Domain: spritesmods.com
Stories and comments across the archive that link to spritesmods.com.
Comments · 20
-
Meh, too easy.
Now this is cool: http://spritesmods.com/?art=twitter1943
Guy hacked a 1987 arcade game by coding up another Z80 "processor" on an ATMega to share bus-mastering duties with the other two already there, in order to periodically mess with the RAM for the purpose of saving/restoring high scores and tweeting. He made a board that just plugs in between the CPU and the board and gives total Ethernet-ready control. It's easily adaptable to other machines, too.
Rest of the guy's site is neat too, like his hard disk controller hack that lets you root a machine by faking the cache read for
/etc/passwd and is triggered by writing to a special file. -
Meh, too easy.
Now this is cool: http://spritesmods.com/?art=twitter1943
Guy hacked a 1987 arcade game by coding up another Z80 "processor" on an ATMega to share bus-mastering duties with the other two already there, in order to periodically mess with the RAM for the purpose of saving/restoring high scores and tweeting. He made a board that just plugs in between the CPU and the board and gives total Ethernet-ready control. It's easily adaptable to other machines, too.
Rest of the guy's site is neat too, like his hard disk controller hack that lets you root a machine by faking the cache read for
/etc/passwd and is triggered by writing to a special file. -
Re:Yes
Let's audit our system, then. First, we need to audit the CPU . . . oh, wait, do you have a tunneling electron microscope, cause I don't and we need to be sure that the actual die matches the supposed schematics. So we'll have to buy 10 CPUs from different locations, and analyse 9 of them to trust the 10th one. Yeah, the AMT is in there, but you have to get that first part of the audit done first.
Now, assuming you've gotten that far, and are willing to postpone auditing the AMT for now, it's time to audit the Z170, X99, or whatever chipset you are running. Should buy several motherboards with your desired chipset, just to be sure the motherboard companies are all using the same chips, and that they are all authentic Intel Z170, B170, X99, whatevers; you'll need the VHDL or schematics here, too.
Wow, we're finally out of the motherboard and CPU combination, that's probably taken a few years off our collective lives. Time to audit the USB chip, cause it does have interrupt access to the CPU and even with all the VHDL/Verilog/Schematics there could be one of those hidden register tricks like Kjella mentioned, so we'll need to make sure that it's behaving as it should and not feeding in bad bits. Then over to the HDs, because sprite_tm showed that you could bury some malware into the drive controller and the Equation Group software has been found in those. Wouldn't want one of those chips to go un-audited.
And we have even gotten to the sound chips, the graphics cards or, oh gods, the ethernet/wifi chips. Those bastard internet I/O chips, who knows what kinds of back doors are lodged in those. For all we know, there could be a port knock code in the Intel Gigabit Ethernet chips that causes it to log all HTTPS traffic and send it out over a side channel (do the ethernet chips still have SSL accelerators, or is that a thing of the past? It plays for hyperbole, but I'm not sure where in the hardware the HTTPS decoding gets done anymore).
Seriously, have you audited any of the parts of your computer? Have you read reports from anyone else who has done any auditing? Or is this just a plea for karma? Because you don't sound informative, you sound uninformed. Every chip in your system has to be trusted, and I doubt you have attempted to audit any of them or any of the software or firmware involved either. Even with the code in hand, the long process of determining "which compiler and flags were used to build the TrueCrypt software for windows" experiment a few years ago would show you how you could have all the parts available and still have a hard time proving that the device or software you have came through a trusted source (they did eventually find the flags that built TrueCrypt and the version of MSVC used, but it took a while). That assumes that, for software, the compiler you and your provider use is not backdoored itself. Thompson's "Reflections On Trusting Trust" shows that even if you have the compiler source code, and the code for the project you want to build, and the compiler bootstrap executable, you still can't be sure that it's all "audited safe and clear".
So, there you have it. Yes, you have to trust, because it is literally outside yours, or mine, or damn near anyones to audit every system configuration out there to ensure that everyone and every device is safe. You don't trust Intel, fine. You shouldn't trust AMD, either, for the same reason. And you probably shouldn't trust SlashdotMedia, so until you can audit all of the possible data that you might get sent from the web, you might just want to disconnect from the internet. You know, to be safe from that "potential danger".
-
Re:how ?
You can't, but you can be quite sure that the manufacturer will take serious measures to make sure this doesn't happen.
You'd think, but it turns out that isn't so. Have a look at https://spritesmods.com/?art=h... where Jeroen Domburg hacked into a WD 2TB Green drive using the JTAG port. He was able to modify the firmware and store it in the external flash chip holding the firmware.
Drive manufacturers still seem to be relying on "security by obscurity"
-
Re:How much CPU power & storage in HDD control
Have a read of this: http://spritesmods.com/?art=hd...
There is a decent chunk of compute power in the controllers.
-
How it's done: Link to SpritesMods.com article.
Jumping to page 3 of the article in SpritesMods.com: Parts on the [hard disk] PCB: "My target was to try and compromise the security of a system by using hard disk firmware mods."
-
Re:and this is news why?
I would love to see malware that will reprogram a mask-programmed blob in a common throwaway hardware. Or a microcontroller in a webcam that doesn't even have the programming pins (typically some sort of ISP or JTAG) connected to anything USB accessible (or not even connected at all, at best to some test pads).
A typical USB stick or a webcam don't have hardware to permit firmware upgrades, even though the silicon inside could be theoretically upgradable. Not to mention that the exploit would have to be written specifically for the target hardware - different processors, memory layout, USB interface, etc - all that would make it really hard to produce a generic malware. If you want to see what is involved in something like that, look at the article on hacking HDD controllers:
http://spritesmods.com/?art=hd... And that is a harddrive, which are produced by only few manufacturers, have relatively standardized interfaces and controllers. Now imagine having to do that sort of reverse engineering on every type of harddrive in common use if you wanted to write a reasonably effective malware (e.g. a data stealing worm). It is much easier to exploit some Windows bug or use a phishing scam than this.So yes, this is potentially a threat, but panicking over your USB sticks or webcams going rogue on you is vastly overblown. This could be an issue for a very targeted attack where the benefits of compromising e.g. a keyboard of a high value target will outweigh the effort required, but not really anything else. And that assumes that the keyboard is actually able to be updated! It would be probably simpler to just send an operative in and install e.g. a keylogger
...Oh and they mention the "BadBios" story
... Nobody was ever able to confirm that apart from the original very confused researcher. -
Re:Jump The Shark
and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ability to actually do a write to every sector to achieve this goal is somewhat questionable
Every IDE drive made since the 90s has a multicore processor on it that is already more powerful than most hobbiest computers sold as actual computers just the decade before.
The translation between an address on disk to read or store a byte has not matched a static physical location since MFM drives, which most people these days have never seen or heard of.
Some brilliant hackers are only just recently reverse engineering these controllers, learning to run code directly on them.
This guy even has a Linux kernel running on a 2tb Western Digital HD controller chip, and reprogrammed it to silently watch for a certain string to be written by the PC and then return additional data.
His idea was to create a program that could be triggered remotely by getting said string to be written to disk, say by utilizing a webserver log file which puts even invalid requests into an error log.
That drive has a 150mhz 3 core ARM processor, which has a 32 bit memory map, direct access to the sata bus and direct access to the raw storage.
By pausing the HD CPU, memory locations can be changed and the currently running program modified, then the CPU can be unpaused and the code continues to run.Basically anything you can do from the sATA interface is pretty garenteed not to be able to touch or even be aware of specific locations on the platters where data is stored.
-
Re:Dell
Someone has actually done this: http://spritesmods.com/?art=hddhack The article describes (in great detail) how the author modified the firmware of a harddrive to monitor for certain data, which essentially works as a key. Once it receives that key, it starts to do nasty stuff.
-
Re:No.
Firmware attacks can be sophisticated indeed: http://spritesmods.com/?art=hddhack&page=1
-
On Slashdot's Maker-ness
He also sees Slashdot as instrumental in helping start the Maker subculture. Do you agree?
The software side, maybe. Slashdot leaves much to be desired on the hardware side of the necessary skills in engaging in the Maker subculture.
If so, should influencing the future of technology be Slashdot's main mission?
Regardless of my prior answer: yes, please yes, oh for the love all things noodly yes.
Also: If so, how do you suggest we do it?
Well, I know that this is popular in the comments but probably not so popular with the new Dice overlords but I will be frank for the betterment of Slashdot. Slashdot BI is bad. The people that write for it aren't bad but the material they are told to cover is bad. It represents a lot of things that are wrong with technical journalism today: buzzwords, lists, how-tos that tell you how to do nothing, focus pieces on companies and the worst part about it all is that it's largely positive "news." I suggest that you swap this out and you go here and you ask yourself why it doesn't look more like this, this or even this.
Tell me, you have this formatted page for Business Intelligence with subdirectories and paid authors and all sorts of stuff. Where, oh where, is the equivalent for Makers? What, the exposition pieces you do for Amazon's latest cloud launch bring you more revenue than a how-to on hacking USB I/O with the Raspberry Pi? Well, if that's the truth, that's the truth!
Why is it that story submission has special entry fields for book reviews but not for Make projects? You get my book reviews because you have made a space for them. I feel like there is no space for Maker stuff on Slashdot and, most importantly, there is no space for non-news maker stuff. Your commitment so far is to hit the big things and that's very cool but the Maker subculture isn't only about high value targets. It's also about the small projects and replicating projects you find all over the place like here.
Let's face it: if somebody does a learning project and uploads a video to YouTube that shows how to integrate a very specific Arduino board with a very specific LED board and puts up some ugly source code on github, it's not going to make Slashdot's front page. And most of the comments will be "I could do better" and "congratulations, you're doing what I did in fifth grade." However these are some of the resources that get Makers started and drive the community. There's tons of not-news-worthy stuff going on in the background and right now the Slashdot front page isn't the place for this nor does there even exist a subpage for it.
Slashdot is only interested in hunting elephants and bringing one in once every six months while there are Makers trying to learn how to cultivate soy beans. You could try having a subpage like BI where people can grow ideas and share tutorials no matter how inane and besotted with errors they are. But that stuff will probably have to stay off the frontpage.And more specifically, do you know any other non-famous Slashdot readers (or people in general) we should talk to because they are doing interesting things?
Why not reach out to the other pages I linked? They're doing it right but they lack the readership. You have the readership but lack the Maker diversity. Surely there could be some value shared there?
-
Actually not a touch_screen_ as such...
The device can detect the _way_ tou touch it (one finger, complete hand,
...) but not _where_ you touch it, so it's not a touchscreen per se, more of a more-intelligent touch switch. I admire the way they made it from fairly simple components: I built my own prototype working in the same fashion in about one evening after reading their docs: http://spritesmods.com/?art=engarde -
Re:Really ?
Yah, sprite of spritesmods did it better with a linear sensor from a scanner and a couple LEDs. You probably saw it and ripped him off.
-
Macintosh SE/Arm
I thought this one was quite brilliant: the Macintosh SE/Arm.
-
Re:Cost
Funny, many optical mouses can be trivially hacked into a infrared greyscale camera because it has a CMOS sensor grid in it that can be read by serial port.
It was on slashdot just last year. Story link is dead, see http://spritesmods.com/?art=mouseeye
-
Re:Something more simple
Maybe you can use a project I published recently: http://spritesmods.com/?art=minimalism
-
Re:too little, too much
Or you could just get one of those LCD picture keychains that has something like a 65c02 with a usb interface. 1 or 2 inch graphic lcd that does 20-30 frames per second.
And you can get them for under $30. Some as low as $15.
http://spritesmods.com/?art=picframe&page=3&showall=true
Although last time I checked the software was linux only.
-
Re:Well, they're technically correct, of course...
Obscurity doesn't work best Like you said, it's really a horrid way of trying to secure XYZ. I think security through obscurity works the same way as leaving one door in your house unlocked at all times, but not telling anyone you do, or having any visitors. That doesn't make your house more secure than a home that locks up, has bars on the windows, and lets plenty of people visit and publish pictures on the internet. *mutters things about morons in power*
-
Re:Useless
I fail to see how these would be bad.
http://www.spritesmods.com/?art=biostick/
Cracked almost as fast as the previous one which got posted here on /.As usual, the market would determine how much it's worth.
The target audience are all complete laymen who believe in any notion of "secure" with enough PR and handwaving. The market doesn't have a clue and there's no standard. -
Obviously, his printer was rendered unusable...
This is a really cool idea, and, as a computer engineer, I see the geek-cred the author earned in creating it...
But, obviously, this was his only printer, as evidenced by the poorly-drawn pencil sketch circuit diagram, this must have been his only printer!
All in the name science... or at least, all in the name screwing around with science! ^_^