Oh boy. I didn't think I could get lower level than that, but now I found some struct pointers that just have hardcoded hex addresses!

#m=image%2Fjpeg&dim=1001x193&alt=A+terminal+showing+some+source+code+that+includes+setting+some+pointers+to+structured+to+hardcoded+memory+addresses.&blurhash=H041z%5D%7D_%253NEogxcxb%3D%24S0I--Y%24-bGNEj%40o3S0R%25&x=a9422bdc02d1c239de96dbbb97373475875c51d11bef07638cd9812dd44818b6

And now I'm in the interrupt vector table.

Third time is a charm!

Good guess, but no. There's no wireless anything in these devices. It's how people can be confident that if it didn't leave the devicr via USB, then it didn't leave the device at all.

This makes security auditing easier since there's only one code path to investigate.

I'm dug deep enough to find the function that writes one character to a buffer, increments the index, correctly rolls over when the index exceeds 9 bits, and then sets the "TX empty interrupt enable" bit (TXEIE).

Next stop, port CR1!

Spoiler: it's UART pins. I'm going to see if I can get runtime debug messages from the device.

This should help me see if the commands are ever making it through Qubes 4.2 and being received by the device.

I know I am not getting any replies, but I can't tell if it's filtering on the way to the device, or on the way back (or both!).

Hello. What do these two traces go to?

#m=image%2Fjpeg&dim=1080x1440&alt=A+small+USB+device+that+has+two+traces+from+a+couple+of+pins+highlighted.+They+go+to+two+header+pins+that+appear+to+go+through+to+the+other+side+of+the+board.&blurhash=_MI5D1Ri%7E8V%5DtRaMNL%7EWs.NIf%2BRjWCs.%3FFj%5DIpt6WDoxobWSW%3BWGV%5Bo0oej%3FR%24j%5Bs%3BWUk9jbWBohofadWUkCbFj%5DRRWUt6ogWBbFazt8fPRifks%3Be%3BWCV%40WCozkAafj%5DbX&x=9ebdf1cd1b64c981e38a654c8a21a7257b3d9d599b984e7fdacf60b8dbb5105a

Oh, just some header pins. I wonder what those are for...

#m=image%2Fjpeg&dim=1080x810&alt=The+opposite+side+of+the+previously+pictured+USB+device.+Here+we+can+see+that+it+is+a+Signet+v1.3+device.+From+this+angle+we+can+see+that+it+is+two+male+header+pins+that+were+connected+to+those+traces+from+the+other+side+of+the+PCB.&blurhash=%23HECwb4.-VICxtIoxtbIR%23XUIXM%7BoeRkofofaxs%3A%7EAaOSekRR*xuR*n%2CnnMxRjWWjvofj%5BaxWBkC-mV%7BS4koj%5DaKj0kSSdWAocWFkDoLV%40ozkVWBtRWTRRWEj%3Dayj%3Fj%5Boe&x=abd52f7ff9d8e43e76108f32797f1a12dae604bc8bef43b1f17a4e256062ed0f

They are as adorable as they are practical

Palm pilots for life

I've probably spent at least 40 hours just reading through the code base and trying to get familiar with how everything is put together.

I've never been in this position before, having to do this solo. Usually I have the people who wrote the code to turn to with questions. Or at least a team of fellow reversers to give things a second pair of eyes.

I've spent so long quickly going through code to find the security problems, now I'm having to re-learn how to grok everything at once instead of just the security critical code paths.

It's a good challenge. Sharpen those skills

If anyone knows why the symlink is showing up in inotify as things like ".#signet373aec7d28de370a" instead of just "signet", which is what the symlink name actually is, LMK.

Somehow I think it might be too early for me to find any operating system programmers on nostr.

nostr:nevent1qqs8t9jxcflvlcvtw9n9639etxhj69e0ep4p2ekrhytyt96e966kn2spz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzp5cw4x82vh5487g6hylkkv82284n83gxlp75nasq5yu6auq249g3qvzqqqqqqyqaa2ag

They say the average programmer only writes a few lines of production code per hour.

But the best programmers write a negative number of lines per hour!

Fixed an issue with the Signet client where, on some-but-not-all Debian 12 boxes, it wouldn't detect the signet unless it was inserted before the client was started.

It turned out to be something weird going on with inotify not providing the correct name of the symlink the the udev rule creates in /dev.

I'm still not sure why it's showing up all weird, but I found a way to handle it and that'll be in the next release.

For those interested in the ETF things, you may be interested to know that Raymond James has not approved it. So anyone using them can't buy yet.

If you are wondering why there wasn't an instant spike in the fiat price of bitcoin, part of the reason is because it takes time for different organizations to go through all their internal processes.

Be patient.

Or just ignore the fiat price and just think about how many more tacos you can buy as your coins get more valuable. Because who doesn't like tacos, right? Besides, better to buy tacos with bitcoin than it is to trading in your coins for dollars or euros or whatever.

Yeah, just make sure you have a backup first because we all know how often those Apple updates go haywire.

Everyone I know who still uses Apple gear backs up their iPad immediately before trying to update it so they don't lose any data. As long as you do that, it should be safe to update.

Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS

https://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html

#cybersecurity #infosec #privacy #news #apple #security #GrowNostr

Well they are fully patched now, there's nothing left for me to update. LOL

In Qubes, I can patch 3 VMs, over Tor, in less than 3 minutes. Restarting them takes under 30 seconds.

Try that with a macOS or Windows machine!

These are amazing, thank you!

I'm still going to do the automation part since there seems to be interest, but I'm totally going to leverage these guides to the max!

Lets see if there is interest in this from the #selfhosting community on this:

2100 sats: I write a guide on how to set up your own, self-hosted, always-on lightning node and publish it

21000 sats: I write an ansible script to automatically set it up and publish that