log☇︎
253 entries in 0.805s
asciilifeform: re 'weeks of nonstop work', understand that the break must be mass-applicable, it is not useful to flip the bits with electron beam in ~one~ particular cr50
asciilifeform: into all currently available cr50 boards, but in particular the c101pa.
cnomad: how much are you offering for liberating a cr50? fyi, it'll be a _hard_ target
asciilifeform: so, for example, i am considering declaring a btc bounty for cr50 break. but it will only be available to folks in the wot, for the very obvious reason .
asciilifeform: are you interested in / familiar with cr50 in particular ? or heard of it for 1st time from the article
asciilifeform considers idea of proclaiming a 1 btc prize for a working break of cr50 . any l1 folk interested in contributing to the prize chest , and/or overseeing the refereeing ? ☟︎
asciilifeform: in other negative results, small ra-226 isotope capsule had no measurable effect on cr50 .
ave1: as an aside, I've been readin the google code for the cr50 but I also did not find any obvious holes so far
asciilifeform: meanwhile, in the cr50 swine pits, https://archive.li/fftWm
asciilifeform: in re cr50 -- if we find which fpga was the basis, it may be possible to craft pad-for-pad replacement for the fritz.
mircea_popescu: and who might you be, 12th loper_os_cr50 ?
deedbot: loper_os_cr50 voiced for 30 minutes.
mircea_popescu: !!up loper_os_cr50
asciilifeform: revisiting upstack -- currently asciilifeform has 0 useful leads whatsoever on cr50 ( finished archaeological dig through the published src, found no obvious hole , yet )
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: meanwhile, in the cr50 swine pits, https://archive.li/l2Env
asciilifeform: 1 battery charge can run cr50 for coupla wks, seems like
asciilifeform: for extra lulz, this box is ~off~ presently, while i talk to its cr50
asciilifeform: ( when same cmd send via slave spi -- cr50 uart spews forth 'CCD is disabled in this image' . yep, disabled until usg key signs 'upgrade', verily )
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/board/cr50/board.c#1453 << subj, ftr
asciilifeform: loper_os_cr50: lemme guess, clicked on link by accident ?
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: hammer objection was in re cr50, this massive toad that sits in the middle of the board b/w errything and damn near errything else
asciilifeform: not on cr50
asciilifeform: oda: you can start with today's , let's say from http://btcbase.org/log/2018-06-11#1822562 point, the last set of cr50 people ☝︎
oda: Hi, just got here after reading the cr50 article on loper-os
a111: Logged on 2018-06-11 19:57 asciilifeform: swiftgeek: given your introduction ( http://btcbase.org/log/2018-06-11#1822589 ) i assume you may be interested in verifying fact that cr50 is not a subfunctionality of the ordinary (i.e. kept in winbond spi ) bootrom or the EC controller ('nuvoton' arm , visible in right hand of photo ). this is very simple to do:
asciilifeform: cr50 however is 'glued with broken glass'
asciilifeform: ( this was possible because i purchased a unit having cr50.r0.0.10.w0.3.3 fw )
asciilifeform: i've established that cr50 ~will~ accept fw update if ver is incremented and rsa signature is valid. so anybody with google's rsa key and 10 seconds of physical access can insert new fw into cr50.
asciilifeform: but i will add, cr50 also hangs from same vreg's enable line and can switch it... back on
a111: Logged on 2018-06-11 19:57 asciilifeform: swiftgeek: given your introduction ( http://btcbase.org/log/2018-06-11#1822589 ) i assume you may be interested in verifying fact that cr50 is not a subfunctionality of the ordinary (i.e. kept in winbond spi ) bootrom or the EC controller ('nuvoton' arm , visible in right hand of photo ). this is very simple to do:
a111: Logged on 2018-06-08 17:15 asciilifeform: i was able to flash in the https://gsdview.appspot.com/chromeos-localmirror/distfiles/cr50.r0.0.10.w0.3.4.tbz2 image ; it supports a few moar commands, including 'rma open' returned-to-factory unlocker thing. but result was , unsurprisingly, 'with notes from hitler only' : http://www.loper-os.org/pub/c101pa/c101pa_unlock_nodice.txt
asciilifeform: according to amstan , the fella claiming to be a designer of c101pa , everything connected with cr50 is deeply trade secret, and shared with no one outside of google.
asciilifeform: i have a pretty good idea of the power sequencing, from reading the ec and cr50 srcs
asciilifeform: at any rate, my current approach will be to do some fuzzing of the cr50 console and slave spi interfaces
asciilifeform: loper_os_cr50: hello ?
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: because you are talking to cr50, which is active at all times, even when 'off'
asciilifeform: swiftgeek: given your introduction ( http://btcbase.org/log/2018-06-11#1822589 ) i assume you may be interested in verifying fact that cr50 is not a subfunctionality of the ordinary (i.e. kept in winbond spi ) bootrom or the EC controller ('nuvoton' arm , visible in right hand of photo ). this is very simple to do: ☝︎☟︎☟︎
asciilifeform: swiftgeek: to complete the picture, my initial interest in cr50 was in the debug functionality; the thing can override #WP signal and rewrite the EC and boot roms , via usb snake. so it'd be quite convenient to have access. however the factory firmware locks it.
asciilifeform: swiftgeek: i actually started with attempt to port generic coreboot to c101pa, and ended up finding the cr50 by accident
asciilifeform: what you'd want, is to solder an interposer b/w the cr50 and the pcb
asciilifeform: google's src already contains everything you need, in theory, to make a hypothetical benign replacement for cr50
asciilifeform: swiftgeek: see https://chromium.googlesource.com/chromiumos/platform/ec/+/master/board/cr50/gpio.inc ( what is known of the pin functions )
asciilifeform: swiftgeek: in re cr50, i am specifically interested in whatever factory test pads exist , with which the thing may be filled up with initial fw on manufacture
asciilifeform: ( the cr50 rom is ~not~ kept in the winbond spi rom where the boot loader ( google's crippled coreboot ) lives )
asciilifeform: cr50 will appear on /dev/ttyUSB0
asciilifeform: swiftgeek: if you want to talk to the cr50 in your unit, all you need is the simple cable in http://www.loper-os.org/?p=2415 article
a111: Logged on 2018-06-11 15:35 asciilifeform: http://www.loper-os.org/pub/c101pa/h1.jpg << observe, cr50 has buncha test pads. i bet half a dozen of these, are used for factory fillup.
asciilifeform: |\n: i noticed today that there is 0 discussion of cr50/h1 in ru net
asciilifeform: loper_os_cr50: hello ?
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: http://www.loper-os.org/pub/c101pa/h1.jpg << observe, cr50 has buncha test pads. i bet half a dozen of these, are used for factory fillup. ☟︎
deedbot: loper_os_cr50 voiced for 30 minutes.
mircea_popescu: !!up loper_os_cr50
asciilifeform: and this will work until they move the whole fw orchestra into cr50. which is on the planned 'feature' list already for next rev.
asciilifeform: another interesting tidbit : cr50 vendor fw will conveniently checksum the ec and ap(bootloader) fw. BUT not without goldenkey. wouldn't want terrorists testing for fw modification, see.
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: i can already picture, 'why complain, cr50 100% opensores!'
apt-get: (cr50 reversal, that is)
asciilifeform: the hilarious bit is that the published src has 100% of the lulz out in plain daylight. incl, e.g., the bootrom-writeprotect override function in cr50, the magic pubkeys, the bit that turns wireless on during idle, etc
a111: Logged on 2018-06-08 17:30 asciilifeform: phf: if you are able to build the usb snake -- lemme know which cr50 turd ver is in your box
asciilifeform: oh hey it's the good sir 'nobody has the cr50 key'
mircea_popescu: so who might you be loper_os_cr50
deedbot: loper_os_cr50 voiced for 30 minutes.
mircea_popescu: !!up loper_os_cr50
deedbot: loper_os_cr50__ voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50__
asciilifeform: loper_os_cr50_: you were searching via google for cr50 ?
loper_os_cr50_: You might receive more visit, Google now reference your last post on cr50 that's what made me arrive at first on your page. Then I spent the rest of the evening reading.
deedbot: loper_os_cr50_ voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50_
asciilifeform: you're the, what, 5th, 6th? loper_os_cr50 to log in today..
asciilifeform: loper_os_cr50_: i recommend to register with deedbot nao
deedbot: loper_os_cr50 voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50
asciilifeform: loper_os_cr50_: why would you want to buy expensive, power-wasting , hot-running chip from the foremost nsa bug factory, if you don't have to ?
mircea_popescu: loper_os_cr50, why do you think that ?!
asciilifeform: loper_os_cr50_: what's your native lang?
mircea_popescu: loper_os_cr50 the logs are your best bet.
asciilifeform: loper_os_cr50_: ok, enjoy
asciilifeform: loper_os_cr50_: more specifically? are you working with the iron from cr50 article?
asciilifeform: loper_os_cr50_: hello?
deedbot: loper_os_cr50_ voiced for 30 minutes.
asciilifeform: !!up loper_os_cr50_
deedbot: loper_os_cr50 voiced for 30 minutes.
mircea_popescu: !!up loper_os_cr50
deedbot: loper_os_cr50 voiced for 30 minutes.
mircea_popescu: !!up loper_os_cr50
a111: Logged on 2018-06-09 22:26 loper_os_cr50: Mircea_popescu: I establish identity temporarily and then move on. But I don’t see how anonymity necessitates solitude