_______ __ _______ | |
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----. | |
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --| | |
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____| | |
on Gopher (inofficial) | |
Visit Hacker News on the Web | |
COMMENT PAGE FOR: | |
PiFex: JTAG Hacking with a Raspberry Pi | |
farmdve wrote 7 hours 29 min ago: | |
This is fine for devices that expose a true JTAG interface. But imagine | |
something like Hitachi's User Debug Interface that exposes only | |
boundary scan. The rest of the protocol is undocumented unless you have | |
specific NDA clearance. | |
In which case a methodology is needed to reverse engineer this | |
protocol, treating the device like a black box. | |
I really liked how a solution to this was found for x86 processors and | |
hidden instructions | |
[1]: https://github.com/xoreaxeaxeax/sandsifter | |
randomcarbloke wrote 4 hours 14 min ago: | |
the world needs more Christopher Domas talks, he is inspirational. | |
zoobab wrote 7 hours 58 min ago: | |
Go-JTAGenum is a rewrite in Go of JTAGenum, a rewrite of some arduino | |
scripts JtagFinder and Arduinull that Lekernel and I made years ago: | |
[1] Good to see an web interface to go-jtagenum via Jupyter Notebooks | |
:-) | |
[1]: https://github.com/cyphunk/JTAGenum | |
cushychicken wrote 1 day ago: | |
I'm always surprised how infrequently JTAG interfaces are disabled on | |
actual honest to god products that go into the field. | |
It's not at all hard to blow the JTAG enable fuse in most chips. And | |
you can give away a ton of info from your device if you don't do this. | |
That potentially includes really sensitive info - through backdoors | |
like this. People keep all kinds of stuff on their hard drives. | |
(Full disclosure: I'm the HW eng who reviewed this design. Hi Matt! | |
Reverse engineering is still magic.) | |
mdaniel wrote 23 hours 13 min ago: | |
Security is always a spectrum between defense and convenience, and my | |
life experience thus far is a lot closer to "manufactures hate me" | |
than it is "someone gonna break into my house, disassemble some | |
electronic, tap into jtag, exfiltrate all the things" so I would | |
much, much, much prefer if it were advertised as an option that folks | |
who do have considerable threat models could just push a safety pin | |
through the magic "blow jtag fuse" hole and the rest of us could | |
monkey with hardware we legitimately should own | |
londons_explore wrote 1 day ago: | |
I don't disable JTAG on field hardware because theres a good chance | |
I'll be expected to do failure analysis or bug-hunting on the | |
production hardware. JTAG is going to make that much easier. | |
And, lets be honest, your smart IoT coffee maker doesn't really have | |
any secrets that need protecting from you, despite whatever the | |
business team thinks. | |
Dowwie wrote 23 hours 3 min ago: | |
What aren't you capturing by sending coredumps from the device to | |
another machine? Why do you need physical access? | |
londons_explore wrote 22 hours 40 min ago: | |
Most embedded hardware has no easy way to send/restore core dumps | |
if JTAG is disabled. | |
And even if it did, a good chunk of debugging involves running | |
the system live in the target environment and looking at traces. | |
Eg. "the device doesn't work properly when on the customers wifi | |
network because their router responds to ARP requests too fast | |
and we miss the response packet because we're still busy | |
reconfiging the radio from TX mode into RX mode" | |
foldor wrote 23 hours 46 min ago: | |
Hard disagree. That "smart IoT coffee maker" stores your wifi | |
details, including the password so it can reconnect. I appreciate | |
the level of sophistication and effort required for someone to be | |
able to abuse that is beyond the realm of likelihood, it's not | |
unreasonable to believe that there may be higher value targets | |
(like journalists) who are being targeted where this is a | |
reasonable method for dedicated attackers to use to gain access to | |
a targets home network. Better to just secure these things by | |
default. | |
ronsor wrote 9 hours 59 min ago: | |
If your concern is attackers breaking into your home, opening | |
your coffee maker, and dumping credentials over JTAG, I think | |
your threat model might need serious revisions. | |
boznz wrote 15 hours 25 min ago: | |
Lots of vectors don't even require JTAG. Coffee maker type | |
devices are likely to be just a $1 a microcontroller with inbuilt | |
flash which you can fuse when programming to prevent reading but | |
is rarely done in small production runs. | |
flash for microcontrollers such as ESP, Rpi pico etc is usually | |
saved on an 8-pin flash chip which most people forget about and | |
is easy to unsolder and pop into a reader. bigger devices using | |
bootloaders sometimes store a whole FAT32 filesystem in one of | |
these, you can even unsolder most flash and re-mount it with a | |
little skill and suitable hardware. | |
I once read an AWS private key stored in plain text from an IOT | |
board once. Go figure! | |
numpad0 wrote 19 hours 24 min ago: | |
One of items often missing from discussions on security on the | |
Internet is that the first step of security is physical security. | |
Phrases like "once they have it it's over", "DRM is not security" | |
are not just mantras, it's reflecting that. | |
To secure a thing, you are supposed to literally secure the | |
thing, as in, placing the equipment away from walls, bolted down | |
to the floor, chassis locked and rigged for self destruction, | |
perimeters patrolled and monitored by armed guards. | |
Software security is additional parts that build on top of that | |
physical security. Hardware root of trust, Secure Boot, code | |
signing, all helps, but physical security has to come first. | |
If you're throwing out the coffee maker not securely | |
erased(military guys call it zeroizing - cool), or not | |
maintaining custody of it by either keeping it to yourself or | |
having dogs and your grandsons taking part watching it at all | |
times, then the coffee maker is technically not secure, by any of | |
those alone. | |
beeboobaa3 wrote 20 hours 27 min ago: | |
Yikes. You think people shouldn't be allowed to know their own | |
wifi credentials? | |
Or do you think that physical access does not mean you own the | |
device? | |
fullspectrumdev wrote 21 hours 3 min ago: | |
If someoneâs breaking into my house and disassembling my IoT | |
coffee machine to hook up some JTAG cables I have bigger problems | |
than someone getting my WiFi password - such as the fact the | |
pricks in my house. | |
londons_explore wrote 21 hours 52 min ago: | |
If your attack vector is bad guys with physical access to the | |
circuit board, disabling JTAG will only be a minor speedbump to | |
them. | |
The vast majority of microcontrollers aren't hardened against | |
physical attack - especially not anything with wifi capability. | |
"disable jtag" is intended to make it harder to make modchips | |
(ie. bypass the coffee subscription), but doesn't help against | |
someone willing to do a one-off glitching attack or similar to | |
dump secrets. | |
crispyambulance wrote 22 hours 56 min ago: | |
It really depends on the situation. For a mature, mass-produced | |
product going into sensitive places, sure, disable it before it | |
goes into the field. Same for very security-focused hardware. | |
But most of the "pizza-box-shaped" things I've worked on in | |
telecom have jtag enabled even when in the field. I've never | |
thought about it much, but to actually get to a jtag interface | |
requires a level of physical access that would be far-fetched | |
unless you're talking about "James-Bond-level" bad actors or | |
"inside-job" people who are already entrusted with an enormous | |
amount of privileges anyway. | |
JTAG is super useful for troubleshooting and in general, for | |
things that aren't throw aways and that can be repaired, | |
re-calibrated, or re-configured, it makes sense to keep it | |
available. | |
ProllyInfamous wrote 23 hours 19 min ago: | |
Just out of curiosity, what coffee-making function would possess | |
somebody enough to connect their coffeemaker to the internet? | |
My new water heater came with WiFi, and I just cannot understand | |
why my tank needs-do anything more than just heat water..? | |
Larrikin wrote 16 hours 2 min ago: | |
There is an entire operating system and a massive amount of | |
functionality in your home that can be unlocked when devices | |
have features like that. It's one of most active projects on | |
GitHub and there's a huge community that knows the value. | |
The only downside is companies trying to scoop up that data for | |
their own purposes and when companies disable perfectly working | |
products because they claim the servers are too expensive. The | |
Home Assistant community makes a big point of recommending | |
products that guard against issues like that. | |
[1]: https://www.home-assistant.io/ | |
margalabargala wrote 22 hours 50 min ago: | |
Adding to the other reasons listed here: | |
Some people have solar installations, but do not have 1-to-1 | |
net metering from their power company. For these people, having | |
a connected hot water heater allows them to use their own solar | |
power for heating water when they can, lowering their power | |
bill. | |
Essentially any high-consumption electrical device can | |
similarly benefit, especially ones that store energy such as | |
hot water heaters and electric car chargers. | |
sunshinesnacks wrote 22 hours 58 min ago: | |
For the coffee maker, maybe being able to set a schedule to | |
brew in the morning. | |
For a water heater, participating in a utility program where | |
they modify your temperature sweeping in exchange for a reduced | |
rate or similar incentive. | |
Those are the first reasons I can think of. | |
Dowwie wrote 23 hours 0 min ago: | |
What vendor and model water heater did you get? Useful smart | |
features are of the variety that the manufacturer would never | |
enable off the shelf, such as monitoring magnesium anode | |
deterioration so that it could notify a user when it is time to | |
replace the anode. It's against the interests of the | |
manufacturer because replacing the anode extends the life of | |
the heater. | |
ProllyInfamous wrote 13 hours 3 min ago: | |
It's a Rheem hybrid 50gal. | |
Lots of interesting suggestions/applications in response to | |
my initial comment. My local electric utility has a smart | |
grid, but offers me as a consumer none of the so-far-listed | |
reasons to connect to WiFi for electricity savings (e.g. no | |
time of use metering)... but it would be cool if the anode | |
deterioration could be monitored [I'll check the manual]. | |
OJFord wrote 23 hours 30 min ago: | |
You're worried about someone with physical access and time to | |
dump info from a JTAG header gaining the WiFi password? | |
y04nn wrote 14 hours 51 min ago: | |
A plausible scenario I can think of would be in an office | |
space, a shared smart coffee machine that would be stolen to | |
gain WIFI access. | |
theamk wrote 12 hours 44 min ago: | |
Surely the shared coffee machine would be on a guest network | |
with no access to internal resources? | |
Having separate "guest wifi" is a great idea and provides | |
much better security than trying to ensure none of your IoT | |
devices expose your password. | |
bongodongobob wrote 23 hours 13 min ago: | |
Target throws out coffee maker. Threat actor goes through | |
trash. They don't have to break into the building to get it. | |
OJFord wrote 19 hours 39 min ago: | |
And you propose what instead, that the target verifies their | |
coffee maker manufacturers disable the JTAG interface on | |
production units so that they can throw it away without | |
worrying about this? | |
Seems like the wrong solution to an already absurd/niche | |
threat model. | |
bongodongobob wrote 10 hours 20 min ago: | |
I'd propose not buying wifi coffee makers if you're worried | |
about security. | |
OJFord wrote 6 hours 9 min ago: | |
Yeah ok exactly? So why care about JTAG enabled? | |
bongodongobob wrote 3 hours 0 min ago: | |
I commented on the fact that you don't need to break in | |
to get the coffee maker. Stop trying to pick a fight. | |
beeboobaa3 wrote 20 hours 26 min ago: | |
People are allowed to throw out a piece of paper with their | |
wifi password written on it as well. | |
numpad0 wrote 21 hours 41 min ago: | |
That's why lots of companies crush perfectly good Surfaces | |
and 2242 SSDs when recycling. | |
yjftsjthsd-h wrote 11 hours 24 min ago: | |
The irony, of course, being that those can generally be | |
properly wiped to safely resell. Or, if it matters, the | |
thing should have been using full disk encryption so it's | |
irrelevant. | |
buildbot wrote 22 hours 50 min ago: | |
If someone is targeting you that precisely they are sorting | |
through your trash for a coffee maker, then I would posit you | |
are already in deep trouble and they'd likely do something | |
easier like wait for you to leave and insert physical access | |
into your network then... | |
tverbeure wrote 22 hours 25 min ago: | |
The $5 password circumvention device comes to mind. | |
[1]: https://xkcd.com/538/ | |
theoreticalmal wrote 21 hours 49 min ago: | |
Whoâs your wrench guy? Youâre wayyy overpaying | |
buildbot wrote 22 hours 22 min ago: | |
Exactly! Sniffing passwords out of coffee makers is hard | |
to scale. Lots of tech needed/knowledge. Wrenchs scale | |
linearly with people given wrenchs, and typically one | |
does not need training to apply brute force with wrench. | |
You may be able to save on labor even as other primates | |
can use the wrenchs better and with more force than | |
humans. | |
jon-wood wrote 2 hours 12 min ago: | |
Most offices are going to notice if someone abducts the | |
IT manager and beats the wifi password out of them. | |
They're probably not going to notice that someone took | |
away the trash they threw out. | |
MrBuddyCasino wrote 1 day ago: | |
A device that is a bit similar, but more advanced is the Glasgow | |
Interface Explorer: [1] It costs 145$ instead of 50$, and you can | |
interface with it via Python3 over USB. It is quite flexible due to a | |
reconfigurable FPGA and has some nice features such as automatically | |
detecting UART baud rates, JTAG pinouts, ESD / Under / and | |
Over-Voltage protection on the I/O pins and more. | |
[1]: https://www.crowdsupply.com/1bitsquared/glasgow | |
westurner wrote 1 day ago: | |
A $5 Pi Pico has two UARTS, but is not an FPGA; "Show HN: PicoVGA | |
Library â VGA/TV Display on Raspberry Pi Pico" [1] According to [2] | |
, | |
pico-uart-bridge turns a pico into 6 TTL UARTs; | |
[1]: https://news.ycombinator.com/item?id=35117847#35120403 | |
[2]: https://www.reddit.com/r/raspberrypipico/comments/1aut3l2/co... | |
[3]: https://github.com/Noltari/pico-uart-bridge | |
wrongbaud wrote 1 day ago: | |
The Glasgow is an awesome piece of kit, I have one and love it! I | |
wanted the PiFex to be a little more user friendly and targeted | |
towards beginners | |
<- back to front page |