mod6: hey this Borsec is pretty decent
mircea_popescu: o it got there ?
mod6: Yeah, bought 6 bottles (which, only plastic ones were available). One bottle was broken, so I really only got five. But w/e. Good stuff.
mircea_popescu: wait, a ~plastic~ bottle was broken ?!
mircea_popescu: holy shit i never heard of that before, they survive highway crashes those things
mod6: yeah, somehow the bottom of one of the bottles got a crack in the bottom.
mod6: i pulled out the whole pack and one was totally empty. i lul'd.
mod6: stranger, it was packed pretty well. pack of six was in a rigid corrugated box stuffed with foam peanuts.
mod6: hopefully next pack will be all intact.
mircea_popescu: supposedly it's good for you.
mod6: good to hear, thanks for the suggestion.
asciilifeform: https://irclog.whitequark.org/linux-rockchip/2018-06-07#22280508 << oblig whisperers who 'helped'
spyked: http://btcbase.org/log/2018-06-06#1820987 <-- sure thing. actually it may be a great idea to try to get them published. they're usually not coherent enough to make a blog post, but worth giving a shot.
a111: Logged on 2018-06-06 16:23 BreakingRae: Hey Spyked, I'd love to see your notes on what we discussed if you'll show me.
spyked: mircea_popescu, version of what?
mircea_popescu: surisul fetei din tramvai
spyked: ah, okay. re that, I think it's a good assignment for philology students, so I'm actually making it a point to mention it to ppl in the field.
spyked: actually meeting one tomorrow, so now that you mentioned it... I'm definitely going to ask her to do a japanese translation!
mircea_popescu: it's un fucking translatable. aaaand, to quote the last one, "lol hes in denial".
spyked: lol. mircea_popescu, I'm not denying nor admitting! the fact remains that your version has a borken metre, i.e. the last two lines don't match the first two. for ref., http://btcbase.org/log/2018-04-18#1802222 dunno how much this counts for mircea_popescu, but it does for me.
a111: Logged on 2018-04-18 20:55 mircea_popescu: spyked, apparently you have no comments ? anyway, "the smiling girl i saw today bewitched my soul entirely ; another line goes in a diary that's read by me, and Mr. Sorrowly."
mircea_popescu: hey, i don't enter into it -- i'm asking sluts. if not sluts, who is to arbiter poetry ?
spyked: that's a fair point I guess. the wave of self-aggrandazing poetry critics seems dead today, and that didn't mean much to begin with.
mircea_popescu: other than sexual, i know of no function of poetry.
spyked: mircea_popescu, what about music? (I'm asking because I find the two inseparable)
mircea_popescu: nah, music is math.
spyked: lol! I was just going to say that I kinda enjoyed barbilian's poems-as-puzzles back in highschool.
mircea_popescu: anyway, it's not the last two, it's just the last one.
deedbot: http://www.loper-os.org/?p=2415 << Loper OS - The secret of the Debug Accessory Mode Adapter.
asciilifeform: ^ complete schematic.
asciilifeform: the seekrit is out...
mircea_popescu: this is pretty cool!
asciilifeform: bonus, should also work , in principle, to control intel.nsa rootkit ( https://archive.li/PCptx derpery & in other 'seekrit whisperings' )
asciilifeform: reportedly they use same seekrit plug.
mircea_popescu: how the fuck did you find that 5.1 value
asciilifeform: see prev. post.
asciilifeform: it was buried in a megalith standards committee pdf crapola.
asciilifeform: phf: i built it from junk box, you can make it in about 10min.
asciilifeform: the only 'exotica' is the usbc breakout plug; these are on lulzazon ( part http://a.co/hus7Yyh ) and prolly elsewhere.
mircea_popescu: wellearned tea.jpg
BingoBoingo: Holy shit on the Open problem to resolved problem tea.
mircea_popescu: he's talented, isn't he.
BingoBoingo: Seriously. Breaker of tard worlds
asciilifeform: the trickiest part of this magic trick still remains to be done, because -- if google's shitpile is to be believed -- one of those /dev/ttyUSBn is actually a spi bridge
asciilifeform: and in principle can be used to rewrite the eeprom without fancy solderings...
asciilifeform: possibly even ~two~, there are two roms, 1 is the bootloader, the other is the embedded controller
deedbot: http://qntra.net/2018/06/hfpa-insists-former-heads-groping-of-george-of-the-jungle-was-a-joke/ << Qntra - HFPA Insists Former Head's Groping Of 'George of the Jungle' Was A Joke
asciilifeform: ohai BingoBoingo
BingoBoingo: asciilifeform: Congrats on the victory against the googleists/Intelards
asciilifeform: ty BingoBoingo . small victory tho, yet.
BingoBoingo: Small victory in the same sense being the first to summit a mountain is a small victory. There's this impossing and incomprehensible mass of rock, eventually someone makes his way to the top, documents or creates a human navigable path, etc, etc.
BingoBoingo: It's a small victory in the direction of capturing USB-C as a Republican standard
asciilifeform: it'll be interesting to try the plug with a recent intel box ( i dun have any, currently, with usbc ); see earlier derpery link re why
mod6: <+asciilifeform> ^ complete schematic. << I've been catching up on your posts here, this is pretty great!
asciilifeform: some of the cmds (e.g. 'i2cscan', 'reboot') return 'access denied', will have to find why.
asciilifeform: interestingly, the ec console works when box is 'off'..
mircea_popescu: kinda the point of these neh
asciilifeform: controls battery charger, power button, etc
ben_vulpes: in other lols, sbcl.org is down
asciilifeform: yep looks dead
phf: !#s sbcl down
asciilifeform: prolly it's hosted on some d00d's home dsl, lol
phf: they should just let cracauer host it on cons.org
mircea_popescu: in other lulz, https://medium.com/@MartinCracauer << "Read writing from Martin Cracauer on Medium. Lisp, FreeBSD, Shift-Tilt Photography and Symphonic Metal. Every day, Martin Cracauer and thousands of other voices read, write, and share important stories on Medium."
mircea_popescu: there's basically nothing left inside these schmucks, "joe and thousands others [just like him]" isn't even perceived as insulting.
mircea_popescu: https://hackernoon.com/software-development-at-1-hz-5530bb58fc0e << how lisp is all about mouse twitching, long live RTS/MOBA and what is turn-based strategy even!!!
mircea_popescu: https://medium.com/@MartinCracauer/cognitive-inertia-programmers-at-work-and-why-useless-information-is-so-much-easier-to-remember-5a5fea466d3c << other insanely irritating anal childhood bullshit.
mircea_popescu: oh, neoteny of postmodernism, how ye keep telling yourself you're ok and what a disgusting slimy maggot ye are...
phf: well, the "1hz" point comes up periodically in lisp conversations, and there's a value behind it. asciilifeform attacks in various forms, naggum talked about it also, though i'm failing to find relevant article. cracuer is just surprisingly neotenic to express the point coherently
mircea_popescu: im writing it up.
asciilifeform: https://irclog.whitequark.org/linux-rockchip/2018-06-07#22285756; << moar c101pa lulzies
mircea_popescu: you've not been excommunicated yet ?
asciilifeform: not only not excommunicated, but the informant still grudgingly drips hints
asciilifeform: tho i suspect that he's running dry
phf: asciilifeform: can they put a bot here so it'll quote for us? :)
mircea_popescu: NOT IN LIKE TEN YEARS
mircea_popescu: but you can talk to the whitequark dood, explain how bot works, see if he can add it.
asciilifeform: whole thread worth reading. presently i have doubt that the project is even worth the candles. ( tldr: there is a nsa rootkit chip on the board )
mircea_popescu: in the rk ?
asciilifeform: not rk
asciilifeform: standalone thing
mod6: yeah, thanks for posting the thread. "just trust the hardware that you have"
asciilifeform: the impatient can read from the end, backwards.
mod6: It's not long, worth the full read if one has a few extra mins.
mircea_popescu: thanks, was going through the botlink and meh.
asciilifeform: prolly will have to bite the bullet and throw out c101pa , and try the c100pa .
asciilifeform: ( supposing d00d told the truth re the latter )
mircea_popescu: asciilifeform, "20:18 <amstan> if you're paranoid you can probably cut the ap spi flash and ec spi flash traces around it " << i was thinking, it can be just cut out
asciilifeform: mircea_popescu: nope, controls powersupply
asciilifeform: 'glued on with broken glass'(tm)
mircea_popescu: fuck the "controls power supply". how's it gonna fail.
asciilifeform: can't switch on without it
asciilifeform: they rerouted the power button and voltage regulator sequencing, through it.
mircea_popescu: pshaw. i'm willing to pay for the board this is tested on.
asciilifeform: specifically against uppity orcs
asciilifeform: mircea_popescu: i'd happily cut it, but looking at the board, i suspect that they buried the traces
asciilifeform: ( it's a 16-layer pcb )
mircea_popescu: rip the fucking ic off the board.
asciilifeform: ( and will point out, if i have to cut traces on these, the units will be produces at the rate of one per month, likely )
mircea_popescu: sometimes, pencildick designs benefit immensely from liberal application of mailed fist.
asciilifeform: mircea_popescu: i'ma definitely lift it, prior to throwing out board, but suspect that d00d was telling the truth re the power button, it doesn't seem to be routed though the old ec controller any moar
mircea_popescu: a de-alphabet'd item that has no functioning power button is actually acceptable.
asciilifeform: ugh how do you intend to switch the thing on ?
asciilifeform: or is it for use as hammer ? ( it ain't a very good hammer )
mircea_popescu: you'll figure out how to perma-on it and that's that.
mircea_popescu: all this switching bs... not like power needs state.
asciilifeform: prolly worth examining the c100pa 1st
mircea_popescu: notrly, considering it was his suggestion.
asciilifeform: which seems to be an almost exactly same machine ( i had it confused with c100 original ) but sans the cr50
deedbot: http://trilema.com/2018/martin-cracauer-is-a-fucking-moron/ << Trilema - Martin Cracauer is a fucking moron.
mircea_popescu: generally these go like "darling, this is maybe an assfuckin chair you don't object to ?"
mircea_popescu: phf, ^
asciilifeform: should be able to test the truth of the allegation tho.
mircea_popescu: reason he made the suggestion is that he bets on your failing to accurately test it.
asciilifeform: 2015 box ? 2015 box. does have cr50 ? my probe + naked eye, will say
asciilifeform: once it's open
asciilifeform: very tellingly, 0 datashit on the net, 0 mentions of the part anywhere
mircea_popescu: i expect they're mandated in all usg-"technology" since many years back.
asciilifeform: erry device maker gets own variant, to keep life interesting
mircea_popescu: so no, you're not going to find "a board without". you might find one where it's poorly attached and can be hammered off. but that's all.
asciilifeform: afaik most simply shove it into the cpu die.
mircea_popescu: kinda what i'm saying.
asciilifeform: recall thread where mircea_popescu explained to a n00b, 'even when typhus epidemic rages, does not excuse you from washing hands' ?
mircea_popescu: "oh, use this other one instead, terrorist, as you seem hell bent on breaking the chip off. this other one has it in the die, so you can't see it, will be all good"
asciilifeform: why would 2015 box have it in the die, but 2017 external ?
asciilifeform: or is the idea that the 2015 is fraudulently labeled, and really made last month ?
mircea_popescu: asciilifeform, my suspicion is that your "no cr 50" will simply mean "they put it in the die of a diff ic, and you can't find it"
mircea_popescu: i don't explain the cockoraches, mr alfstein. i just exterminate them.
asciilifeform: let's recall that the whole thing is an exercise in junkyard wars, i can only stomp the obvious cockroaches
mircea_popescu: what's the full name of this cr50 item btw ?
asciilifeform: it is called cr50. also seems to go by 'h1 secure microcontroller'
asciilifeform: no public datashit.
mircea_popescu: aka esp-w09 ?
asciilifeform: ( d00d even mentioned, 'we get it with seekrecy')
asciilifeform: mircea_popescu: how do you figure ?
mircea_popescu: i dunno, i'm trying to figure.
asciilifeform: i mean, re 'aka esp-w09'
asciilifeform: i'ma guess you used a search engine and found http://courses.daiict.ac.in/mod/resource/view.php?id=1403 , random indian d00d with no connection
mircea_popescu: i went through list of jtag-sitters, saw that and whatever atmel bs.
mircea_popescu: are you basically saying this is not an ennumerable class ?
asciilifeform: it's a google in-house product.
asciilifeform: ( they dun have, afaik, a fab, the 'TWN' suggests they contracted out to e.g. infineon )
mircea_popescu: i do not beleive it is. i expect they just bought something.
asciilifeform: well, not bought, were issued.
mircea_popescu: and there's not THAT much to buy.
mircea_popescu: yes, but
asciilifeform: they also distribute a ball of src which they ~claim~ (unverifiably, afaik, see thread) runs in it.
mircea_popescu: interesting link btw. what is this, the indians are taking over the usg "compliance" part altogether ? to the point the blather is taught in india but not us ?!
asciilifeform: the chip itself does not match the description of any old fritztron familiar to asciilifeform (e.g. infineon's, intel's)
asciilifeform: mircea_popescu: link is generic sad, orcish technicum curriculum, doesn't seem to have any useful connection with subj
mircea_popescu: hey, at least it mentions the atmels insistently.
mircea_popescu: which, afaik, is the most widely deployed fritzchip in empire.
asciilifeform: the #1 choice of tardano vendors, certainly
asciilifeform: at any rate, if d00d was telling even half the truth re 'we had a cpld, in prev machines, and moved it, among else, to cr50 when we got to make own die' then it prolly is not a standard konsoomer loltron.
asciilifeform: the problem is that i cannot answer any useful question about it other than at brainmelting expense ( see the bolix thread ).
asciilifeform: i can heat it to 400C and pull it off the board and see if power still goes ( chances are , it won't, d00d was telling the truth re other boobytraps previously ) , but that's about it.
asciilifeform: this approach threatens to turn the project into 'phd assembly line', sorta half the point of this machine was that it could be conjured up from the konsoomer shelf version with 10min of effort and 100% yield
asciilifeform: even supposing that cr50 were cleanly removable (the designers would have to be idiots, to make it cleanly removable, really)
asciilifeform: anyway it is asciilifeform's teatime, and so i'ma bbl, inclined folx can puzzle over this puzzler .
phf: http://btcbase.org/log/2018-06-07#1821238 << crafty little strategy "we built a device with an open EC" "..." "we now have a sikrit cheap making sure our EC is not too open"
a111: Logged on 2018-06-07 20:41 asciilifeform: ok, d00d left; https://archive.li/FFROT << whole thread snapshot.
phf: and as much as i sometimes scoff at the lizard hitler suggestion, the whole narrative, tacitly supported by the relevant designer, is very much it.
phf: "hey guys why don't we publish the secret chip bypass? -- what are you, some kind of terrorist/tinfoil??"
phf: http://btcbase.org/log/2018-06-07#1821267 << right about. i was mostly just embarrassed for him when i read his blog..
a111: Logged on 2018-06-07 20:50 deedbot: http://trilema.com/2018/martin-cracauer-is-a-fucking-moron/ << Trilema - Martin Cracauer is a fucking moron.
mircea_popescu: scoff all you want, but as burl ives put it, "it's always there in the morning, ain't it".
phf: it reminded me of how sometimes russian academics had problems with their american peers: some of those russians learned english from VHS, so found it acceptable to use ebonics in speech.
mircea_popescu: that shit's hysterical.
phf: i mean, it's a different scenario, but that must be the feeling americans felt in the situations like that
mircea_popescu: i don't get it, are you proposing german axehandles learned english from special ed courses ?
phf: no no, i'm trying to clarify the sort of embarrassed i felt when i read his blog. but in the case of russians it was misunderstanding, in this case though it's something else entirely..
phf: http://btcbase.org/log/2018-06-07#1821289 << https://lkml.org/lkml/2016/7/19/957 https://lkml.org/lkml/2016/7/27/523 (i'm sure ascii saw already, adding for logs)
a111: Logged on 2018-06-07 21:03 asciilifeform: it is called cr50. also seems to go by 'h1 secure microcontroller'
mircea_popescu: so then cr50 is the firmware, and the hardware is actually some kind of bulk chip ?
asciilifeform: if it's a shelf chip with title sanded off, neither i nor apparently anybody else knows which
mircea_popescu: but i suspect it ~IS~.
phf: that's what it looks like, H1 B2C on ascii's photo. no mentions of it anywhere on nets, outside of google marketing material
mircea_popescu: you mean no mentions google shows you ?
asciilifeform: google had various crapola fabbed in the past, it wouldn't be a first
mircea_popescu: it wouldn't.
phf: right, i did try mouser/digikey first
asciilifeform: i've been looking for it since it was first mentioned in last wk's thread with the d00d
mircea_popescu: i was hoping maybe the firmware might indicate.
asciilifeform: so far no dice, not in ru sphere either
asciilifeform: fw (or what claims to be the fw, i cannot verify re actual iron) is a c proggy, for what looks like an arm
phf: this is the kind of stuff phrack was supposed to talk about, but meanwhile the community was gutted..
asciilifeform: but this tells us ~nothing to narrow it
mircea_popescu: asciilifeform, well, it's an 1 in 1 out chip is it ?
asciilifeform: quite likely, the fella was telling the truth, it's a google.nsa die
mircea_popescu: neither of these have fabs.
asciilifeform: what means 1 in 1 out ?
mircea_popescu: nor either of these has the mental acuity to fab.
mircea_popescu: they exist out of "mandating" ie, posturing what the actual people should od.
asciilifeform: stamp reads TWN , taiwan
asciilifeform: lotsa folx have no own fab . e.g. sun microsystems didnt
asciilifeform: owning fab is not usually +ev
mircea_popescu: lotta folks don't have women, owning women is not usually +ev bla bla. virgins.
mircea_popescu: anyway, back to it : the cp50's point of interest is, that it has a connection to power button. this is a single line, is it ?
asciilifeform: vertical integration is a thing, google bought a few power plants; but afaik not fab yet
asciilifeform: not single line, seems to handle the keyboard matrix also ( for reset combo ) and possibly vregs also
asciilifeform: hard to say without schems or xray
asciilifeform: pretty strange, that they put the kbd through both
asciilifeform: has the appearance of a hasty and gnarly glue job
asciilifeform: ( why even keep the orig ec )
mircea_popescu: yes. which is also why i think this is where the levee should break
asciilifeform: what does mircea_popescu propose ?
asciilifeform: cuz i'm stumped
mircea_popescu: http://btcbase.org/log/2018-06-07#1821257 / http://btcbase.org/log/2018-06-07#1821251
a111: Logged on 2018-06-07 20:48 mircea_popescu: sometimes, pencildick designs benefit immensely from liberal application of mailed fist.
a111: Logged on 2018-06-07 20:47 mircea_popescu: pshaw. i'm willing to pay for the board this is tested on.
mircea_popescu: smash it out.
asciilifeform: no kbd, no power
mircea_popescu: usb kbd ? short the powerline ?
asciilifeform: matrix kbd
mircea_popescu: i dunno, if it was ACTUALLY apply hammer, i'd have done it myself\
asciilifeform: thing scans it
asciilifeform: it's the kbd cobtrolr
phf: asciilifeform: smash it out carefully, could mail it to zeptobars, maybe get some idea what sort of beast we're dealing with..
mircea_popescu: something like that.
mircea_popescu: understand, the cost of failure here is minimal.
asciilifeform: phf: they ever did the bolix?
mircea_popescu: not afaik.
asciilifeform: and bolix is a 2um; this thing is prolly 22nm
asciilifeform: one's 50k$ of work, other 5mil
phf: asciilifeform: no need to, i have all the relevant bits, just need to package them for you
asciilifeform: but know what, i'ma lift it before throwing out whole board, for phf
phf: i'm sure a russian with an electron microscope would love nothing more than do a careful job on a bonafide fritz chip
mircea_popescu: let those "warrants" fly
phf: worse case he'll just fail, but probably at the limit of what he can do
asciilifeform: maybe by 2040 he finishes
mircea_popescu: holy shit i'm not waiting that long for nudies.
asciilifeform: hence q, wat do
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/board/cr50/ << for threadcompleteness -- the purported src.
asciilifeform: i have reasons to suspect that if it indeed has anything to do with the physical item, it is only partial picture.
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/board/cr50/gpio.inc << claims to be the i/o mapping .
asciilifeform: the 'PINMUX' bit suggests that the informant d00d was telling the truth, thing indeed controls vreg bringup, at least the 3.3v rail
asciilifeform: ( so far errything he said, such that asciilifeform was able to probe, turned out to be troo. if he's a liar, he's a very high-quality liar )
asciilifeform: https://github.com/coreboot/chrome-ec/blob/master/board/cr50/tpm2/rsa.c#L651 << magic pubkeyz in the rom
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/extra/cr50_rma_open/cr50_rma_open.py << last piece of lulz, for nao: claims to be 'tester's' defuse for the boobytrap. however dun work with my box, it has the 'ccd' console command locked out
asciilifeform: but suggests that the thing is a standard arm chip, with flash ram, that can be rewritten
mircea_popescu: asciilifeform, phf & anyone in the l1 that cares : should i actually push this http://btcbase.org/log/2018-06-07#1821229 thing ?
a111: Logged on 2018-06-07 20:13 phf: asciilifeform: can they put a bot here so it'll quote for us? :)
asciilifeform: dunno that the game is worth the candles; better to try an' persuade the 1 useful d00d to visit
asciilifeform: ( he seems to log in erry coupla days, i'ma try him next )
mircea_popescu: i mean, the backstop would obviously be "either follow spec as-is or get out of chan", i suppose. i don't specifically care either way, we already have plenty of proper loggers for one thing, and the original, "Hey, maybe someone exists on freenode that's both a) not totally braindead and b) hasn't heard of #trilema yet" was thoroughly proven wrong by now ; the intelligence flow is the other way.
asciilifeform: or do i misread the q
mircea_popescu: how do you read it ?
asciilifeform: and it's about the logger thing, not #rockchip
mircea_popescu: it is about _whitelogger bot following spec and reading out lines.
asciilifeform: yea theoretically useful
mircea_popescu: odds are it'll result in it leaving, i'm guessing.
mircea_popescu: !!key whitequark\
deedbot: Not registered.
mircea_popescu: !!key whitequark
deedbot: Not registered.
mircea_popescu: i mean, doodn's not even had the common decency to reg up, however many months later.
mircea_popescu: cuz whatever, everyone's speshul and lives life on own terms and whatever geeky bs.
asciilifeform: who runs that thing ?
asciilifeform: aa so it's a sad rando anon
mircea_popescu: quantum computing something something, i kinda tuned out past that point.
mircea_popescu: six months, during which not one reader of irclog.whitequark.org turned out to exist should be amply sufficient data from that angle.
mircea_popescu: but whatever, it's what the empire's got, #lisp is about "lisp" and so on.
mircea_popescu: !!up trinque
deedbot: trinque voiced for 30 minutes.
mod6: the zeptobars route may be a decent idea. has anyone reached out to that guy?
mod6: they take bitcoin donations, but, no coins ever sent :[
mircea_popescu: i imagine phf
mod6: here's their addy posted on their "support" page: 1ZeptoBhGA4wewwVv3BZTYyaBtc87nMNg
mircea_popescu: hey phf, you actually know the fellows ? how about they show up here and work something out ?
asciilifeform: mod6: read end of thread, subj is a ~standard arm with eeprom that ( per my experimentation in past 2hr ) actually does seem to contain something like the linked crapola
mircea_popescu: asciilifeform, i'd still like to get some actual working something out of whatever kanzureism "zeptobar" currently is.
asciilifeform: it doesn't have a magic symmetric key, there's a ecc public sig thing to unlock the boobytrap and, e.g., erase/reprogram the thing
asciilifeform: mircea_popescu: i'd luuvvvvv a properly photographed bolix...
asciilifeform: which is just about practical. but 22nm -- don't hold breath
mircea_popescu: btw, didja phuctor it ?
asciilifeform: not to mention that it seems to be a ~pogo with eeprom proggy (these dun show on micrograph anyway)
asciilifeform: mircea_popescu: phuctor dun ecc
mircea_popescu: oh, ecc. of course, of course.
asciilifeform: btw the 'h1' turd is a mass of c crapola, chances are there's an overflow somewhere
asciilifeform: like there was in intel's me
mircea_popescu: you know, it occurs to me... it it's a captive minichip. it should be... defeatable. keep feeding it bad sigs and measure the powerlines.
asciilifeform: mircea_popescu: what's that give ?
asciilifeform: it dun have a seekrit to extract, simply checks pubkey sig
mircea_popescu: yes, but it might give you some code layout maybe ?
asciilifeform: i'm actually ~persuaded that the posted code actually runs
mircea_popescu: then nm.
asciilifeform: it's a pretty plain boobytrap, wants magic sig to r/w the 'h1' firmware, or to unlock the console (which gives rootkit access to whole ram, cpu, ec, etc via the usb jack)
mircea_popescu: what is it, 256bit eec key ?
mircea_popescu: listen, my (often wrong, millitantly ignorant, whatever) intuition is that if oyu have an oracle in your hands (the chip after all DOES say yes or no) and all you want to do is produce a sig it accepts for an arbitrary string, you should be able to achieve this bit fiddling in less than 2^256 tries.
asciilifeform: if i can do this, i think i'll skip the small change and take home satoshi's coinz
asciilifeform: in so far as i can tell, the thing implements plain old 'p256' ecctron
asciilifeform: with no ~obvious~ hole
mircea_popescu: i'd love nothing more than qntra running a "google's ecc crypto defeated in field"
mircea_popescu: but... yeah.
mircea_popescu: anyway... let ~them~ explain how "it was an implementation error -- no fundamental ecc breach".
mircea_popescu: after all the "rsa is broken because we've been misimplementing it for 20 years under our governmentalpg brand hurr" stories, it'd be quite pleasant.
asciilifeform: ... interestingly, the 101 apparently comes with all of the usb debug ~driving~ end crapola, and will happily diddle itself when plugged into... itself
asciilifeform: ( 1 end of hose goes into usbc, other end -- normal usb3 jack between the 2 usbc's )
asciilifeform: however still gives eggog '127' when attempting 'usb_updater -U' i.e. 'start unlock sequence'
asciilifeform: same as when driven from real comp (unsurprising)
mircea_popescu: i'm telling you, building a fuzzing harness for a bunch of these may not be a bad way to lock down a machine (driving the fuzzing) for a week or two.
mircea_popescu: the worst case being what, a pile of useless data ? big woop, i have some of that myself, isn't killing me.
asciilifeform: i'm at that magical 'should i throw it out or buy 6'(tm)(r) stage
mircea_popescu: buy 6.
asciilifeform: i could use some eagle eyes on the coad, also
asciilifeform: 1 eagle is worth 9000 'fuzzers'
mircea_popescu: bill s.nsa for 'em and there you go. worst case we have some not-great hammers.
asciilifeform: i'm still curious re mircea_popescu's logic re the older box
mircea_popescu: asciilifeform, where's the logline of you going "hey, this is confusing to me therefore cryptic to anyone" ?
mircea_popescu: which older box ?
asciilifeform: that the dev d00d mentioned
asciilifeform: how would it make sense for it to be ~moar~ subtly boobied than the 101
mircea_popescu: there's this vicious slander going about according to which i actually use some sort of thought process. i wish to deny such rumours right now.
mircea_popescu: i've not thought a line in my life!
esthlos: trinque: I added a manifest to my v_genesis vpatch. I'm curious, though, how these items (vtron, manifest) become declared "standard", if ever
asciilifeform: mircea_popescu: upstack: possibly you were looking for the http://btcbase.org/log/2017-01-03#1595992 thread
a111: Logged on 2017-01-03 23:07 asciilifeform: there is ~0 actual relationship between 'confusing to the naked eye' and 'crypto-hard'
mircea_popescu: esthlos, there's some discussion, after which i pick something and start asking people nicely / kicking them in the head about it.
mircea_popescu: asciilifeform, that sentiment, but different words. 2015ish vintage i tihnk
esthlos: sounds good
asciilifeform: mircea_popescu: almost definitely in the symmetrics thread
mircea_popescu: hm, that's a thought
a111: Logged on 2016-06-01 17:43 asciilifeform: 'aes is hard to break' 'says who' 'says me, i haven't broken it yet'
a111: Logged on 2016-02-04 17:30 ascii_butugychag: 'this was confusing to ME' is the basis, EVERY MOTHERFUCKING TIME
mircea_popescu: i forgot you're polynymic.
asciilifeform: yea it was definitely while asciilifeform was in butugychag
mircea_popescu: sprucing up the dummkopf article ; apparently i hadn't put enough links in there, counterintuitively.
asciilifeform just nao ate it
asciilifeform: btw, curious what mircea_popescu's allergy to 'short ooda loop' is. for instance, mircea_popescu , like asciilifeform , seems to have thrown out his film camera, uses electronic one. why not use film, if 'short ooda loop is for lamers' ?
asciilifeform: film , for the money, beats the living shit out of digicam
mircea_popescu: then they wonder why they don't ever have any gfs, these people. "i tried to evaluate whether she's my gf in a second or less, came out negative" "maybe give it i dunoo... FIVE DAYS ?" "omfg what ? i don't like... live that long"
mircea_popescu: asciilifeform, i am at no point in there hating on short ooda loop. i am hating on the idiocy he surrounds it with.
asciilifeform: ok this is where i admit that i have not read the orig idjicy..
mircea_popescu: pro tip : photographs taken today are shittier than photographs taken on film. who dun it ?
mircea_popescu: "but mp... i ~copuld~ take better pics today than in 1970. point in case -- i didn't even TAKE pics back then"
asciilifeform: film gives you, what, equiv of 20-30 'megapixel' for phree
asciilifeform: moar, if you have a largeformat cam
mircea_popescu 's head explodes.
asciilifeform: asciilifeform was one of those weirdos with massive pile of film, and even trunk of old photo gear
mircea_popescu: no but see, all the faggots that take pics today and didn't in 1970 are exactly all the faggots that couldn't read books before they were made on pulp paper by pulp paper book makers.
asciilifeform regularly has this convo thread with pet, 'books sucked less when they had to be stitchbound'
mircea_popescu: i saw a terrible film recently, with doris day. something something bla bla bla. she spends the whole time in an ugly looking deerskin.
mircea_popescu: HOWEVER. she can dance. she can sing. because she's a 1950s actress, and that was a PROFESSION which MEANT SOMETHING.
asciilifeform: sorta reminiscent of the old rifle thread ( 'good old days, 7.62x54mm mosin, back when people could still aim, make every pop count' )
mircea_popescu: you know i recently googled a pic, and google helpfully informed me who the, and i quote, "reality television personality, model, entrepreneur, socialite, and social media personality" involved were ?
mircea_popescu: and i was sitting there in disbelief, "dude, it's two milf lamers in a tub, what the fuck".
mircea_popescu: jordyn ?! fucking seriously ?!
asciilifeform sadly entirely unfamiliar with subj
mircea_popescu: point remains, two bit everything all around. that's your "short ooda loop". it's a lot closer to cocaine than the users realise.
asciilifeform: it's the old flies-and-cutlets thread
asciilifeform: meat in the sun.
asciilifeform: there is not a mechanical cure for the need to exclude vermin
asciilifeform: which, yes, will be irresistibly attracted to tasties
mircea_popescu: right. so you know, my allergy "to the short ooda loop" is all the flies going "o man, this is great! yay!". it's not to the fucking meat, i eat steak tartare every so often
mircea_popescu: but i also don't like to hear that buzzing sound.
asciilifeform: makes sense.
mircea_popescu: "corpse whistle" or however you call it.
asciilifeform: https://chromium.googlesource.com/chromiumos/third_party/tpm2/+/master << for aficionados. the crypto, such as they are, routines in the cr50 thing. ( even seems to include a kind of orc rsa )
mircea_popescu: anyway ; i thought that point comes through, but maybe not as well as i'd have wanted.
asciilifeform: there was an old thread, with the heavy roman lorica
asciilifeform: can't seem to find it nao
mircea_popescu: and the "too heavy" helmets ?
asciilifeform: yes! it
asciilifeform: iirc there was a continuation, where , something like asciilifeform:'lorica oughta be heavy, but from iron, not lead weights' and mircea_popescu:~'but only the centurion who wears it should get to decide why heavy'
asciilifeform: or perhaps i dreamed this.
mircea_popescu: there is such a thing as ankle weights. my slavegirls should know, they get them lots.
mircea_popescu: that -- heavy from lead.
asciilifeform: there are, 'тяжело в учении -- легко в бою'(tm)(r)
mircea_popescu: "but mp, why does girl need to wear 5kgs of ankle weight for hours on end ?" "so when i fuck her, her knees are straight"
mircea_popescu: and btw, the idiot airport guards keep slicing the weights. cuz it's by now so rare an item i guess, "gotta see what's inside".
asciilifeform: 'could be plutonium' lol
mircea_popescu: well... it basically is shotgun shot.
asciilifeform: i suppose anyffin that dun xray properly, is insta-suspicious to the derps
asciilifeform: could contain whatever, in the middle of lead sphere
mircea_popescu: yeah. it contains nice ass, in the middle of the lead sphere.
asciilifeform: then obvious why they'd like to search
asciilifeform: 'lemme inspect this'
mircea_popescu: lol. if only.
mircea_popescu: but yes, re the тяжело в учении -- легко в бою bit -- it comes as a shock generally that "your training must ~exceed~ actual usage, by a ~factor~. you don't train for 80% of what you'll do ; you train for 250% to 300%+ of what you'll actually do."
mircea_popescu: then, легко в бою indeed.
asciilifeform: upstack, before i start to fall asleep -- what do we wanna do in re the c101 ? march on with curing the 'ordinary' boot rom, and then sit on the thing pending a successful break of the cr50 booby ? shelf whole thing ? which'll it be
mircea_popescu: asciilifeform, do you suspect the core can actually talk to the netbridge ?
asciilifeform: mircea_popescu: it can rewrite the boot rom, is what i know for certain so far
asciilifeform: but i've not found a remote trigger for it. (dun mean there isn't one)
mircea_popescu: yes, but it seems to me it's basically a local rootkit. so it's not such an overwhelming concern for the contemplated usecase -- give iphone girly machine.
asciilifeform: i suspect the thing exists mainly to 1) help 'law enforce' folx pry passwords from unwilling patient's box 2) persistence nest for assorted usgologies installed via pwned userland
asciilifeform: it's pretty much same as intel 'me'
mircea_popescu: so in a sense it's up to you. if you've lost the love of labour because of the cp50 issue, i guess it dies. but if not, i do not see it's a waste of time. make it boot cleanly, try see what happens if you remove the item, try see what happens if you fuzz the item, maybe more stuff occurs -- this is a productive line of research.
mircea_popescu: or so i deem.
mircea_popescu: asciilifeform, you're probably right.
asciilifeform: i'ma carry on with curing the bootloader then. and when 'h1' pops, it pops, we get clean box
asciilifeform: or who knows, 'the horse may die' etc.
mircea_popescu: something like that.
asciilifeform: aite, worx
asciilifeform: the 1.8v spi probing rig comes in next wk.
mircea_popescu: anyway, can also prep a boot rom that has a canary.
asciilifeform: ( what means here, canary )
mircea_popescu: i dunno, have the boot flash a pink pixel, put a number on screen, whatever. replacement boot sequence won't know to do it, will it.
asciilifeform: aa in that sense yes
mircea_popescu: so then you know it's been flashed.
asciilifeform: fwiw the boot rom reads from linux's ordinary spi driver, in userland
mircea_popescu: in more general terms, if you had to dismantle every organisation the moment it had a mole in it... there'd be no organisations ever.
asciilifeform: ( i.e. 'h1' does not sit , as far as i can tell, between cpu and bootrom , but rather sits on the bus )
mircea_popescu: this is the common design, neh ?
asciilifeform: on x86 boxen, southbridge usually sits directly between cpu and bios rom
asciilifeform: ( given as x86 cpu does not know how to speak spi/lpc/etc )
mircea_popescu: no but these are arms. i thought this is what arm mostly is, bridge-wise.
asciilifeform: there seem to be 4 onboard busses in the thing; ram ( just cpu and dram ) ; pci ( occupied by 80211 chip , you prolly could safely pull it out, even sits on conveniently protruding bit of pcb ) ; spi ( connects to : cpu; boot rom; ec ; 'h1' ) ; i2c ( connects to cpu ; 'h1' ; voltage regs ) .
asciilifeform: this is to count only the onboard (i.e. excluding usb)
asciilifeform: iirc the audio dac sits on i2c also
asciilifeform: this is currently best picture i have ( wish i had the schem... )
mircea_popescu: honesrtly i'd still rather get this than "go to store buy intel chip"
asciilifeform: so far i did find how to disable #wp signal on the h1 ( it tracks the battery-triggered #wp ). the way updater works, it permits flashing in any old turd, and it goes in a temp slot, which only on next boot gets ecc-sigchecked
asciilifeform: potentially we find a hole in this process.
mircea_popescu: this is conceivable.
asciilifeform: if can find , e.g., overflow, then can have whatever payload waiting there to be jumped into.
mircea_popescu: honestly, i don't expect either elegance or smoothness come out of the haphazard antidesign style of google et all.
asciilifeform: ( which is less painful than if nothing could be shat into it to begin with )
mircea_popescu: something somewhere's crackin'.
asciilifeform: it's a massive ball o'shit
asciilifeform: and the contents do seem to correspond, at least partially, to the published src. so there's definitely something to work against.
asciilifeform: ( hey douchebag ! )
mircea_popescu: lol srsly.
mircea_popescu: contrary to your respective inclinations, you two'd actually make a great team. very bias-mismatched.
asciilifeform: i used to work with a roughly similar fella, so yes, agree
asciilifeform: now if he can be arisen from his arse...
mircea_popescu: in other holy shit... google returns my own stored image if you try and find the "porch monkey" thing. jesus f. the web is pointless.
mircea_popescu: "NEW YORK, June 05, 2018 (GLOBE NEWSWIRE) -- The Nasdaq Stock Market announced today that it will delist the common stock of Long Blockchain Corp. Long Blockchain Corp.s stock was suspended on April 12, 2018 and has not traded on Nasdaq since that time. "
mircea_popescu: in other news nobody carted about.