If you need assistance, please send an email to forum at 4hv dot org. To ensure your email is not marked as spam, please include the phrase "4hv help" in the subject line. You can also find assistance via IRC, at irc.shadowworld.net, room #hvcomm.
Support 4hv.org!
Donate:
4hv.org is hosted on a dedicated server. Unfortunately, this server costs and we rely on the help of site members to keep 4hv.org running. Please consider donating. We will place your name on the thanks list and you'll be helping to keep 4hv.org alive and free for everyone. Members whose names appear in red bold have donated recently. Green bold denotes those who have recently donated to keep the server carbon neutral.
Special Thanks To:
Aaron Holmes
Aaron Wheeler
Adam Horden
Alan Scrimgeour
Andre
Andrew Haynes
Anonymous000
asabase
Austin Weil
barney
Barry
Bert Hickman
Bill Kukowski
Blitzorn
Brandon Paradelas
Bruce Bowling
BubeeMike
Byong Park
Cesiumsponge
Chris F.
Chris Hooper
Corey Worthington
Derek Woodroffe
Dalus
Dan Strother
Daniel Davis
Daniel Uhrenholt
datasheetarchive
Dave Billington
Dave Marshall
David F.
Dennis Rogers
drelectrix
Dr. John Gudenas
Dr. Spark
E.TexasTesla
eastvoltresearch
Eirik Taylor
Erik Dyakov
Erlend^SE
Finn Hammer
Firebug24k
GalliumMan
Gary Peterson
George Slade
GhostNull
Gordon Mcknight
Graham Armitage
Grant
GreySoul
Henry H
IamSmooth
In memory of Leo Powning
Jacob Cash
James Howells
James Pawson
Jeff Greenfield
Jeff Thomas
Jesse Frost
Jim Mitchell
jlr134
Joe Mastroianni
John Forcina
John Oberg
John Willcutt
Jon Newcomb
klugesmith
Leslie Wright
Lutz Hoffman
Mads Barnkob
Martin King
Mats Karlsson
Matt Gibson
Matthew Guidry
mbd
Michael D'Angelo
Mikkel
mileswaldron
mister_rf
Neil Foster
Nick de Smith
Nick Soroka
nicklenorp
Nik
Norman Stanley
Patrick Coleman
Paul Brodie
Paul Jordan
Paul Montgomery
Ped
Peter Krogen
Peter Terren
PhilGood
Richard Feldman
Robert Bush
Royce Bailey
Scott Fusare
Scott Newman
smiffy
Stella
Steven Busic
Steve Conner
Steve Jones
Steve Ward
Sulaiman
Thomas Coyle
Thomas A. Wallace
Thomas W
Timo
Torch
Ulf Jonsson
vasil
Vaxian
vladi mazzilli
wastehl
Weston
William Kim
William N.
William Stehl
Wesley Venis
The aforementioned have contributed financially to the continuing triumph of 4hv.org. They are deserving of my most heartfelt thanks.
Registered Member #96
Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4061
Hi, did anyone see the article suggesting that nearly all laptops could be vulnerable to this attack?
I was more intrigued with the possibility of implementing an AI on a standard x86 laptop using 2GB RAM and a bootable DSL pendrive which would be unprecedented.
see below.
" Re. RowHammer
Interestingly I suggested quite a while back something along these lines to implement a neural net using Flash memory, and actually have some schematics here for an AI that uses this exact technique to get nearly-quantum level speedup effects using a bootable pendrive that runs DSL and then uses the leakage between the memory cells (has to map out chips and look for correlations but that is doable) to run the NN."
my original post on using inter-cell gaps on large Flash chips to implement an analogue neural net was quite a while back, wonder if anyone has tried it yet?
The same technique should also work on the RaspPi Model B+ as it has the same 1GB DDR3 chip as most RAM and is pretty simple to overclock by changing a single crystal to a programmable oscillator. This would obviously break the HDMI and composite outputs due to timing issues but for such tasks you would simply drop the clock back down to stock for readout or use a second Pi or Arduino just for readouts.
The CPU on the Pi should run best at a low (ie 7C) temperature and the RAM chip kept at +65C with a feedback loop to keep it on the edge of instability without it fully crashing.
EDIT: Got a response back but have been asked to keep the exact wording secret until I have working exploit code. Seems that this approach is actually used on some variants of the Block Erupter to get slightly higher performance with lower core number by using two CPUs to check each other's work.
EDIT 01/09/15:
Have working prototype on old DDR2 based laptop, seems to behave as expected. the trick is to run it from the cpu cache only with a high speed low density module in position 1 and the 2GB in position 2 on the extensa 5xxx which allows DSL to work without crashing. then map the 2GB as high speed low refresh for maximum entropy.
Registered Member #96
Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4061
Hi all. I am not sure why, but pretty sure this wasn't actually all my fault as the problem on my x520 suggests that the BIOS chip on some laptops incorrectly reads the SPD data (serial presence detect) upon resuming from sleep. The issue here is that some netbooks and for that matter many commercial laptops even production models are *very* sensitive to voltage spikes over the USB eg from plugging in an external hard drive. The effects can be bizarre to say the least, have experienced subtle corruption of the hard disk that only manifests under very specific repeatable circumstances. I also observed what appears to be firmware corruption on the drives when looking on a Toshiba c650d (similar DDR3) as key sectors of even a wiped drive show areas that are much slower than normal (50ms rather than 3ms) If so this could be a new form of BIOS rootkit that can evade all known detection and is worth documenting.
Also relevant, it seems that 28Si is the quantum "magic bean" here and chips from certain geographical locations may be more vulnerable than others. Its possible to test this indirectly by heating up a given batch of modules under rowhammer testing and looking for any showing instability; I did just that a while ago and it is a very effective test. Its worth mentioning that older generation laptops using ecoROHS seem a lot more likely to yield sensitive modules and in fact pc8500s is particularly prone to this. Overclocking a "good" module on purpose is a very effective way to test it, and map out any suspect areas for high reliability systems eg for servers. Just be sure to reverse the overclock, it isn't actually possible to break memory this way as it is a quantum effect and thus does not permanently damage anything provided that the chips stay within their Top max. I got a test stick up to close to twice its rated speed before it finally gave out and threw errors
This site is powered by e107, which is released under the GNU GPL License. All work on this site, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 2.5 License. By submitting any information to this site, you agree that anything submitted will be so licensed. Please read our Disclaimer and Policies page for information on your rights and responsibilities regarding this site.
Rowhammer
