RSS
 
 

Archive for the ‘Hacking’ Category

Xyratex Autodesk branded RS-1200 5412E hard drives (using ANY supported drive)

07 Feb

Well we picked up a “few” Xyratex RS-1220-F4-5412E Autodesk systems a few years ago, you know the ones with the AD22 firmware that is locked.
Total cost was $40usd for 4 including a shed load of spare controllers & drive sleds
The controllers are generally marked:
RS-LRC-F4-5412E-1024-ADSK 08 Mar-31 (happy decade!!)
RS-LRC-F4-5402E-1024-ADSK 06 21 (almost a teenager)

Unfortunately no drives were included.

Had a quick look on the internet to see if we could find anything on “non Autodesk” drives, mostly just people saying that the devices were locked to drives with a special FW AD02 or AD03
Others were saying there was a magic firmware AD20 or something…….

Breakthrough
I had a few hours to throw at it the other day, since I was waiting for some new PCB’s to assist in a hack of the new Seagate F3 drives with locked down firmware.
We burnt some drives with a drive sig of XR36 & XR83 inserted them into the array but nothing was showing up , other than the drives were “unsupported”

I cannae change the laws of physics Captain
But it’s in here some place

Read the rest of this entry »

 

HP Servers with Non HP Disk Drives, Where is Temperature Sensor #29 on DL380?

05 Nov

I have a home built system consisting of several HP Proliant DL380 Gen7 & Gen8 servers.
Now normally when sitting idle these are solid servers with fairly low power consumption and in many cases Whisper quiet when under no load.

That was until a recent upgrade of a failed disk drive.
Actually the server went from one seagate drive to almost exactly the SAME model of Seagate drive with a slight difference in the part number.

From a ST2000LM007 to ST2000LM015, both are: 2.5″ SATA 6Gb/s 5400RPM, 128Mb ram.
This simple change has left the internal fans running at 90% of full speed and continual warnings of the drives over heating.

Temperature Sensor #29
It is believed that this is a “pseudo sensor”, take a bunch of system temperatures pass them though a formula or table matrix and arrive at some sort of “system Health” number.
Why think this?, because it is possible to “fool” this sensor in reporting different temperatures that are not related to anything temperature like in particular

There has also been a very interesting support note released by HP recently covering most of the HP production and EOL systems.
Notice/ ProLiant Gen7 Gen8 and Gen9 Servers – Fan Speed May Be Higher Than Expected If No Hard Drive Is Present In the System

I think what we are looking at is not actually a system problem ,but rather a iLO X problem, or more likely a design “feature” to lock down the hardware.
Why would anyone run a server without disk drives?, simple…. cloud implementation… throw in a few optical connectors to an optical switch and a fiber based NAS
and you have very cheap computing systems that can be easily configured from a central location ,no local disk drives needed.

Problem is, that this increase in fan speed “by design” as HP likes to put it , is potentially breaking the law of some countries related to Environmental impact of electronic equipment.
Those extra ramped up fans are adding 90-100W to the power consumption , which equates to over 2KWh a day. which adds up to several hundred KWh per year of power that is being “deliberately wasted” for no reason what so ever(parts NOT fitted in the server, as an option to SAVE power resources.).

 

Turning USB peripherals BadUSB (A confession……)

08 Aug

There is currently a ‘stink’ about this article:

Turning USB peripherals into BadUSB

These guys appear to have put a quite an amount of research into this subject and attack vector.
However I’m disappointed about how little research and citations of prior work they seem to have included, even if it is not based around USB devices it is still relevant.
Then there is the ‘case’ of the 3rd party publicly available code to reprogram the SAME USB device released BEFORE their presentation.

For Example:
On Hacking MicroSD Cards

Read the rest of this entry »

 

USB Storage devices – embedded Trojan analysis/implementation (USB Nand-Flash)

04 Aug

How we can build powerful analysis tools from Ebay crap….

There is lots of cool scrap available on Ebay, specifically items from video processing companies/telecom companies that sold their scrap to clowns who were supposed to ‘destroy it’ ( you know the ones, who advertise ‘secure destruction’ of equipment).
All you need is a JTAG pod, frequency generator (NE555), multi-tester and a little bit of time.

Background
Back In Jan I threw together a library for reading Nand-flash chips on the Arduino, part of the reason for this was to try to throw together a simple and highly cost-effective way to read Nand-flash chips.

Unfortunately it was a failure due to the read speeds…. BUT….
Read the rest of this entry »

 

Bit coin miner from Ebay scrap The Solar debateVIII)

13 Jul

It was not until the start of this year (2013) that there has been such a long run of exponential increases in the bitcoin difficulty.
Current difficulty is 26162876 with a PPS share rate of 0.00000092 BTC (actually it is lower once you consider fees etc)

After mining for a few years using various systems- CPU, GPU, FPGA.. The time has now come to reconsider the situation….
B.F.L have continually failed to deliver what they promised they were experts in…. Power consumption does not match,shipping does not match, quality does not match.
Back in January, they were saying delivery would be in Two months, they are still claiming that all back orders would be cleared before end of September 2013, personally I find this unlikely since they STILL have not shipped any of my orders, and for them to clear the backlog, they should at least have my orders in ‘production'(I’m in the top quarter of their estimated order book).
Plus the number of people who have had new ASIC kit only for it to fail abysmally is rapidly increasing..
I have decided to give them until the middle of August and then I’m pulling the plug on the orders.

Read the rest of this entry »

 

Bit coin miner From Ebay scrap (IV)

18 Jun

Overall the results from using the Ebay scrap were positive

The boards are a little long making programming via JTAG difficult, not to mention the 14 Pin IDC connector is not really suitable for a standard 14 pin IDC plug (a fact I discovered AFTER I returned from China with a bag full of parts).

20130618_122614















As we can see it is a little cramped by the JTAG connector (directly inline with a fan), yep I can say officially that even a 12 Volt fan is capable of doing serious damage to finger tips and finger nails.

Caveats

There were a number of issues with the FORA(For-a) video processing boards.

  • After digging about we find that the FPGA core voltage has been fixed at 0.97v
    This is a little low for proper mining
  • We had to strip out an additional component that supported the PCI bus as the part was running from the 3V3 supply.
    Failure to remove it would be driving the chip at 170% of its rating thereby forcing it to dump several hundred mA as heat…
  • Yep We had an Idea that there was something shitty about the power-supply setup…
    The Bellinix modules used are ‘programmable’ via an external sense resistor, problem was that when we replaced the sense resistor NOTHING happened to the supply voltage, in fact completely removing the sense resistor also had no effect.
    * UPDATE 29Th June 2013, we finally tracked this down to a defective Bellinix module…
    We can now adjust the core voltage for the FPGA via a system that reprograms the DC/DC PSU module.

     

    Further delay on the Ebay bitcoin miner (1 Hour……)

    13 Jun

    After finally getting the power supply of the existing miner back on line, we found that the FOR-A
    experimental cards had gone dead.
    In fact Two FOR-A cards had gone dead.
    Read the rest of this entry »