Those who enjoy PlayStation 4 eye candy may recall seeing PS4 System Controller High-Res Images awhile back, and recently Volodymyr Pikhur passed along some PS4 APU (Accelerated Processing Unit) Floor Plan High-Resolution Die Shots from Oleg Kashirin and Fritzchens Fritz (Twitter) alongside slides and a PoC of Vpikhur's presentation at Toorcon 2019 via Twitter. 
Previously Vpikhur contributed to the PS4 IPL AES + HMAC Key Recovery Project, REcon 2018 PS4 Slides, PS4 Persistent Hack Notes, PS4 Kernel Dumper Original Exploit Code, the EAP work including side-channel analysis, glitching and ROM recovery for PS4 Aux Hax Parts 1-3 and EMC (External Micro Controller) key material recovery image traces in PS4 Aux Hax Part 4.
Excerpts from the embedded Tweets below:
So after discovering PlayStation 4 SAB BootROM it is now pretty straight forward to see where is AMD PSP BootROM sits just looking at high-res floor plan pictures.
And a pretty neat site for large die-shots in google maps style:
And from the presentation README.md: 2019 Toorcon
Writing PoCs for processor software side-channels
Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels. Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE-2019-11091. What one should pay attention to and how understanding of results and its validation is the most important factor.
Previously Vpikhur contributed to the PS4 IPL AES + HMAC Key Recovery Project, REcon 2018 PS4 Slides, PS4 Persistent Hack Notes, PS4 Kernel Dumper Original Exploit Code, the EAP work including side-channel analysis, glitching and ROM recovery for PS4 Aux Hax Parts 1-3 and EMC (External Micro Controller) key material recovery image traces in PS4 Aux Hax Part 4.
Excerpts from the embedded Tweets below:
So after discovering PlayStation 4 SAB BootROM it is now pretty straight forward to see where is AMD PSP BootROM sits just looking at high-res floor plan pictures.
- https://misdake.github.io/ChipAnnotationViewer/?map=Matisse_IOD
- https://misdake.github.io/ChipAnnotationViewer/?map=Zeppelin
- https://www.flickr.com/photos/[email protected]/47276740821/
- https://www.flickr.com/photos/[email protected]/47276992391/
And a pretty neat site for large die-shots in google maps style:
And from the presentation README.md: 2019 Toorcon
Writing PoCs for processor software side-channels
Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels. Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE-2019-11091. What one should pay attention to and how understanding of results and its validation is the most important factor.
- Original Link: https://talks.toorcon.net/toorcon21/talk/KE9SYU/
- Slides: Writing PoCs for processor software side-channels.pdf
