Post AYZTVlPySvdtob2UYC by lilstevie@infosec.exchange
(DIR) More posts by lilstevie@infosec.exchange
(DIR) Post #AYZRXRWTCsYgmXkaki by mjg59@nondeterministic.computer
2023-08-10T00:15:48Z
1 likes, 2 repeats
You: (implements secure boot)Me: (jams screwdriver into NAND pins, receives u-boot prompt)
(DIR) Post #AYZRowUtIUz1lqM9QW by mjg59@nondeterministic.computer
2023-08-10T00:19:31Z
2 likes, 1 repeats
I don't remember where I first read about shorting pins while u-boot is reading the kernel to force it to drop to a prompt, but I have hacked *so* many devices with that knowledge, so thank you whoever it was
(DIR) Post #AYZS9IN3gIZnP0OiQa by muvlon@hachyderm.io
2023-08-10T00:22:43Z
0 likes, 0 repeats
@mjg59 Wait, which ones exactly do I short? Help me out here, I'm not good with computers.
(DIR) Post #AYZSWvknQH2eCrlrJw by mjg59@nondeterministic.computer
2023-08-10T00:27:01Z
0 likes, 0 repeats
@muvlon For SPI, easiest is usually just shorting clock to ground
(DIR) Post #AYZSjc1I6XGOldX89g by voltagex@aus.social
2023-08-10T00:29:15Z
0 likes, 0 repeats
@mjg59 thank you.
(DIR) Post #AYZSxAkMImQWEf4z1U by Pibble@infosec.exchange
2023-08-10T00:32:05Z
0 likes, 0 repeats
@mjg59 you have just opened up an entire world of possibilities for me....
(DIR) Post #AYZT8xx3hRvu1jdwo4 by alwayscurious@infosec.exchange
2023-08-10T00:32:26Z
0 likes, 0 repeats
@mjg59 from a device maker’s perspective, is this attack possible to block?
(DIR) Post #AYZTLg1vdu2oD1yxnc by lilstevie@infosec.exchange
2023-08-10T00:33:45Z
0 likes, 0 repeats
@mjg59 @muvlon and for parallel D0 to ground
(DIR) Post #AYZTVlPySvdtob2UYC by lilstevie@infosec.exchange
2023-08-10T00:35:08Z
0 likes, 0 repeats
@mjg59 it’s a story as old as the hills, this trick was used back in the original Xbox days to force it to read the firmware from the LPC port instead of the NAND
(DIR) Post #AYZTffYN7nBiWRgrsu by catsalad@infosec.exchange
2023-08-10T00:35:35Z
0 likes, 0 repeats
@mjg59 pin2pwn techniques (and the like) are the best! https://ivision.com/blog/root-an-embedded-box-with-a-needle/
(DIR) Post #AYZTreiK4VcpOT3o36 by mjg59@nondeterministic.computer
2023-08-10T00:37:01Z
0 likes, 0 repeats
@alwayscurious Yeah have u-boot reset or hang on failure, don't drop to a prompt
(DIR) Post #AYZU2rwBFOfPahtBdg by artemist@social.mildlyfunctional.gay
2023-08-10T00:41:28Z
0 likes, 0 repeats
@mjg59 I hate doing this, the timing is such a pain. They should just give me a uboot prompt automatically and save me the trouble.
(DIR) Post #AYZaQIPba5BM5OCrB2 by mjg59@nondeterministic.computer
2023-08-10T01:55:22Z
0 likes, 0 repeats
@4censord nope
(DIR) Post #AYZcfQ9vGA3WMhD8K0 by ellenor2000@mastodon.top
2023-08-10T02:20:30Z
0 likes, 0 repeats
@mjg59 @alwayscurious rrryikes. so that'll be a quick patch
(DIR) Post #AYZrkeoXhLcsZsAJpg by wall_e@ioc.exchange
2023-08-10T05:09:39Z
0 likes, 0 repeats
@mjg59 sooo now you're that person for me :D
(DIR) Post #AYa7l9t7lTJMDaZMfo by benpye@mastodon.social
2023-08-10T08:08:10Z
0 likes, 0 repeats
@mjg59 Hah - I remember doing this years ago whilst trying to build my own u-boot for a router. I never finished, but I end up using a similar trick to get into the vendor supplied one...
(DIR) Post #AYaEe4xaO7ISaPEAwi by froztbyte@mastodon.social
2023-08-10T09:26:34Z
0 likes, 0 repeats
@mjg59 oh that's a handy trick to know, thanks for mentioning
(DIR) Post #AYaKe01RLWdMzrNLqS by danzat@mastodon.acm.org
2023-08-10T10:33:41Z
0 likes, 0 repeats
@mjg59 I think I first heard of it at a DEFCON back in 2015.
Needless to say I was just blown away.
(DIR) Post #AYaWnJYdHZTjdn6qMS by walsonde@rheinneckar.social
2023-08-10T12:49:54Z
0 likes, 0 repeats
@mjg59 I (mis)read snorting Pins at first and thought "ouch, that must hurt".