Pinned post

Boosting me is illegal in the US under 18 U.S. Code § 2385

should just spit back a 400 Bad Request with "Please identify yourself with a custom user-agent" as body

Show thread

I should block all default library UAs on everything I run, tbh

Dusty :blahaj: boosted

the Olivetti computer has one of those fancy graphical bios, and the mouse cursor has a tail

Dusty :blahaj: boosted

(please boost to send this supposed "secret" across the fediverse) long, code. <=rpi3 codec licensing algorithm. replace the trigraphs (change ??= to # ) if your compiler doesn't like them. 

// #RaspberryPi codec licensing serial algo (<=RPi3)
// shoutouts to fabien perigaud/synacktiv. your beerump 2017 presentation slides started me on this journey.
// (sure you redacted the fun stuff, I just rediscovered it myself)
// also shoutouts to everyone involved in BCM2708 reversing!
// greetings to elites, fuckings to lamers (second category includes broadcom and rpi foundation)

??=include <stdint.h>
??=include <stdio.h>

typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;

u8 vce_data[] = {
0x54, 0x6f, 0x76, 0x6b, 0x94, 0xce, 0x1a, 0x57, 0x56, 0x51, 0x0c, 0xb2, 0x72, 0xc9, 0xc3, 0x12,
0x13, 0xbc, 0xe8, 0xd2, 0x5b, 0xa3, 0x2d, 0x2a, 0x5a, 0x62, 0x4d, 0xeb, 0x16, 0x40, 0x05, 0x87,
0xe0, 0x98, 0x39, 0xf7, 0xac, 0xc6, 0xab, 0x7c, 0xe9, 0xfb, 0x07, 0xaa, 0x29, 0xcd, 0x1d, 0x9b,
0xf6, 0x0e, 0x01, 0xbb, 0x5c, 0xfc, 0x15, 0xae, 0xd9, 0xfa, 0x9c, 0xef, 0xf1, 0x75, 0x8e, 0x70,
0x46, 0x8b, 0xb0, 0x89, 0x50, 0xaf, 0x6e, 0x67, 0x18, 0xda, 0xee, 0xd4, 0x32, 0xbe, 0x4e, 0x58,
0x5d, 0x1f, 0x4b, 0x73, 0x88, 0xc0, 0x79, 0x02, 0xde, 0x47, 0xa0, 0x43, 0x9a, 0xdb, 0xc8, 0x35,
0x95, 0x3c, 0xcc, 0x8d, 0x64, 0x2f, 0x14, 0x68, 0x00, 0x71, 0x03, 0xb9, 0xed, 0x0b, 0xf3, 0x24,
0x60, 0xb1, 0x17, 0x63, 0xdf, 0x48, 0x41, 0xa4, 0x28, 0x5e, 0x2b, 0xd8, 0xb4, 0x90, 0xba, 0x83,
0xe4, 0x08, 0xd0, 0xe2, 0xb8, 0x6a, 0x10, 0x74, 0x9f, 0x7b, 0x19, 0x38, 0x8f, 0x91, 0xd6, 0xa8,
0x27, 0x06, 0x30, 0x33, 0x61, 0x34, 0x25, 0x21, 0x53, 0xc7, 0x66, 0x23, 0xff, 0xc5, 0x80, 0x85,
0xf4, 0xd7, 0x97, 0x99, 0x55, 0xf2, 0x8c, 0x04, 0x6c, 0x4f, 0xa1, 0x36, 0x20, 0x0a, 0xe1, 0x44,
0x59, 0xcf, 0x7d, 0xb6, 0xf9, 0x0f, 0x6d, 0x11, 0x78, 0x93, 0xe5, 0x3f, 0xf0, 0x9e, 0x84, 0xd3,
0x7e, 0xbd, 0xd1, 0xf5, 0xa5, 0x81, 0x22, 0x37, 0xf8, 0x52, 0xe3, 0x5f, 0xa9, 0xca, 0xfd, 0x42,
0x7f, 0x09, 0xa2, 0x9d, 0x8a, 0xb7, 0x4a, 0xe6, 0xa6, 0x77, 0x3d, 0x1c, 0x2e, 0xcb, 0x1b, 0x69,
0xb3, 0x1e, 0xc1, 0x7a, 0x82, 0xdd, 0x2c, 0xdc, 0x49, 0xea, 0x3a, 0xe7, 0x31, 0x4c, 0xad, 0xbf,
0x0d, 0xc2, 0xc4, 0x96, 0x65, 0x26, 0xfe, 0x92, 0x86, 0x3b, 0x3e, 0xec, 0xd5, 0xb5, 0xa7, 0x45
};

??=define INLINE static inline __attribute__ ((optimize (3))) __attribute__((always_inline))

INLINE u32 GET(u32 var, u8 bits) {
return vce_data[(var >> bits) & 0xff] << bits;
}

// should probably use bitwise OR, but this is what the vce code does
INLINE u32 GET32(u32 var) {
return GET(var,24) ^ GET(var,16) ^ GET(var,8) ^ GET(var,0);
}

// vce has no rotate instructions, so it does it the long way as in C
INLINE u32 ROR(u32 var, u32 right) {
return (var >> right) ^ (var << (32 - right));
}

u32 codec_license_hash(u32 board_serial /* r1 */,u32 codec /* r2 */) {

??=define CODEC_XOR_BOARD_ROR(bits) codec ^= ROR(board_serial,bits)
??=define BOARD_XOR_CODEC_ROR(bits) board_serial ^= ROR(codec,bits)

for (u32 i = 0; i < 17; i++) {
CODEC_XOR_BOARD_ROR(1);
BOARD_XOR_CODEC_ROR(6);
CODEC_XOR_BOARD_ROR(13);
BOARD_XOR_CODEC_ROR(17);
CODEC_XOR_BOARD_ROR(21);
BOARD_XOR_CODEC_ROR(29);

board_serial = GET32(board_serial);
codec = GET32(codec);
}

??=undef CODEC_XOR_SHIFTS_BOARD
??=undef BOARD_XOR_SHIFTS_CODEC

return codec;
}

// This board serial taken from hxxps://web.archive.org/web/20221208160705/forums.raspberrypi.com/viewtopic.php?t=38901
// The person who owns the SoC with this serial burned in fuses did a nice thing and provided their own WVC1 + MPG2 keys, we can use that to verify this implementation is correct:
// decode_MPG2=0x6fd66307
// decode_WVC1=0x01a512b0
??=define BOARD_SERIAL 0x9d3e8cb1

void main() {
printf("??= VC1 key\ndecode_WVC1=0x%08x\n\n", codec_license_hash(BOARD_SERIAL, 0xf00bad34 ^ 0x57564331 /* 'WVC1' */));
printf("??= MPEG-2 key\ndecode_MPG2=0x%08x\n\n", codec_license_hash(BOARD_SERIAL, 0xf00bad34 ^ 0x4D504732 /* 'MPG2 */));
printf("??= Super-secret key ;)\n??=\n"
"??= start.elf, before booting ARM, reads bootsig key from efuses, then compares against 1/2 of 5 hardcoded keys.\n"
"??= If not equal, then this key is checked, if not correct then infinite loop + LED flash\n"
"??= (same as if 3rdsig -- ARM kernel binary HMAC signature -- verification fails)\n"
"??= As to *why* this is done, I have no idea. Bootsig key is also 128-bit HMAC key and this reduces the available\n"
"??= possible entropy for unique bootsig key (necessary for boot-time security I would think!) down to either\n"
"??= 51, 52, or 77 bits depending on what key was burned into your Pi's efuses...\n"
"decode_0001=0x%08x\n\n", codec_license_hash(BOARD_SERIAL, 0xf00bad34 ^ 0x30303031 /* '0001' */));
}

Show thread
Dusty :blahaj: boosted

BREAKING: New studies indicate that the concepts of "alpha" and "beta" software are outdated myths based on observations of software performance in captivity, and does not reflect actual stability in production.

ph - 

may have covid

tests negative so far, but i've been sitting next to my sister, who ended up being mostly asymptomatic - she took a test because she had an unexplained headache (she do be like that) and it turned out positive

cheap computer challenge 2022 chronicles 

RAM is here, still doesn't boot and doesn't react to trying to trigger boot block recovery.

One thing that's completely possible is that it's not my garbage clip not making good contact with the flash that made the reads fail, but rather that the flash has failed! Good thing I ordered that spare. All of that should be here in the middle of next week, which should let me figure things out.

It could also be the broken inductor, since this board supports out of band management through that NIC, and IIRC that means a failed network can cause the system to fail to boot entirely when it's trying to initialize.

Show thread
Dusty :blahaj: boosted

I said that Mastodon moderation wouldn't scale, I was wrong. The cultural differences will likely continue to maintain a friendlier atmosphere regardless of size.

escapingtech.com/tech/opinions

important tip: make sure you set "s3_alias_host" on your instance to allow you to change where user uploaded files are stored in the future, without breaking every single existing post.

cheap computer challenge 2022 chronicles 

I premptively ordered a new clip, a replacement inductor, a new flash IC if need be, and some other stuff from Mouser.

I've now crossed the €100 mark on tools alone, although it's not included in the budget. Pain.

Show thread

ChatGPT, "AI" 

(for reference, it's not secure - it would be $40 to crack because of ROCA crocs.fi.muni.cz/public/papers)

Show thread

ChatGPT, "AI" 

okay I'm not surprised it didn't get this one

Dusty :blahaj: boosted
Dusty :blahaj: boosted

Another genderless insult you can use when you're about to get swung at for lethal damage 

weaveass

cheap computer challenge 2022 chronicles 

of course I can't get a good connection to the flash, because the clip i bought is made of genuinely the softest plastic I've ever seen

it gets chewed up by the IC leads

gonna wait until tomorrow, pop in some RAM and see if I can't convince the EC to flash it for me, and if not, see if I can't just straight up glue the clip in a good position to get pin contact

I really don't feel like desoldering a SOIC-16 chip next to plastic

Show thread
Dusty :blahaj: boosted

cheap computer challenge 2022 chronicles 

I wonder where this machine came from, sticker says it shipped with FreeDOS originally

Show thread
Show older
Fuzzy Systems Masto

Instance run by a non-profit association, with a mission to encourage an open internet, welcoming to everyone.