Rairii

Rairii, 11 months ago to random

hey look, an actually useful orange-site comment, about HP ink cartridge hardware hacking

"Put a resistor, about 1kohm, in the power line to the security chip on the cartridge.

Now, whenever the printer tries to read data from the chip, it works. Whenever it tries to record data to the chip (for example, marking the cartridge as empty), that uses more power, and the memory chip doesn't respond.

Amazingly, the whole setup just works and prints forever, saying the cartridges are always full... "

https://news.ycombinator.com/item?id=36104300

Rairii, 10 months ago to random

This string was found by https://wetdry.world/@w - I have confirmed its presence in the Threads APK from apkcombo, "Threads, an Instagram app_289.0.0.68.109_apkcombo.com.apk", sha256 83a1f270aa2447f4e7310072b4d3217f9af8a03b7679b7760db03ff0bbf8e432, valid signature by "C=US, ST=California, L=Menlo Park, O=Meta Platforms Inc., OU=Meta Mobile, CN=Meta Platforms Inc." (rsa-4096 + sha-256, cert expires in 2053)

at offset 0xB7AE in assets/strings/en_GB.frsc

"Soon, you'll be able to follow and interact with people on other fediverse platforms, such as Mastodon. They can also find people on Threads using full usernames, such as <b>@%1$s</b>."

cc @FediPact

Rairii, 1 year ago to infosec

I just spent a day or so figuring this out, and CVE-2022-41099 is... really stupid...

I decided to call this "push button decrypt".

basically when you boot to WinRE tied to an OS install, keys for the os volume are derived (this is done by having a sha256 hash of a wim in the bitlocker metadata)

anyway, WinRE does not require bitlocker recovery key when choosing to "reset my PC" and "remove everything".

When choosing "just remove my files", winre starts to decrypt the bitlocker volume at ~98%.

Hard resetting (hard power off / power on) here will reboot back into WinRE and show an error.

Clicking OK on the error will cause a reboot back to the OS, and starts windows setup which shows an "upgrade" screen.

...where Shift+F10 works to get a shell, you can then pause the decryption, remove all key protectors, then dump plaintext VMK, decrypt the FVEK with that, and use that FVEK to decrypt a disk image you made earlier.

This is the second time that Shift+F10 in setup to get a shell broke bitlocker.

The fix removes "reset my PC" -> "remove everything" from the list of options that are allowed to start with the osvolume unlocked and without entering a recovery key. (leaving only one in place: startup repair)

Because this is an issue with code running in winre usermode, this affects legacy integrity validation as well as secure boot integrity validation.

#infosec #CVE_2022_41099 #BitLocker

Rairii, 10 months ago to random

if i had a nickel for every anti-cheat vendor whom implemented functionality in their driver to elevate the calling usermode process to PP/PPL, i would have two nickels. which isn't a lot, but it's weird that it happened twice

kernel-mode anticheat is malware.

Rairii, 7 months ago to random

stop disrupting adfraud operations

the adtech industry was never supposed to survive

years of programmatic auctions yet no real world use found for virtualising obfuscators IN JAVASCRIPT

wanted to watch numbers go up anyway for a laugh? we had a tool for that: it was called access logs

all the biggest adtech companies themselves do ad fraud, so you can't stop it, why bother taking down the obvious chinese botnets?

Rairii, 6 months ago to random

i don't think i've ever been so happy to see INACCESSIBLE_BOOT_DEVICE

Rairii, 5 months ago to random

SYSSETUP RUNS NOW

Rairii, 1 year ago to random

Rairii, 5 months ago to random

very close now!

Rairii, 6 months ago to random

just attempted to run linux in my dolphin build

the ancient gc-linux-alpha seems to finish boot!

Rairii, 10 months ago to random

#FediBlock thedonald@sh.itjust.works

activitypub group on lemmy server, do I have to spell it out any further?

also the group's creator trump2020@sh.itjust.works

Rairii, 9 months ago to random

so a set of interesting microsoft confidential media got dumped today

including a bunch of their anti-LAMP/anti-Linux propaganda from circa 2005

iso download: https://archive.org/download/ms-evangelism-rhythms-fy06rel01/Lamp101.iso

iso browse: https://archive.org/download/ms-evangelism-rhythms-fy06rel01/Lamp101.iso/

one of the powerpoint slides actually uses the term "Micro$oft", huh.

Rairii, 1 year ago to infosec

decided to put all public bitlocker attack research I know of (including mine and others) in one place https://github.com/Wack0/bitlocker-attacks

#BitLocker #infosec

Rairii, 5 months ago to random

win32k lives!

Rairii, 5 months ago to random

usb mass storage support is working enough under emulation such that the passed-through USB flash storage can be at least accesed and sectors read(?)

unknown keyboard/mouse due to how I shoved the entire USB stack into one driver which was loaded as a mass storage driver

Rairii, 4 months ago to random

rebased kernel32, user32, ole32 to different hardcoded addresses (giving the first two 1MB of address space and the last one as much as it needs, it's over 1MB when mapped anyway)

and taskmgr comes up

winmsd still doesn't want to, though.

Rairii, 5 months ago to random

modified the registry HKLM\SYSTEM\Setup!CmdLine to get this

I had to add an extra kernel hook on dolphin to wipe the jit cache on every process switch, because the two really aren't compatible... which tanks performance even more!

and yes, the default name/org before syssetup changes it is Bill Gates.

Rairii, 4 months ago to random

still not sure how stable iossdmc.sys is; but after some refactoring and bug fixing it's stable enough to get here:

Rairii, 4 months ago to random

yet winmsd is working on real hardware!

Picture of a TV screen, showing the System tab of winmsd. The system information is unknown, other than one processor with description "Broadway"
The Memory tab of winmsd, showing 15576 KB free of 79872 KB total, 2368 KB kernel memory, and a half-used 16MB pagefile.
The environment variables tab of winmsd, showing the processor PVR: 0x87200 split up into high word PROCESSOR_LEVEL and low word PROCESSOR_REVISION; a PROCESSOR_IDENTIFIER of Broadway; and a PROCESSOR_ARCHITECTURE of PPC.

Rairii, 4 months ago to random

big social media have algorithms focusing on engagement

but i don't see people getting rings when they go viral

Rairii, 4 months ago to random

https://uefi.org/sites/default/files/resources/Evolving%20the%20Secure%20Boot%20Ecosystem_Flick%20and%20Sutherland.pdf

"some OEMs have lost their PK private keys"

"some OEMs shipped broken db-update implementations, that in some cases cause an outright brick"

why am I not surprised

Rairii, 4 months ago to random

how long will it take for eurostar to go supernova

Rairii, 3 months ago to random

lol

so after @dangoodin mentioned a certain website that tried to block right click

I noticed it was done by a wordpress plugin

long story short I noticed another wordpress plugin by the same publisher

and basically rediscovered CVE-2023-51484 lol (the paid pro version is also vuln)

Rairii, 3 months ago to random

v5 = (void ******************)*v5;

no, hex-rays, this is a singly linked list

rysiek, 3 months ago to random

existence of prime ministers implies the existence of composite ministers.

also note: prime ministers often divide.