want to give a quick shout out to my man *LowLevelLearning* for such a great explanation about side channel hacks
"I don't put stickers on my laptop; I'm an adult. I like things clean."
One moment later:
"Raptor Lake, that's a badass name!"
I'm with chat on that one, you need stickers on your laptop 🤣
Be fair, considering physical access, you would not trust any device you can buy that will keep your secrets. No matter the overlords you decided to worship
If you're the processor, it's not hard to "guess" if something is a pointer. First of all, pointers tend to be word-aligned -- if your word is 64 bits long, it means every pointer will be a multiple of 8. Second of all, with Virtual Memory, your pointers don't have absolute memory addresses, but they're all relative to some base (that you, as the MMU, know). So the first guess would be: any word-sized value that's a multiple of 8 and is within this process' virtual page boundaries. Not all integers can be pointers in most architectures. Especially modern ones. This isn't something silly.
As an adult I have a crazy subs sticker, a remilia sticker and a drawing I made myself stickered all on the side. Only kids wouldn't sticker their computer that's for sure!
Apple owes everyone a refund. and maybe some damages.
Tim got cooked or He cooked apple fans ? 😂😂
I forget who said it first, but laptop stickers are the tech equivalent of prison tattoos.
@6:00 spectre works something like this:
1. Allocate Memory Array: The attacker creates a program that allocates a memory array.
2. Condition Branch Predictor: The attacker conditions the CPU's branch predictor to predict that a bounds check will pass.
3. Access Out-of-Bounds Memory: The attacker feeds an out-of-bounds address to the array.
4. False Branch Prediction: The CPU's branch predictor falsely predicts that the bounds check will pass.
5. Speculative Execution: The CPU speculatively executes code, including accessing data from the out-of-bounds address and using it to index another array (the "capture" array) owned by the attacker. This causes that part of the capture array to be put into cache.
6. Branch Misprediction: The CPU eventually realizes the branch prediction was wrong and undoes the speculatively executed code.
7. Cache Side-Channel: The CPU does not undo the cache fetching of the capture array, leaving traces of the speculative execution.
8. Access Time Measurement: The attacker measures access times to the capture array to determine which index corresponds to the data accessed speculatively.
9. Cache Eviction and Repeat: The attacker evicts the cache for the capture array and repeats the process.
Hoping I can run Linux on the new Arm-based Surface laptops. Keen for that battery life, performance and build quality but with an OS I can actually use for professional development work
It sounds like they're saying since they know the encryption function, the IsPointer function, and if IsPointer has returned true (since they can see if the cache has updated?), they construct a piece of data x that goes in like IsPointer(encrypt(x, key)) and if IsPointer returns true or false that narrows down the possible values of the key.
Calling Georgia Tech “JIT” is going to show up in my nightmares
Vulnerability != Exploit ;)
When governments think building a backdoor into encryption is a "good idea" .
Looks like a pointer = some regex match....But seriously who trusts hardware crypto? If you really want security use a non hardware accelerated cipher like Serpent (One of the AES competitors) via a reasonable software path, like transparent disk encryption before the OS loads. Yea, its slow.
Put stickers on your laptop 🤬🤬🤬🤬🤬
Crash different, total garbage!
Icestorm cores are the name for the efficiency cores. The performance cores are called Firestorm cores. Likely a reference to their impact on the thermal envelope of the CPU.
It's all about dangling pointers and backdoors.
One thing to note is that the XOR trick (17:38 - 20:57) doesn't work if both operands are the same variable (or accessing the same memory location).
a ⊕ a is always 0, which gets assigned back to a. Since both operands are now 0, a would always end up being 0 instead of its original value like it would be with a true swap.
It seems odd to swap a variable with itself, but could be concern if you implement this with a function that takes two pointers and then pass the same pointer to both arguments.
Here's an example in C.
#include
void xor_swap(int *a, int *b) {
*a ^= *b;
*b ^= *a;
*a ^= *b;
}
int main(void) {
int x = 5;
int y = 7;
printf("Before swaps: x=%d y=%d
", x, y);
xor_swap(&x, &y);
printf("Swapped x with y: x=%d y=%d
", x, y);
xor_swap(&x, &x);
printf("Swapped x with x: x=%d y=%d
", x, y);
return 0;
}
It prints the following:
Before swaps: x=5 y=7
Swapped x with y: x=7 y=5
Swapped x with x: x=0 y=5
I love how prime is just as intrigued by xor swap as I was.
I found it myself when trying to swap too variables without using an intermediate variable and I wanted to do it in a way that wasn't just using an intermediate behind the scenes.
then i quickly looked it up and was glad to see it was a very old algorithm
It's a feature: Hangman, you guess a letter, CPU tells you if it's in there or not.
Values tend to not use the full range of what numbers have to offer.
Take uint64. Most uint64s would fit into uint32...and most 32s into 16s.
For signed ints you would have that 1 significant bit for the minus then lots of zeros so
100000011 is probably -3
000000011 is probably 3
101101011 is probably a pointer
When you picked up your System76 laptop, I about vomited.
I used to own one, felt like overpriced piece of white-label junk (cheap plastic laptop with added branding and a significant markup).
I remember reaching out to S76 support for a replacement charger, and they quoted me something ridiculous like $200. A little too "premium" for me, tbh.
Most high watt laptop chargers are pretty expensive.
Responsible disclosure can also be "seeing active exploit in the wild". A theoretical attack that isn't being actively exploited is lower risk, but active exploits need to alert people so they can defend.
I would love to have the most performant and unsecure cpu in the world, to play games with it. I bet it could be designed to be really efficient, and low cost ;-;
Finally someone realizes how moronic and childish stickers on laptops are. Wondering how long it would be before someone actually realized it's stupid.
looks like a pointer in prefetcher is simply if this address was previously used as a pointer (and that instruction committed ok) then the prefetcher "learns" that information in what you can think of a "hardware table." So, address 0xdead was once accessed as a pointer, then prefetcher allocates a row in that table and remembers this address in case it sees it again in the future. Now there is another problem here: all these uArchitecture optimizations are left as is during context switches (too expensive to clean up everything,) so you could leak information across context too... It's can of worms that shows up with prefetchers and branch predictors
when there is an unfixable problem like this which is obviously the result of the creator, WILL THEY PROVIDE CHIP REPLACEMENTS FREE OF CHARGE TO THOSE EFFECTED WITH NON-CORRUPTED CHIPS??? because it certainly seems like they should, and be required to do so, legally.
Say what you will, it's impressive as hell that this backdoor was only found four years later. On an entirely new architecture that had lots of tech-savvy early adopters, to boot.
It was not found after after 4 years lol. It was made public after 4 years
@@pradhumnkanase8381 Fine, if you want me to be precise: found by people who did not put it there.
This is not surprising. However, the REAL issue is the system management engine or its equivalent. Don't use the cloud for sensitive data or applications. This is obvious. Don't do sensitive things on systems that are allowed to run unaudited or arbitrary 3rd party code. This is obvious. Don't do sensitive things on systems with untrustworthy users. This is obvious. All modern automated cryptographic security is security through obscurity. This is not a bad thing it's just the fundamental nature of information encoding, storage, retrieval, and transport. The side channel attack is not just a computer thing. It's how most espionage works. For example, information about a secret thing shows up as strange patterns in an unrelated budget, etc.
The CIA gave the head of Lockheed skunk works (Kelly Johnson) a personal cashier's check to develop the SR71 blackbird. He mingled the funds with his personal finances and paid suppliers in cash, keeping the entire program off Lockheeds books. It's not possible to keep important secrets only to increase the relative entropy of the environment or system they inhabit.
It doesn’t require physical, as in touching the processor, access. You need access to the same processor as another process you want to infer information from
Hmmm 🤔
Extremely hard to find (and implement) exploit for an entire chip architecture put on blast w/o much context.
Maybe this information was aimed at c-suite types.
Need a PhD in CPU architecture to understand that it’s actually not very dangerous.
I wonder who would put so much effort into such a thing.
See we kept telling you all NOTHING is safe lol. They just found a low level backdoor into Linux too. Windows is not lonely at all in this manner roflol. Funny thing is Windows 12 is rumored to be much more like Linux and its compartmented design.
So the only way to 'patch' this, is to replace the cpu, with a different cpu. Fortunately, Apple make this ~ oh. Wait ... [scratch chin]
This could maybe become a problem.
In their defence, I believe it can only be done if you have physical access. Like Spectre and Meltdown and all the others so far, there has been wailing and howling and gnashing of teeth, and you can get demo code on the internet, in Java, that works, but how many people have actually lost anything or been compromised or exploited by a bad-guy, because of these things?
"If it happened in a server, between two different virtual machines, then Coke isn't going to scream that Pepsi have stolen their recipe."
Yeah, valid point, but it's been ten years, and not one single case has come out where the claim is that it's happened. AMD are making encrypted memory for Gord's sake, just to make the rabbit-hole deeper.
~ When I started studying computers in 1995, we asked a lecturer about security. "Is absolute computer security even possible?" His response (30 years ago) was that nothing that goes onto or into or through a computer, can be called secure. If it is a secret, then don't put it in the same room as a computer, especially a comp that has Internet access, because once it's been in the same room as a computer, it isn't a secret any more. There are of course, steps you can take to make access more difficult, but you can't guarantee secrecy or security. There is (or was) an old joke / lesson about a Chinese Emperor, who asked his army chief about security, and so the chief took him out in the country and helped him dig a hole, and climb down into it, and then rolled a stone over it. "Now you're secure." That's about the state of things with computers. Except with computers and IT, they can dig your corpse up and stick a clown-nose on it ~
System76 had systems that were vulnerable to unpatchable hardware flaws in the past (you know, like the spectre/meltdown you talked about), stop acting like you're so superior for having one lmao
You talked about "being an adult" but your method of talking about this is kinda childish
@Primagen To your comment about "I am only a programmer for XX years": I think to be good in cryptography you basically have to work with it, no matter how long you do it, you might never cross that field. I think, this one remark shows, how deep this illusion goes in us all, that we simply have to know everything after some time.
Which is why I disagree with that terrible psychological advice you gave lately, that impostor syndrome is only if you think too much about yourself.
Especially in todays' world, where self reflection is a deficit.
Oh wow, another overhyped vulnerability we'll never see actually leveraged in the wild because it's such a sophisticated vector of attack... Cool story bro.
I don't even like Apple, but frankly this is not newsworthy...
Actually is not skill issue on the chip itself. Its on who implement the criptografic algortihm. The CPU can give you diffrent speed depending on what you encrypt/decrypt. its hard to make the time constant across multiple blocks, cause speed is needed to mass encryption. Basically what do you want? Super speed on encryption, or slower speed but constant time?
It's a number between zero and 260 trillion... put another way your 48 bit machine can not have more RAM than 260 Terabytes. It would be a 64-bit value with the first 16 bits all zeros.
You've been programming for how long and don't know what a side channel attack is? Wow. You probably don't even know what constant time algorithms are. Time to learn a whole new way to write software...and how hard it is to get it right while maintaining performance. Let me also introduce you to the OWASP Top 10.
Although it's beyond my current ability as well, to design a pointer detector, where I detect you barking up the wrong tree is in that you're talking about programming the pointer-detector using code (instructions), while the actual pointer-detector implementations you're pondering, are implemented in logic gates, so there may well be an "is pointer" flag-bit or register or something else physical which can be checked to see if the 64-bit value is a pointer.
I realize that's not the same as "looks like" a pointer, but my point is that this is occurring in hardware, not software.
errrr no ... spectre / meltdown - yes, those were speculative branch predictor exploits, but the problem was that the predictor, while trying to predict execution path - it would NOT care about memory security. It was perfectly allowed to read from anywhere in memory (even protected one) via dead branch (like if(false) but a bit more complex) and then make the write create an delay dependant on the value read. The alive branch of your code would simply time it and figure out what was the result and store that tiny bit of information somewhere for you. Alto process was very slow, limited to few bits (maybe a byte) at a time, if this was stuffed in a infinite loop one could read whole region of memory. Of-course nobody would do that, since I don't want to see your dikc pics, but I would love to know your banking access key I would only read small region of memory containing that.
This pales in comparison with heartbleed that would just memcopy your whole server memory via TCP ;)
i swapped to popOS cuz of yall, system76 looks great price wise. hadn't heard of them before. hope you get commission or osmethin lmao
and people still trust Apple. I mean, I hate Apple but I'm free market Capitalist because facts, and the monopoly claims are just ridiculous. Limiting interactivity with your products is not a monopolistic practice, is just the use of freedom of association. If other companies can't compete with Apple within the Apple users market doesn't mean the other companies can't produce a similar walled Garden.
Grow to be 6'4" 230 lbs and I assure you no one is stealing your latop from you.M1 Max here. Best machine Ive ever woned. No doubt thee most secure machine ive ever had
This isn't really only a vulnerability with physical access, right? If you managed to copy any encrypted data from some drive and run it through your own M1 processor, couldn't you capitalize on the same vulnerability?
Just watched low level learning video
Looks like a pointer? Maybe it's checks if it looks like a valid memory address which code could point to?
So it widely known that M3 sales are trash and somehow conveniently M1/M2 have flaws where by Researchers, Finance and Companies are potentially now spending millions to go buy new laptops?
I thought "vendor approval" aka Apple's sign off as thing was weird/strange until I realized that Apple might be shitty about bugs / potentially ruin people's lives.
"I have no idea how to tell if something is a pointer or not"
you can tell from the value.
Print out some pointer values sometime.
0:54 You will have to be able to write the paper and document this before you release. I'd say 5 days, or perhaps you'd just like to publish a reproducable script on exploit-db? Rule of thumb is that you shut up unless somebody else knows. Or if you are a bounty hunter, you wait for the check to clear.
Has Apple mentioned being able to disable DMP on the M3 chips (they have the ability to turn it off for a performance hit unlike M1/M2)?
That guy punching you in your face for a laptop though is going to turn around and trade it for meth though, it'll probably be on eBay or Kijiji without someone ever spending the time and resources required to decrypt a drive and look for banking passwords.
So Apple had Heartbleed in their architecture for years? How they did not check this possiblity already when it was found in x86???
Well, every other modern CUP is vulnerable to the same exploit because they all use the same predictive hardware optimisation. So not limited to just apple silicon. Good explanation vid here: ruclips.net/video/YRohz9VO1YY/видео.html
Love Low Level Learning
Funny, Apple is having a hard time getting people to upgrade from M1 and M2 laptops. Interesting timing for the announcement heading into Q2. lol
Prime: I have no idea how to tell if something looks like a pointer!
Me: ... you should really learn to use a debugger,,, or at least printf some more pointers 🤪