tmsr - Search: a

31300+ entries in 0.229s

swiftgeek: asciilifeform: anyway if you can tell i care a lot about e-waste and such chipie is creating serious problems

a111: Logged on 2018-06-11 19:57 asciilifeform: swiftgeek: given your introduction ( http://btcbase.org/log/2018-06-11#1822589 ) i assume you may be interested in verifying fact that cr50 is not a subfunctionality of the ordinary (i.e. kept in winbond spi ) bootrom or the EC controller ('nuvoton' arm , visible in right hand of photo ). this is very simple to do:

asciilifeform: a chinese shop could, for instance, mount the http://www.loper-os.org/pub/c101pa_dbg.jpg ( 'google servo' ) connector, on to the vacant pads. BUT this does not give me anything that i do not already have via the 'suzyq'.

swiftgeek: with that amount of tools you could fix those devices during a coffee break xD

a111: Logged on 2018-06-08 17:15 asciilifeform: i was able to flash in the https://gsdview.appspot.com/chromeos-localmirror/distfiles/cr50.r0.0.10.w0.3.4.tbz2 image ; it supports a few moar commands, including 'rma open' returned-to-factory unlocker thing. but result was , unsurprisingly, 'with notes from hitler only' : http://www.loper-os.org/pub/c101pa/c101pa_unlock_nodice.txt

asciilifeform: so far my only clue that h1 actually runs the given fw , is that i was able to flash in a vendor update : http://btcbase.org/log/2018-06-08#1821699 and ended up with a slightly different, in the ways suggested by the src, console ☝︎☟︎

asciilifeform: ( if you know of a counter-example, please link )

asciilifeform: according to amstan , the fella claiming to be a designer of c101pa , everything connected with cr50 is deeply trade secret, and shared with no one outside of google.

asciilifeform: i don't see this as a productive line of probing

swiftgeek: asciilifeform: i don't consider swapping a board as repair

asciilifeform: i have a pretty good idea of the power sequencing, from reading the ec and cr50 srcs

asciilifeform: so i'm not sure what you expect to find in a vendor repair book

swiftgeek: it's just a block diagram and power sequencing / tree

asciilifeform: to be fair, it's a pretty recent box.

a111: Logged on 2018-06-11 15:46 asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing

asciilifeform: swiftgeek: out of curiosity, what would you look for in a die shot ?

asciilifeform: the sad bit is that it is many yrs of labour, to go from even a high quality die shot, to functionality

asciilifeform: given as it is a tpm/drm crock of shit, i fully expect false metal masks and the other joys of 'tamper resistence'

asciilifeform: got example of a successful public reversing of any recent (i.e. post-1995) crystal ?

asciilifeform: swiftgeek: i intend to send a unit to zeptobars in near future. i do not however expect any interesting result, afaik no 22nm or similar density device has ever been publicly reversed

swiftgeek: welp that's interesting and if it spews out a lot of uart then it's most likely running on some core

asciilifeform: swiftgeek: given your introduction ( http://btcbase.org/log/2018-06-11#1822589 ) i assume you may be interested in verifying fact that cr50 is not a subfunctionality of the ordinary (i.e. kept in winbond spi ) bootrom or the EC controller ('nuvoton' arm , visible in right hand of photo ). this is very simple to do: ☝︎☟︎☟︎

asciilifeform: ( according to amstan , a fella from #linux-rockchip who introduced himself as one of the designers, but is rather tight-lipped )

a111: Logged on 2018-06-11 15:41 asciilifeform: for completeness, http://www.loper-os.org/pub/c101pa/mb_top.jpg + http://www.loper-os.org/pub/c101pa/mb_btm.jpg ( apologies for the sad photos, they came out of a flatbed, evidently not ideal tool for this job )

asciilifeform: swiftgeek: here's a flatbed scan of the board, http://btcbase.org/log/2018-06-11#1822396 ☝︎

asciilifeform: google baked it as a replacement for the infineon.

swiftgeek: anyway so far you have took some guesses that it's a infeon chip right?

asciilifeform: personally, i'd consider a box with no trackpad function, to be usable ☟︎

asciilifeform: i also have a sample fw blob

asciilifeform: c101pa also includes a trackpad with flashable blob fw

asciilifeform: swiftgeek: if you are a thinkpad aficionado, there is a patched x60 bios in the logs, iirc 2015

swiftgeek: IBM didn't make a single thinkpad since at least T20

asciilifeform: |\n: best suspicion thus far is that it is a 'hardcopy fpga' (cheap, relatively, method for getting chip baked, they apply a custom metallization mask to a stock crystal)

asciilifeform: not really possible to thoroughly reverse things without creating a pile of rubbish, sadly

asciilifeform: swiftgeek: why do you need a dead unit, why not buy fresh one

asciilifeform: swiftgeek: if you register a gpg key with deedbot, you will be able to voice yourself

asciilifeform: and get a trace of all of the signals

swiftgeek: asciilifeform: x200t already requires a bit of rework

swiftgeek: it's a tiny bga chip that you can remove yourself easily

swiftgeek: ok skip WEP, it's a whitelabel thing

asciilifeform: i have a very similar machine

asciilifeform: swiftgeek: if you'd like to take a c101pa and deball the bga and try this, and post article, i promise to read

asciilifeform: google's src already contains everything you need, in theory, to make a hypothetical benign replacement for cr50

asciilifeform: swiftgeek: asciilifeform's orig plan was to sell cleansed c101pa machines. if this said cleansing requires lifting a bga, and attaching a manufactured replacement , we will be talking about considerably different cost than if the machines can be cleansed in 10min via software, via debug snake.

asciilifeform: but conceivably you could , at some expense, come up with a pad-for-pad substitute, and lift the thing, then solder to the balls

swiftgeek: ie. it doesn't look like a necessary component to me

asciilifeform: swiftgeek: even simple xray would give you basic info, such as the number of balls in the bga, and possibly the routes of the test pads (it ain't a very crowded pcb)

asciilifeform: i am however accumulating a pile of c101pa boards

asciilifeform: swiftgeek: i do not currently have a 201

asciilifeform: you will get a (very limited, pretty much all you can do is to read version strings and gpio voltages) command prompt

a111: Logged on 2018-06-11 15:35 asciilifeform: http://www.loper-os.org/pub/c101pa/h1.jpg << observe, cr50 has buncha test pads. i bet half a dozen of these, are used for factory fillup.

|\n: apart from things unspeakable on freenode i love to bring up tor relays and i got a job as an admin of shitty place ☟︎

|\n: trinque, i'm just a dude that sometimes hears of phuctor and things that include links to the blog, i like what i see, cool pals discuss it, i'd like to track more of it, whatever it is

asciilifeform: |\n: as trinque points out -- you will get much more enthusiastic audience if you introduce yourself, and register a key, establish as person

|\n: what is the normal channel "flow", meaning how would i even ask a question if i got one

apt-get: the reason I keep using this nick is because it's quite handy to have personal info drowned out in a sea of noise when someone tries to look it up ☟︎

apt-get: >get yerself a proper nick

asciilifeform: and then get yerself a proper nick, and register gpg key with deedbot , and become a person

apt-get: I've been doing that a bit yesterday

asciilifeform: not unless BingoBoingo can find a c101pa in uy

asciilifeform: interestingly, a major puzzler was 'how to rng'. most folx used some trigonometric crapola; it ~worked..

asciilifeform: prolly there was a spicier ver. with bullocks, whole orchestra.

asciilifeform: nah , moar of a 'wumpus'

mircea_popescu: in the immortal words of barry fitzgerald, "let a good piece of machinery earn its fuel"

asciilifeform: ( btw another reason c101pa would be a spiffy orc lappy -- it's got no fans/ducts )

mircea_popescu: but eg why should i throw out http://btcbase.org/log/2018-01-31#1778739 ? even if it's used once in a month, you fixed it for me, it's going in the tmsr museum ☝︎

asciilifeform: ( often there'll be half a kg of dirt in the ductwork, but thing will still work, after a fashion )

mircea_popescu: PLUS a pile of various laptops.

mircea_popescu: you know it's like >pi per capita here ? i recently counted, it's a scandal.

asciilifeform realizes that he doesn't actually know anybody in meatspace, even elderly relatives, who does not own a desktop of ~some~ form

mircea_popescu: asciilifeform, well, "no computer, you can't play" is a disqualifier. "obedient, you've made it" is a qualifier.

mircea_popescu: it's how it worked in the 90s, right, you went to a new kid's house, had no computer could not be friends, evidently underclass only good to shine your shoes.

mircea_popescu: anyway. i'm starting to think i'll simply add a "owns desktop" disqualifier to the list.

mircea_popescu: bitch... a phone is a computer in the sense your slit's a cock.

mircea_popescu: none of the girls own a desktop, you realize this ?

asciilifeform: the calculators, bk0010 ( tiny little pdp clone ! ), etc. is a sunken atlantis. it was all forgotten almost immediately when imported pc was carted in in qty

mircea_popescu: this is the fundamental difference -- in the original soviet, the little soviets were expected to plug selves into machine. which, while in a deeply feminine sort of way, is nevertheless somehow satisfying.

asciilifeform: ( legendarily, soyuz actually carried mk-52, reportedly, on board, a sort of mk-61 with i/o connector, as backup to main comp )

asciilifeform: it is sorta hilarious how a good 50-60% of the popular (they were hand-copied, and machine had no nonvolatile memory, you had to throw in the proggy each time you flipped the power on ) gamez, were based on the very soviet-flavoured diff. eqn. models the factory manual suggested

mircea_popescu: truth of the marketplace is that a cent of power was always worth millions of beauty.

asciilifeform: orlol had a hilarious essay on subj

asciilifeform: ( and there were astonishing oddities of other kinds, for this humble machine, e.g. a 'tetris' where, lacking a graphical display, you had to instead pick a numeric column where the piece drops, and give another number representing rotation, and keep whole thing in yer head... )

mircea_popescu: this is like saying, "Here's our companion games to a pair of dice".

asciilifeform: here's a historical lul that mircea_popescu might find stimulating. asciilifeform ( and his brother, and a whole generation of folx ) grew up with a certain orc '100 bytes of ram, but hey it's fucking programmable' little box, http://www.alfredklomp.com/technology/mk-61 . and the Official b00k for it ( http://publ.lib.ru/ARCHIVES/G/GAYSHTUT_Aleksandr_Grigor'evich/_Gayshtut_A.G..html ) had various games (typically you had to draw on g ☟︎

mircea_popescu: (and for the gandalfs in the peanut gallery : streetwalking is ~hard~. short of infantryman during war, streetwalker has the hardest, most biodemanding job there is. which is why i respect them a lot more than i respect githikipedia contributors)

asciilifeform: 'he will be a very well trained bear but never a world-class dancer' or how did it go.

asciilifeform: the lulzy bit is that likely, a thousand or more unlocked units exist, in the hands of various derps

asciilifeform: i got various things. problem is that i do not currently have a popped unit where i can see the effect of $manipulation on rng (or any other part, aside from general 'it crashed')

mircea_popescu: you got a field generator ?

mircea_popescu: asciilifeform, how's the rng work ? maybe a bit of electric field can set out 1s ?

asciilifeform: mircea_popescu: a break of the rng would also do the job. ( admittedly , tall order , but listed for completeness. )

asciilifeform: idea being, it would be a substantial help to have even one unlocked box to experiment with.

mircea_popescu: this may take a lot of doing.

asciilifeform: but would prefer to find a purely softwaric pill (e.g. buffer overrun, or whatever means to get code exec)

asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing ☟︎☟︎☟︎

asciilifeform: does, dunnit. cuz its a flatbed. gets the chip markings, mostly, but the pcb itself is out of focus by mm or 2.

asciilifeform: for completeness, http://www.loper-os.org/pub/c101pa/mb_top.jpg + http://www.loper-os.org/pub/c101pa/mb_btm.jpg ( apologies for the sad photos, they came out of a flatbed, evidently not ideal tool for this job ) ☟︎

asciilifeform: http://www.loper-os.org/pub/c101pa/h1.jpg << observe, cr50 has buncha test pads. i bet half a dozen of these, are used for factory fillup. ☟︎

mircea_popescu: the atmosphere in the great stalin-less stalinism has changed lots. nowadays people actually say dumb shit like "what the government wants it called is the proper name for it" and other inanity like that. with a straight fucking face.

trinque: john k's crime here is bending over to the state after making a career upon ramming lulz through the censors. "3 decades struggle with mental illness" such as being heterosexual.