#qi-hardware IRC log for Saturday, 2013-08-03

hellekinwpwrak: http://www.itba.edu.ar/es/capitan-beto-como-participo-el-itba-en-el-primer-nano-satelite-de-la-argentina-que-entro-en-orbita02:43
hellekinall: https://spritesmods.com/?art=hddhack recycling old HDD to make new computers? :]02:44
hellekinthis hack is really awesome :]03:12
kyakreally, really scary07:27
kyakit would've been better if he just booted Linux on HDD, without all that baclkhat stuff07:28
whitequarkbetter for whom? :)07:38
kyakbetter for my piece of mind07:48
whitequarkignorance is bliss07:50
DocScrutinizer05lol18:42
DocScrutinizer05the videa connector is a tad clumsy18:43
DocScrutinizer05video even ;-)18:43
Action: DocScrutinizer05 ponders to xor all data written to HDD18:45
rohhey doc18:45
DocScrutinizer05hi roh18:45
rohxor data (video) to hdd? ive seen that... the key was the manuf string x-)18:46
DocScrutinizer05context been the (possibly malware) hacking of HDD firmware18:46
DocScrutinizer05the supposed exploitation vector is to trigger the payload by injecting a keystring by whatever means so it gets written to HDD18:47
DocScrutinizer05won't happen when I xor all data to and from HDD18:47
DocScrutinizer05https://spritesmods.com/?art=hddhack18:48
DocScrutinizer05no true encryption but good enough for a lot of nonsense attacks, incl this one18:49
DocScrutinizer05btw on my boxen such an attack was futile anyway - no password auth allowed on any of them, only ssh key18:50
whitequarkDocScrutinizer05: you could use timing+size then18:51
whitequarkwhich is way less reliable due to cache effects though18:51
DocScrutinizer05but the right thing to do is to sell a HDD fw md5sum'er now18:52
DocScrutinizer05or HDDs with cryptographicaly secured fw ;-P18:53
DocScrutinizer05heck, a highsec BIOS that does a HDD FW checksum on early boot18:54
DocScrutinizer05UEFI must be capable to implement such shite18:54
DocScrutinizer05or you simply buy new hw each time you have suspicions that your box got rooted18:55
DocScrutinizer05;-P18:55
DocScrutinizer05but it with malware already installed XP18:55
DocScrutinizer05several stories about such backdoors in WLAN FW are urban legend18:56
DocScrutinizer05btw I wonder if it occurred to that hacker that the m3 core maybe does SMART, thermal management, and a few other "irrelevant" tasks19:03
DocScrutinizer05>>The Cortex-M3 handles... nothing? I could stop it and still have all hard disk functions.<<19:04
DocScrutinizer05awesome hack nevertheless19:05
DocScrutinizer05btw >>The kernel is built for a MMU-less CPU (the disk controller doesn't have one) and only has a driver for the serial port. A MMU-less kernel unfortunately needs a specially formatted bit of userspace too.<< been when I stopped trying to get any reasonable unixoid OS running on my Amiga100019:07
DocScrutinizer0568010 has no MMU19:08
biothence all the guru mediations :)19:09
biotwell, that and all the bugs that tried to write to the wrong addresses19:09
DocScrutinizer05when I learned that all binaries of minix were meant to load on same virtual memory addr, I finally resigned19:09
DocScrutinizer05several year before I honestly looked into geting SCO(?) unix sources and a free PDP-1119:12
DocScrutinizer05they came of 5 tape reels or sth, for only a few 1000 USD19:13
DocScrutinizer05btw I had pretty few guru's on my amiga19:15
DocScrutinizer05plenty of RAM (some 8 MB or sth), and virually no games19:16
DocScrutinizer05and of course a havily cusomized kickstart19:16
roh .oO(thats no computer, its an electric heater which can do some easy calulations on the side)19:26
DocScrutinizer05hehe, yep19:39
DocScrutinizer05for 1980'ish though it been fine, even when not top notch19:40
DocScrutinizer05if you refer to the PDP-1119:40
rohsure.. but maybe we should not build heaters anymore but 'cloud cluster computers' with watercooling ;)19:40
DocScrutinizer05the Amiga1000 I'm still sad I lost it19:41
DocScrutinizer05hell, that thing cost me a month's salary back when. And RAM another, HDD (50MB) a third19:43
DocScrutinizer05and it been worth every penny19:44
kyakheh, yes, you simply reflash all firmwares that can be reflashed, along with OS clean install :)20:45
wpwrakhellekin: the HD hacking could be useful for sending the spies watching over us something to have fun with23:26
DocScrutinizer05hehe23:26
DocScrutinizer05damn SATA, the good ol' IDE drives would even have allowed to completely take over the IDE "bus" and thus maybe rewrite the MBR of master drive23:28
DocScrutinizer05or the firmware ;-P23:29
wpwraka friend once receives some malware that corrupted every nth bit written to disk. not sure if this was floppy or hard disk. it was a long time ago.23:29
DocScrutinizer05funny23:29
wpwrak"n" was a function of time. the interval got shorter. for several weeks, it wasn't noticeable at all.23:29
DocScrutinizer05eeeek23:30
wpwrakbut yes, it must have involved floppies. because it also affected backups.23:30
DocScrutinizer05no write-verify?23:30
wpwrakit apparently read back fine at the level where this is done23:31
DocScrutinizer05long ago there's been a thing called verify-after-write (OWTTE)23:31
DocScrutinizer05ooooh23:31
wpwrakin the hdd case, you could use a PRNG, so the bit position is predictable. generate a new seed each time the disk powers up.23:31
wpwrakthat way, you could "correct" the bad data when reading back23:32
DocScrutinizer05seems like sth similar is already implemented in virtually all modern HDD23:33
DocScrutinizer05sth like "BIOS HDD password"23:34
wpwrakyes, but this would be more subtle. you could still use the disk for a long time, with the amount of corrupt data slowly increasing.23:34
DocScrutinizer05aaaah, my "rocket" is charged again :-)23:35
wpwrakand any new damage would be completely hidden until you power-cycle. ideal for laptops.23:35
wpwrakas an added benefit, if the algorithm flips bits, you'd have a small number of transient errors that change each time you power-cycle23:42
wpwrakchances are that you'd never figure it out :)23:43
DocScrutinizer05http://events.ccc.de/camp/2011/wiki/R0ket23:46
wpwrakah yes, i've seen that one. cute :)23:47
--- Sun Aug 4 201300:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!