You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Seriously, now I want to buy a camera, smash the chip, and crack their firmware so it doesn't have the check. As far as I know there is no secureboot involved, so it should be trivial. This Is Just Inexplicably Dumb.https://twitter.com/marcan42/status/1088472549715918848 …
HMAC-SHA256 key for the secret authentication chip: a9ec1b1359251fdb4d06efb95dc19ebcfb39e72e08253e5ab2d603de5800f500 XORing every byte with the previous one, top notch obfuscation there rPi Foundation. sub_EC8ABBC on the latest start_db.elf.pic.twitter.com/YkwZjFbjgY
Correction: the key is 0d48bfb7fd81bb7fe9a24b1df9653a185f9d438aac819afe1672a77afca451a4. Went down the wrong codepath for the first key (there was an extra xor). I checked and this one computes the same results as the real Camera Module V2 from public I²C traces.
Here's a Python script for validation:https://gist.github.com/marcan/6dde73a9a0c917cd4fc9784a0a73efe3 …
Thanks to @DrYerzinia for the I²C trace. I assume you're interested in that key :-)
I see you thought exactly the same as I did when you read HMAC chip :P
They must of read a paper on 90s obfuscation design..
There are Apple 2 games with much better protection than that.
*applause*
Barely-entry-level-reverse-engineer here, what disassembler is that? IDA?
Lol you rock man
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
