Darkarnium

@Darkarnium

Mostly security and the cloudy clouds with occasional metal and beer ramblings for good measure. Views and opinions are my own.

United Kingdom
Vrijeme pridruživanja: srpanj 2010.

Tweetovi

Blokirali ste korisnika/cu @Darkarnium

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Darkarnium

  1. Prikvačeni tweet
    18. srp 2017.

    Note to self: No tweets before coffee.

    Poništi
  2. prije 37 minuta

    Retweet for those in North America, and the those up early in Oz :)

    Poništi
  3. prije 4 sata

    This is to say: Groups or individuals who become unofficial points of escalation for 'ghost in the machine' type issues. Similar to what occurred previously in organisations where network, compute, or build teams were ticketed for issues loosely related to their discipline.

    Prikaži ovu nit
    Poništi
  4. prije 4 sata

    👋 DevOps and DevOps adjacent folks! A quick question for those of you who work in, or with, teams who practice end-to-end ownership (where there is no SRE function, nor a standard 'platform'): Have you observed the organic growth of 'linchpin' teams?

    Prikaži ovu nit
    Poništi
  5. 2. velj

    "This morning I'll just reset and root an old test handset so I can patch out the SSL pinning in the Sonos Android Controller..."

    Poništi
  6. 1. velj

    Here's the code. It's janky, but it works. I'll add to the Sonor repository with the next push :)

    Prikaži ovu nit
    Poništi
  7. 1. velj

    I spent way too much time manually annotating the Kernel dumped from this Sonos device. This morning I realised I could just dump kallsyms from the target and automatically mark all procedures - including setting their names - with about 60 lines of Python. I am not a smart man.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    the future of users not having control of their own systems is a cure worse than the disease

    Poništi
  9. 24. sij

    A big thanks to and co for their amazing work in putting on , it was a brilliant event. It was also great to meet a few of y'all there :)

    Poništi
  10. 15. sij

    Y'all should go and work with Phil, he's a good dude!

    Poništi
  11. 15. sij

    For clarification: The software itself is far from a nightmare, Sonos have done an incredible job here. In addition, none of the issues with U-Boot have a network vector, nor do they work on a patched up-to-date retail unit. Just FYI. I'm not going to drop 0days on Twitter :')

    Poništi
  12. proslijedio/la je Tweet
    13. sij

    <looks askance at security training programs>

    Poništi
  13. 12. sij

    I've basically been a recluse as far as conferences go for the last year. So this year I'll try and do the opposite, starting with this month. I just managed to nab a ticket for BSides Leeds in a couple of weeks, so I suppose I'll see a few of y'all there :)

    Poništi
  14. proslijedio/la je Tweet
    10. sij

    Now that Twitter has changed how it handles uploaded images, this unexpected behavior is perhaps more important now than before. Your challenge: Tell me what I've redacted from this image. (Anybody I've talked to about this so far is ineligible to play) It can be done w/o tools.

    Prikaži ovu nit
    Poništi
  15. 11. sij

    An example of the process has been included in the Sonor GitHub repository. However, these should be considered 'scratch' notes at best right now...

    Prikaži ovu nit
    Poništi
  16. 11. sij

    Sonos Fun - Day 10: Gotcha! A shell in Linux land required unpacking the initramfs, modifying init, and repackaging. All sizes had to be kept identical due to the initramfs being embedded in the FIT. This is all despite code execution in the boot loader... What a nightmare.

    Prikaži ovu nit
    Poništi
  17. 11. sij

    Why is this interesting? Well, after hot-patching U-Boot we now have the ability to load from arbitrary memory locations. As a result, we can just SKIP the 'Sox' header and the 364-Byte signature, and boot the FIT image directly without any validation :D (2/2)

    Prikaži ovu nit
    Poništi
  18. 11. sij

    It appears that Sonos may have created their own image format (Sox) which encapsulates a FIT image, and a signature. This gets verified by their custom loader ('sonosboot') before the image is loaded. This MAY be to prevent tampering, as FIT has its own checksum mechanisms (1/2)

    Prikaži ovu nit
    Poništi
  19. 10. sij

    An additional hot-patch is required in U-Boot, as it looks like Sonos have patched setenv to disallow specification of bootargs - with the following message :')

    Prikaži ovu nit
    Poništi
  20. 10. sij

    Sonos Fun - Day 9: After dumping the Kernel a few days ago I've managed to get U-Boot to load it via TFTP. This allows for specification of the kernel command line without hot-patching U-Boot - which is slow. It also paves the way to boot a modified Kernel image ;)

    Prikaži ovu nit
    Poništi
  21. 8. sij

    Sonos Fun - Day 8: Dumped the MDP from U-Boot - including the LUKS keys for the MMC... buuut the keys are ALSO encrypted. Decryption appears to be AES-GCM performed in the trusted world. Could it be? Hardware trust anchors in a consumer grade IoT device? WHAT IS THIS SOURCERY!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·