502400+ entries in 0.31s
ascii_field: mircea_popescu:
thread was originally about my dislike for qr and gedankenexperiment involving a more reasonable means of encoding machine-readable bits on paper.
Chillum: I was
thinking
the same
thing
Chillum: I am sure
there is a master key out
there
ascii_field: Chillum: it exists solely
to 'secure'
the system against -you-,
the owner.
Chillum: what problem does a hammer solve?
This is a general purpose
tool for sending a
text payload as a keyboard and erasing itself
Chillum: the alternative is no password, no need
to even steal it
Chillum: all passwords can be stolen if you use
them, we still use
them
Chillum: of what
the payload was, or
that you had it
Chillum: it could also be used
to send a payload
to a system and remove evidence
Chillum: TPM monitored OS, and physical security. You don't want your cold wallet
to have its keys in plaintext
Chillum: the idea is
that you load
the key with a password in secure location A,
then you got
to insecure location B, use it
to start a computer and it erases itself
Chillum: eeprom erasure is not perfect but it is better
than most mediums
Chillum: I want
to make a digispark
that when plugged in
to usb sends a very long password from
the eeprom,
then erases it several
times
ascii_field: Chillum: i
thought it was obvious
that
this is not a commercially-available device.
Chillum: I was
thinking something like a Digispark, probably cost about
the same as
the parallel/ps2 cable
ascii_field: Chillum: you don't even need a microcontroller. can bitbang ps/2
trivially with parallel port of another machine nearby.
Chillum: if you do use
the keyboard port create a ps/2 fuzzer with
the arduino ps/2 library. Send it all kinds of random stuff, see if you can cause unexpected behavior.
assbot: The
Tinkertoy computer and other machinations : Dewdney, A. K : Free Download & Streaming : Internet Archive ... (
http://bit.ly/19zm2T8 )
ascii_field: Chillum: i'm surprised
that you have not suggested reconstructing
the baud clock using analogue means
Chillum: at
the very least I would want a filter
to remove any non-printable keystrokes
nubbins`: mildly on-topic, my old man is into woodworking and occasionally sends me links
to wooden computers
Chillum: I am not confident I could find every single
thing
that reads
the keyboard. I am confident I can secure rs232
ascii_field: if you play gramophone into a root shell, you deserve
to be owned.
ascii_field: Chillum: if your box can be rebooted or otherwise interestingly reconfigured without root pw, you deserve
to be owned.
Chillum: or you could use RS232 with a little microcontroller
to read
the upc
Chillum: and find everywhere else modern OS's access
the keyboard
ascii_field: Chillum: again, if i can sit down at your keyboard and immediately reboot, your box is misconfigured and you deserve
to be owned.
Chillum: I suppose you could put a bios password in, and disable all kernal
triggers
ascii_field: Chillum: if your keyboard is 'ultimate authority' at all
times, your system is misconfigured and you deserve
to be owned.
Chillum: the keyboard port is basically
the ultimate authority
Chillum: Well if I build something like
this I won't hook
the user input up
to
the port
that controls
the bios
ascii_field: IRRELEVANT
to discussion of barcode machine.
Chillum: sorry, but a guy at
the computer being hostile is certainly part of real word computer security
ascii_field: hostile user picks up
the machine and
takes it home.
ascii_field: Chillum: why on earth would you spin
the gramophone attached
to a computer with no os loaded ?
Chillum: at least you need an OS present before
the rs232 is read, keyboards are read before
the OS is loaded
ascii_field: Chillum: read
the specificity principle discussion linked earlier
Chillum: what about
the bios? if
the device is reset can you send keystrokes
to
the bios?
Chillum: you are using
the ps/2 driver for your code
ascii_field: i mentioned ps/2 kbd for specifically
that reason
Chillum: I would use an arduino nano or something
to decode and
tx
the data
ascii_field: it cannot behave as anything other
than a keyboard. no matter how much it wants
to.
Chillum: it went from fixed length only
to variable length.
The software was a fool
to
trust it
though
Chillum: so it shares some of
the fault
Chillum: the gizmo allowed special codes from
the public manual
to
turn on features
that were supposed
to be off
ascii_field: Chillum:
that isn't
the fault of
the barcode gizmo, now, is it.
ascii_field: and 2)
there is no 'picture in picture' idiocy possible
Chillum: example of a reader being
too smart
ascii_field: that way 1) reader is analogue, as
the gods intended
Chillum: he shows how
to
turn on multi-code qrs,
then mysql inject a computer attached
to
the reader
ascii_field: the correct way
to do 2-dimensional barcodes would be 1)
traditional barcode laser pen, combined with 2) something like a small gramophone
Chillum: qr is meant
to be dense, not simple
Chillum: yes, you can see
that each number is
the same pattern of lines
ascii_field: a
traditional barcode can be decoded with your eyes, and some patience,
to verify.
try
this with qr.
Chillum: so if it is set
to UPC only you can still activate QR and inject long strings, which a lot of software does not expect
Chillum: a lot of readers can have
their mode changed
to accept other
types of codes by giving it a special UPC
Chillum saves
the url for later, I don't load pdfs on
this computer
Chillum: not
through
the wire at least
Chillum: charge one battery, use another.
Then switch. No signals should get out
then
Chillum: they don't like
to be deeply drained
though
Chillum: if you only discharge a vehicle battry 20% before charging it
they last a good amount of
time
ascii_field: afaik
they use
traditional lead-acid batteries.
Chillum: yes, but at least some of
them you can plug into utilities while parked
Chillum: I am
thinking
the power systems for RVs,
they run a lot and I
think
they can be charged from
the mains
ascii_field: you will have
to actually understand
the physics. and build it
Chillum: surely
there must be something
that can either clean
the signal or noise it up so much you can't see anything else
ascii_field: tend
to lose half or so capacity after five or six.
Chillum: of course
there is
the act of making all adapters a bit noisy by poor design so it can be picked up on radio
ascii_field: Chillum: how does
that work if it isn't already boobytrapped
Chillum: buy hardware first, become
target of major government second
ascii_field: that is,
that 1) yields something useful 2) in a situation
that is actually likely
to play out 3) isn't embarrassingly obvious
ascii_field: and ask yourself
the question, when contemplating whether a piece of hardware could have been boobytrapped - what would you, in
the place of
the enemy, place as
the payload ?
assbot: Logged on 06-03-2015 23:41:18; asciilifeform: it is absolutely essential,
to understand what is being spoken of here,
to go back
to
the
thread about
the specificity of hardware-diddling.
Chillum: I
think you would want some level of error correction built in
Chillum: that usb2ps2 converter is surely NSA
tampered
ascii_field: i'll go further, and say
that one could straight encode ps/2 clock and data signals as barcode.
Chillum: that paper is easy
to mangle