Errata

This page highlights some errors in the book. Some small, some large.

Academic References

Originally we included references to various seminal work on topics discussed in the book, as any good academic would. Due to the flow of typical NSP books (which don’t tend to include references except where specific examples are needed) many of these were removed.

The lack of references to certain papers is not a slight at the authors. We’ve also included some specific “to be added” references where we realized the editing went too far.

Chapter 1

Xenium ICE Modchip Summary is Incorrect

PAGE: 9 - 10

SEVERITY: Medium

ATTRIBUTION: Felix Domke

The following text is given in describing a specific mod chip:

A Xenium ICE modchip on the left in Figure 1-4 is soldered to the main
Xbox PCB in order to perform its attack. The board automates a fault injection
attack to load arbitrary firmware*

Notes from Reporter

The Xenium ICE modchip is just an LPC device that override the boot ROM. It does not automate a fault injection attack at each boot, but rather just disables the on-board flash and causes the boot vector to be fetched from LPC ref.

Modchips that do automated fault injection would be Xbox 360 RGH modchips (though one could debate if the short triggering of RESET is so much a fault injection or rather a logical CPU bug, but that’s probably a discussion on its own…)

Authors Notes

The RGH modchip was the intended one to referenced, as the ‘reset glitch’ was (by the authors) suggested to be a weaponized fault injection example. But this was the wrong mod chip we used in the book as we failed to double-check which ones did what attacks.

Appendix A

Fluke DMM probes are “TL910”, not “TP910”

PAGE: 426 - 427

SEVERITY: Medium

ATTRIBUTION: Alex Hude

At two points in the text a reference to the “TP910” probe type is made. This does not exist. It was supposed to be a reference to the “TL910” probe, which is a model number you can actually buy.