#qi-hardware IRC log for Sunday, 2013-11-03

wpwrakah, gimp doesn't know how to open stl. how lame :)01:05
wpwrakDocScrutinizer05: btw, if you have a bunch of zeners/varistors/etc. for ESD and they're getting in the way, would you consider placing them on the other side of the PCB (with vias, very short traces) ... 1) no problem, 2) idiocy, 3) acceptable ?12:34
DocScrutinizer05hmm, please elaborate! sounds interesting12:35
DocScrutinizer05aaah sorry12:36
Action: DocScrutinizer05 needs more coffe evidently12:36
wpwrakit's for USB. i have too much stuff crawling between connector and MCU and not a lot of room to increase that space. so i12:36
DocScrutinizer05yeah, already got it sorted12:36
DocScrutinizer05good question12:36
DocScrutinizer05from my guts feeling those guts say "no way"12:37
wpwrak'm thinking of moving some stuff to the other side of the PCB. the ESD critters would be first. [...]12:37
DocScrutinizer05ESD as close to the "port" as possible12:37
wpwrakhmm. i was afraid you'd say that :(12:37
DocScrutinizer05so you can move ESD *and* port to the other side12:38
wpwraknaw, port is too tall12:38
DocScrutinizer05well, probably if you do in-pad vias or almost at least, and place the ESD-prot <1mm away from where the via appears on the other side, and keep the via area clear of all other traces on all layers (5mm radius), then... you may get away with it, I'd say12:40
wpwraki don't have 5 mm clearance anywhere12:40
DocScrutinizer05you know, so that ESD component is <1mm away from port, and all sensitive traces >5mm away from "hot trace"12:40
DocScrutinizer05generally all trace between port and ESD is "hot"12:41
wpwrakright now, they're quite contained. 12:42
DocScrutinizer05NB my very uneducated guess12:42
DocScrutinizer05you always need to keep clearance between hot and any other signal trace >2* the clearance/"sparkgap" between hot and GND/VDD12:43
wpwrakwell, if it comes to that, i guess one would have to coat the area12:44
DocScrutinizer05more than 2 times, if nasty things like vias are involved12:44
wpwrakon http://downloads.qi-hardware.com/people/werner/anelok/tmp/anelok-20131005.png12:45
wpwrakmiddle image, the USB B connector is on top, right of the battery12:45
wpwrakthe four components immediately below it are my ESD critters12:46
wpwraknot that the D+/D- pair already needs a via anway since there's no other way to get to ground12:46
DocScrutinizer05ugh, the gnd of the data tranzorbs is via12:47
DocScrutinizer05yeah, what you said12:47
DocScrutinizer05this won't fly12:47
DocScrutinizer05consider finding a plug with integrated ESd12:48
wpwraki don't think that even exists :)12:48
wpwrakactually, it's not USB B but USB AB. also still need some more coffee to start :)12:49
DocScrutinizer05I'd also spend more copper on left side grounf path12:49
DocScrutinizer05looks like a nice inductivity12:49
DocScrutinizer05almost as bad as a via12:49
wpwrakyeah, the traces are a bit thin. but that's optimization left for later12:50
wpwrakheh ;-)12:50
DocScrutinizer05path to chip is nice and wide, path to general ground tiny12:51
DocScrutinizer05sure way to kill the chip12:51
DocScrutinizer05how about placing the vias under the port?12:54
wpwrakhow about vias and coating the traces until after the vias and the "hoy" side of ESD on top, too ?12:54
DocScrutinizer05now I got it! :-)12:55
wpwrakthere's no room there and it's keep-out anyway12:55
wpwraks/hoy/hot/12:55
DocScrutinizer05you go with vias to other side *only*. there you place ESD on the traces and go back to component side with another set of vias12:56
DocScrutinizer05the 'primary' vias need to be *under* the port, I.E. above the pads of the port12:56
wpwrakah no, i was thinking of branching. otherwise it gets even more crowded12:56
wpwrakwhat you're describing is a through-hole micro usb connector. that's yet another thing that doesn't exist ;-)12:57
DocScrutinizer05the aread under the port pads needs a GND trace12:57
DocScrutinizer05s/under/below13:00
DocScrutinizer05ok, you place the primary vias where now your 'primary' ESD pads are13:01
DocScrutinizer05you get a contiguous GND trace from right side mech post of port across all 'secondary' ESD pads to left mech post of port, as "lighting catcher"13:02
DocScrutinizer05you come back with the signals to the upper side by vias wherever you see fit13:03
DocScrutinizer05since you don't need the "huge" pads for the tranzorbs you can move that vias a tad closer to the port and you don't need the 'secondary' pads of tranzorbs so you gain some more space to place the secondary vias somewhere there13:06
wpwrakhmm, tricky. it does sound nice, though.13:07
wpwraki'm surprised that there don't seem to be chips with TVS arrays suitable for USB13:12
wpwrakthere are tons which are simple arrays or that have GND, sometimes both rails, in the middle13:14
wpwrakall topologies that are rather useless for USB13:15
wpwrakit's also surprising how many even use a "barrier" topology. most have the contacts all around the package, so you're guaranteed to have "hot" and "cold" traces next to each other.13:19
wpwrakthinking of it, doesn't solder stop pretty much prevent this kind of arcing ?13:19
wpwraksolder mask i mean13:19
DocScrutinizer05not really14:25
DocScrutinizer05solder stop isn't a great high voltage isolator14:25
DocScrutinizer05I'm not even sure if it counts as isolator at all, technically14:26
whitequarkDocScrutinizer05: is it a conductor then? :D14:45
DocScrutinizer05I guess it's electrically inert14:47
DocScrutinizer05isolating for low voltages, mostly by keeping a certain mechanical distance aka "air"gap14:48
wpwrakso it's basically "solid air" ?14:49
DocScrutinizer05I'm quite sure it's not really a warranted sealing, electrically. IOW it may have microscopic cracks or holes14:49
DocScrutinizer05wpwrak: exactly14:50
DocScrutinizer05unless product specs say otherwise14:50
wpwrakDocScrutinizer05: like this ? http://downloads.qi-hardware.com/people/werner/tmp/esd-moat-and-bridge.png15:51
wpwrakthe ground on the TVS side is a little flimsy. there would be a little more copper in the real circuit.15:52
DocScrutinizer05probably almost perfect15:54
wpwrakkewl :) thanks !15:54
wpwrakit's indeed only marginally larger (on the USB side) than what i presently have15:54
DocScrutinizer05ideally signal travels *through* the ESD component pad, not a T-split between signal path and ESD path15:55
wpwrakmmh, there's the problem with narrow spacing of the inner contacts again15:56
wpwraki.e., it would have to "fan out" a lot15:56
DocScrutinizer05and i'd spend some more vias for the GND side of the transzorbs15:56
DocScrutinizer05at least one via per component15:57
DocScrutinizer05ideally more15:57
wpwrakRF hardening ;-)15:57
DocScrutinizer05similar, yep15:58
DocScrutinizer05ESd and RF share many properties15:58
DocScrutinizer05basically ESD is an extremely powerful and sharp RF burst15:58
DocScrutinizer05"funken" - you see?15:59
wpwrakhehe :)15:59
DocScrutinizer05ever heard of andy G. again?16:01
wpwraknaw, he just disappeared16:12
wpwrakso this would be the "ideal" design then ... http://downloads.qi-hardware.com/people/werner/tmp/esd-moat-and-bridge2.png16:14
wpwrakin the end, it may actually be a little shorter than the first one, since i also have to add D+/D- series resistors, which can fit between the vias in this case16:15
wpwrakthe freescale documentation is a little annoying in that regard. all the principal documentation doesn't mention them. you only find them in a "peripheral quick reference", which is really the design guide16:16
wpwrakDocScrutinizer05: if you want to please the tin foil hat crowd, you may want to add a low-pass filter on all the audio channels: https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_398.html#c214665116:32
wpwrak(that's about the "badBIOS", a supposed malware that communicates beween affected system via high audio frequencies, thus bypassing any network protection)16:33
DocScrutinizer05pretty16:37
DocScrutinizer05lol, forget badBIOS, a terribly poor hoax16:38
wpwrakis it "officially" a hoax ? because what i heard about it sounds entirely plausible16:39
DocScrutinizer05once systems are infected, they don't need to talk to *each other* anymore. And before a system gets infected, no sound in this universe will infect it16:39
DocScrutinizer05and you definitely will notice any nonsense like ultrasonic communication between devices16:40
wpwrakthe scenario seems to be a bit different. don't think "infected regular pc" but "infected 'isolated' system". especially with an "air gap"16:40
wpwrakthis guy claims to have tried such an audio channel and it was unnoticeable: https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_398.html#c214351316:41
DocScrutinizer05(layout) just still too few vias on GND side of tranzorbs - unless the whole reverse side is GNDplane and has more vias elsewhere16:41
wpwrakeven at 1 kbps, which seems crazily fast16:41
DocScrutinizer05I just don't buy that16:42
wpwrak(vias) i simplified :) it's not part of the real circuit, just a drawing16:42
wpwrakfor the "air gap", the scenario would be like this: you have some separate vector to infect the systems, e.g., via a USB stick or such.16:44
wpwrakonce you have two infected systems in the same room, one the isolated system and the other the network-connected system, they can establish communication. the network-connected system then acts as a relay.16:45
ysionneauDocScrutinizer05: FTR the guy never said infection spreads over the air via HF16:45
ysionneauhe just said that *once* infected, there is network communication going over the air16:45
wpwrakthere are obviously a lot of assumptions in such an attack. but then, just look at what went into stuxnet ...16:45
ysionneauif you assume a company paying a 10 medium experience guys team for 1 year, a lot can be done :)16:46
wpwraki.e., the attacker may have detailed knowledge of how you operate. they may even know the room where the target systems are.16:46
DocScrutinizer05what's the mic in both such airgap machines? I hope nobody would consider using laptops for that?16:53
wpwraklaptops, smartphones, ...16:53
DocScrutinizer05o.O16:53
DocScrutinizer05uh?16:53
wpwraklaptops make it easier because they have a well-defined configuration16:53
DocScrutinizer05c'mon, an airgap setup is a high security scenario. No troll would ever think of using a laptop in the highsec isolated LAN16:54
wpwraki.e., if you can identify the laptop type you also know the microphone/speaker/etc. characteristics16:54
wpwrakhah. if you knew ... ;-)16:55
wpwrakdid you read the end of this post ? https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_398.html#c214351316:55
dos1remember "internet ceszus"?16:55
dos1census*16:55
DocScrutinizer05no, it felt too silly16:55
wpwrak"I just saw an IT boss charging his smartphone from the USB of an air-gapped computer."16:55
dos1there was nice quote16:55
DocScrutinizer05ooh the census16:55
wpwrakdos1: you mean the morris worm ? ;-)16:56
dos1"As a rule of thumb, if you believe that "nobody would connect that to the Internet, really nobody", there are at least 1000 people who did."16:56
dos1apply the same to laptops on separated networks :)16:56
dos1wpwrak: nope, that recent one16:57
DocScrutinizer05well, theoretically feasible, but highly unlikely to fly, and not exactly a "mass market" attack. Tailored to fit one well defined scenario it might work16:57
DocScrutinizer05and what? this stuff is supposed to infect all sorts of PC via a hacked USB memstick that magically injects stuff to the bios?17:07
DocScrutinizer05hardly? or maybe I got that detail wrong17:07
DocScrutinizer05sorry have to run or my GF will kill me17:07
mthI think it's strange that he claims it infects the BIOS but didn't make a BIOS dump yet to confirm that19:44
mthsame with the audio communication, he could put a scope on the speaker pins or get equipment that records ultrasound19:45
mthif I thought something infected my machines I'd have done that already and I'm not even a security researcher19:45
ysionneausecurity guy who does mostly software would not have a scope I guess19:49
ysionneauand scope than can record HF can be expensive19:49
ysionneauthat*19:49
ysionneauhum, in fact no it's not expensive19:49
ysionneaubut still you need the scope :)19:49
mthI don't own a scope either, but if something that extraordinary was happening I would buy one or get a friend over19:50
ysionneauindeed19:50
ysionneauthat's weird19:50
ysionneauI asked him on twitter about if he had recorded those HF somehow19:51
ysionneauor just visualized them with a scope19:51
ysionneauI got no asnwer19:51
ysionneauanswer*19:51
mthalso it blocking firmware flashing guides; as long as you still have an uninfected machine that's not a problem19:52
mthyou only have to sacrifice one USB stick to transfer the files19:52
mthplus if this thing is real, lots of people will want to have a look at an infected stick, so it's not even a loss19:53
cdefear, uncertainty and doubt19:56
cdeI guess many more people will go to his conference now ;)19:56
wpwrakwell, there are numerous possible explanations also in case it's not true20:21
wpwrakone would be that he could simply be mistaken. some of the security guys are surprisingly uninformed when it comes to low-level tech. don't know if he may be in that category. the somewhat odd discovery story would point in that direction.20:22
wpwrakand yes, it could just be a hoax. or a marketing trick to get people to go to his conference. in the latter case, maybe he plans to reveal something else, something he couldn't talk about before the conference. (e.g., because he'd get a gag order in that case - such things have happened before)20:23
wpwrakof course, why would he need people to be physically present in that case ?20:24
larscor just paranoia setting in20:24
wpwrakthen, it could be that he doesn't have any proof but wants as many people as possible to look for it. e.g., because he imagines such an attack would be possible. or maybe he has some partial evidence. or maybe somebody told him such a thing exists.20:25
wpwrakmaybe he's also an NSA agent and is just trying to confuse the security community :)20:26
wpwraki'd attach a fair amount of credibility to what Clive Robinson writes. he made a number of rather candid posts on schneier's blog. and he basically seems to confirm it's possible and that similar things have already been done.20:31
wpwrakof course, even if it exists, this doesn't mean that the badbios guy found the real thing.20:32
wpwraki guess we'll have to wait until his conference :)20:32
wpwrakof course, he may commit suicide before that. depends a bit on either who he's up against, or how far he wants to take the hoax :)20:33
larscyou mena andy kaufmann style?20:35
wpwrakinteresting story :)20:41
wpwrakkinda downsized elvis20:41
--- Mon Nov 4 201300:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!