Forum logs for 08 Jun 2018
spyked: | re. nsa laptop thread: olimex ppl (huh, it seems I keep mentioning these folks) have a "diy laptop kit" whose specs are very similar to the c101pa (for comparison: http://archive.is/4cp8W vs. https://www.olimex.com/Products/DIY-Laptop/KITS/TERES-A64-WHITE/open-source-hardware , the latter doesn't seem to archive for some reason). it's a candidate for my (by now long) hw-to-buy list, the "open sores diy" aspect is otoh the biggest | [09:09] |
spyked: | selling point. | [09:09] |
asciilifeform: | spyked: it's utter rubbish | [09:19] |
asciilifeform: | blobulent slow arm, non-ips lcd, shitplastic case, toystore keyboard | [09:19] |
asciilifeform: | don't encourage the 'i can peddle liquishit parts that would've been spat on in china street markets decade ago , if i stamp Open on the box!' hucksters. | [09:24] |
spyked: | asciilifeform, could please expand re. "blobulent arm"? it's allwinner a53 afaik? I have no comments re. all other points other than: judging from what I hear, only alternative seems "bake own case/kbd/other parts or reuse ones from x60/whatever". | [09:30] |
asciilifeform: | spyked: i could be wrong re the blobs, but iirc there is no fully open loader for a53 | [09:35] |
asciilifeform: | i was actually in line to buy the box myself, for something like a year, turn finally came but by that time i got to see the photos / reviews | [09:36] |
asciilifeform: | spyked: reusing parts from existing lappy is possible, tho tricky, you would have to reverse engineer the kbd matrix, buy its weirdo connector somewhere , make kbd scan controller, etc. | [09:37] |
mircea_popescu: | well, don't encourage the "ima make really strong damning statements without my notes" stuff either. | [09:38] |
asciilifeform: | i sat down to do this some yrs ago, then decided that life is too short | [09:38] |
mircea_popescu: | this what ? keep track of why you rejected $item ?! | [09:39] |
asciilifeform: | mircea_popescu: i can't properly damn it, not having suffered with it with own skin | [09:39] |
asciilifeform: | no | [09:39] |
mircea_popescu: | yes, but you still had some sort of thought process. | [09:39] |
asciilifeform: | keyboard-reuse | [09:39] |
mircea_popescu: | oh | [09:39] |
asciilifeform: | re upstack -- i do not currently have an 'allwinner', cannot comment re its uboot definitively. | [09:41] |
mircea_popescu: | so "it's utter rubbish" / "i suspect the os dyi may be sprinkling of holy water, but never checked this. let me know if you establish one way or the other" ? | [09:42] |
asciilifeform: | the physical chassis is the very solidly rubbish part | [09:43] |
mircea_popescu: | ah. right. cp is metal isn't it. | [09:44] |
asciilifeform: | yea | [09:44] |
asciilifeform: | all aluminum ( but the hinge cover, where antenna lives ) | [09:44] |
asciilifeform: | and better kbd than $3k crapple ( tho similar to decade ago crapple ) | [09:45] |
mircea_popescu: | i honestly dunno what diff it makes for what's intended as a cheap throwaway anyway | [09:45] |
asciilifeform: | kinda costly for throwaway | [09:45] |
mircea_popescu: | kbd... well... yeah. though i loathe laptop kbds equally anyway. nonstandard shape | [09:45] |
asciilifeform: | yea there is not and afaik has never been such a thing as a truly pleasant laptop kbd | [09:46] |
mircea_popescu: | cuz they insist on making them unwide. | [09:46] |
asciilifeform: | i have one with full width and numpad. believe or not | [09:46] |
asciilifeform: | still sucks | [09:46] |
mircea_popescu: | why the fuck they imagine ~this~ is engineering problem to solve is anyone's guess. but the laptop kbds they produce are reminiscent of lens-shaped dildos. WHY WOULD YOU | [09:46] |
mircea_popescu: | "oh, it's ERGONOMIC". no it isn't. | [09:47] |
mircea_popescu: | it's inhumane. | [09:47] |
mircea_popescu: | "but mp, who are you to define humanity" shut it. i said, shut it. | [09:47] |
mircea_popescu: | asciilifeform, really ? which is this one ? | [09:47] |
asciilifeform: | stinkpad w540 | [09:48] |
asciilifeform: | ( massive tank of a box, 32G, 8core thing, multiple drive slots, kg power brick, etc . but still sad and shallow, vs x60, not even speaking of troo desktop, kbd ) | [09:49] |
asciilifeform: | but -- has width... numpad, arrows. | [09:50] |
mircea_popescu: | asciilifeform, 340.5mm. not even close. | [09:51] |
asciilifeform: | i did most of the early trb on that thing | [09:51] |
mircea_popescu: | good for you but my hands are made for slapping bitches in place. 450mm plox ty. | [09:52] |
asciilifeform: | there's a 450mm lappy? | [09:54] |
mircea_popescu: | this is what i'm saying. | [09:54] |
mircea_popescu: | keyboard is the size it is. laptop builds around that, the size of the keyboard is not an open engineering problem. | [09:54] |
asciilifeform: | hell, i'd buy a lappy with a spring kbd. but can only dream of this. | [09:54] |
mircea_popescu: | yeah, we've not even got to the extra annoying extra short travel distance. | [09:55] |
asciilifeform: | and it keeps shrinking | [09:56] |
asciilifeform: | recent boxen feel just about like banging fingers on table | [09:56] |
asciilifeform: | with, of course, the grim end of the line, being the glass pseudokbd | [09:57] |
mircea_popescu: | in the immortal words of brick pollitt, "that will come too." | [09:57] |
asciilifeform: | already came, in pnojeism | [09:58] |
asciilifeform: | far upstack, re the 'cr50' thread -- asciilifeform woke up today and realized that we can simply cut #wp track on spi rom ( naturally after filling it with e.g. uboot ) | [10:00] |
mircea_popescu: | right. | [10:02] |
asciilifeform: | in other noose, i found the vendor binary for my particular box's cr50 (all ver strings match) : https://gsdview.appspot.com/chromeos-localmirror/distfiles/cr50.r0.0.10.w0.3.0.tbz2 | [10:50] |
asciilifeform: | this is useful because there is not, apparently, any means for getting a locked h1 to disgorge its fw | [10:50] |
asciilifeform: | ( 0.3.0/cr50_v1.9308_25_B.45-d65d216 ) | [10:51] |
asciilifeform: | the arch is, apparently, 'arm cortex m' | [11:01] |
asciilifeform: | https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/ << support crapola for the chip, apparently. | [11:05] |
asciilifeform: | more interestingly, https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/loader/verify.c << there ~is~ an rsa key embedded, apparently one variant for fw update | [11:07] |
mircea_popescu: | ha-HA! | [11:08] |
mod6: | oh hey! | [11:25] |
deedbot: | http://qntra.net/2018/06/big-botnet-of-small-routers-gets-bigger/ << Qntra - Big Botnet Of Small Routers Gets Bigger | [11:57] |
BingoBoingo: | Watching this laptop get molested in channel in near real time is a complete joy. | [11:58] |
asciilifeform: | https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/rdd.c#20 << as i suspected, thing drives the receiving end of the debug snake ( the http://www.loper-os.org/?p=2415 item ) | [12:14] |
asciilifeform: | https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/config_chip.h#139 << implies that google does not actually hold all of the privkeys | [12:17] |
mircea_popescu: | heh | [12:38] |
BingoBoingo: | lol | [12:40] |
mircea_popescu: | anyway basically old lizzards hold exact same pov as tmsr, keeping rsa keys and letting the bumbling kiddies play about with the ecc. | [12:43] |
asciilifeform: | just like we found with the amd fritz | [12:58] |
mircea_popescu: | quite. | [13:03] |
mircea_popescu: | (ftr, i am not proposing this agreement as some kind of proof.) | [13:03] |
phf: | http://trilema.com/forum-logs-for-08-jun-2018#2446244 << they could also bring back 701c butterfly keyboard design, but i guess that's too gimicky. | [13:08] |
a111: | Logged on 2018-06-08 13:48 asciilifeform: stinkpad w540 | [13:08] |
phf: | i used to get comments about ibook in the early 2000s, like old boomer types asking me about y2k or whatever. get the same reaction with x60 now, some guy on amtrak wanted to talk about bitcoin | [13:10] |
BingoBoingo: | The age of my laptop shocks Latinos and Latinas universally. | [13:11] |
phf: | oh those are a special category. my iranians also get distressed because i use old hardware. | [13:14] |
asciilifeform: | i was able to flash in the https://gsdview.appspot.com/chromeos-localmirror/distfiles/cr50.r0.0.10.w0.3.4.tbz2 image it supports a few moar commands, including 'rma open' returned-to-factory unlocker thing. but result was , unsurprisingly, 'with notes from hitler only' : http://www.loper-os.org/pub/c101pa/c101pa_unlock_nodice.txt | [13:15] |
asciilifeform: | the vendor's 'we'll unlock' pg (to be fair, mentioned in no docs anywhere, only in the python proggy in the src repo) is only a taunt. | [13:16] |
asciilifeform: | turns out also that this is the only routine that uses ecc crypto | [13:17] |
asciilifeform: | ( what can be flashed in : it gotta pass the rsa sig plus it gotta match the board id plus the version must be above the previous ) | [13:18] |
asciilifeform: | so throwing in, e.g., old devkey-carryng versions, dunwork. | [13:19] |
phf: | ah, so it's a "we'll unlock but not for you" | [13:20] |
asciilifeform: | aaaha | [13:20] |
asciilifeform: | for hitler, happily unlocks. | [13:20] |
asciilifeform: | it's a deedbot-style challenge/response thing | [13:22] |
asciilifeform: | https://chromium.googlesource.com/chromiumos/platform/ec/+/master/common/rma_auth.c#176 << mechanism, for the curious. | [13:24] |
asciilifeform: | https://chromium.googlesource.com/chromiumos/platform/ec/+/master/common/rma_auth.c#254 << the magic moment where answer is checked. | [13:25] |
phf: | heh they are also using gentoo for their stuff.. https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/master/chromeos-base/chromeos-cr50-scripts/ | [13:29] |
asciilifeform: | phf: all of google's linux-like crapola stack is gentoo-based | [13:29] |
asciilifeform: | they plagiarized it long, long ago | [13:29] |
asciilifeform: | ( complete with own ebuilds, etc ) | [13:29] |
asciilifeform: | phf: if you are able to build the usb snake -- lemme know which cr50 turd ver is in your box | [13:30] |
asciilifeform: | http://btcbase.org/log/2018-06-08#1821694 << i actually had that box. the mechanism is clever but i suspect that it wears out ( my unit, to be fair, did not last long enuff for the kbd clockwork to wear out, mobo died 1st ) | [13:33] |
a111: | Logged on 2018-06-08 17:08 phf: http://trilema.com/forum-logs-for-08-jun-2018#2446244 << they could also bring back 701c butterfly keyboard design, but i guess that's too gimicky. | [13:33] |
douchebag: | hello | [14:20] |
BingoBoingo: | Run moar Intel "descriptor region": https://archive.is/XFaFu | [14:23] |
asciilifeform: | how the fuck is this a vuln tho | [14:31] |
asciilifeform: | 'ohnoez, user can flash his fw!' | [14:31] |
asciilifeform: | 'did not securely authenticate firmware updates' | [14:31] |
asciilifeform: | ohnoez, not tivoized properly!11 | [14:32] |
BingoBoingo: | 4srs | [14:36] |
BingoBoingo: | The vulnerability is "person physically in control of machine can fuck it as he likes" | [14:43] |
deedbot: | http://qntra.net/2018/06/security-researcher-continuing-to-receive-new-usg-charges-for-authoring-popular-code/ << Qntra - Security Researcher Continuing To Receive New USG Charges For Authoring Popular Code | [14:50] |
mircea_popescu: | https://www.google.com/chromeos/partner/console/cr50reset?challenge=ABXFGCMDADUJFPQ7J8MQUUSTGXGTRTVJ6Z548PWC8AGMGT2QJ4BT3TW4HJVU4XLPASB4GE78RSBKYEHC&hwid=BOB <<< ahahaha roflmao. | [15:10] |
asciilifeform: | reminiscent of old-time gsm carriers and their crippled handsets | [15:10] |
mircea_popescu: | mhm | [15:13] |
mircea_popescu: | looks like made by the exact same people, actually. | [15:13] |
asciilifeform: | https://archive.li/ZtbxL << clue re origin of 'h1'. seems like they took a 'metallization mask' fpga, a la early asicminer crapola, and run licensed cortex-m3 core . | [15:14] |
mircea_popescu: | http://btcbase.org/log/2018-06-08#1821721 << yup. you realise that as far as the imbeciles are concerned, once we break their laptop "security" it'll have been "terrorism" and "hacking" bla bla. | [15:15] |
a111: | Logged on 2018-06-08 18:31 asciilifeform: 'did not securely authenticate firmware updates' | [15:15] |
asciilifeform: | btw the #linux-rockchip d00d is definitely caught nao in telling a fib : 1) yes there is not one, but two magic keys (1 for flash updates, other for factory unlocker routine) and yes all deployed units can be popped via either | [15:16] |
mircea_popescu: | right. | [15:17] |
asciilifeform: | and that's just the visible crapola. | [15:17] |
asciilifeform: | https://archive.li/Mzar8 << when it was in spam pr stage of life cycle. | [15:32] |
asciilifeform: | ( at first, unabashed usgology then rebranded, disguised , as it was rolled out to production boards ) | [15:33] |
mircea_popescu: | asciilifeform, isn't this fun tho | [15:33] |
asciilifeform: | will be moar fun when it pops. | [15:34] |
mircea_popescu: | "nation states". they can just say tmsr, why all the pretense. | [15:34] |
asciilifeform: | 'nobus'(tm)(r) | [15:34] |
mircea_popescu: | meanwhile in contemporary etchings, https://78.media.tumblr.com/23e95b3188bc8b6198f810eab81e9572/tumblr_msz4naJTeh1snc50fo1_1280.jpg | [15:39] |
Category: Logs