RSS
 
 

Archive for the ‘Reverse Engineering’ Category

Allwinner (SUNXI) A20 getting two CPU up

30 Dec

In my real work, I need a pre-boxed computer at a throwaway price, something I can walk into a server-room covertly stick inside a server cabinet, power-up and then use as a secured ‘base’ from where I can find out ‘what the hell is going on’ (all with the approval of ‘upper management’)

I have been playing about with the various versions of the TV box ‘construct’, what I need is a cheap secure (relatively speaking)
throwaway computer that contains in-bulit WIFI/Ethernet/Bluetooth USB and in a nice sealed case I can fill with epoxy……

Currently I use two units
840A (A20 – dualcore) & 809 III (3188-quadcore)

Enter the 840A TV box

Looking about on the internet you will see the A20 being hacked all over the place ( even at wrt), however when you look a little bit closer you will see that in many of the Kernel startup logs that ONLY ONE CPU is actually enabled and active.

Indeed if you use the ‘released’ SUN-XI code… guess what…. yep only one CPU comes up or you have to start using their ‘closed binary blobs’ for the functionality.(Having worked with some Chinese software developers… I would NEVER allow any Chinese built closed source on my network).

What happened

The Result
Whilst this is still a work in progress we have gotten this far.

[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 3.19.0-rc1-00011-g53262d1-dirty (bob@my-virtual-machine) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #14 SMP Sat Dec 27 13:53:26 HKT 2014
..........
[ 0.000000] CPU: ARMv7 Processor [410fc074] revision 4 (ARMv7), cr=10c5387d
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] Machine model: I12 / Q5 / QT840A A20 tvbox
...........
......
[ 0.001489] CPU: Testing write buffer coherency: ok
[ 0.001836] CPU0: update cpu_capacity 1024
[ 0.001853] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.001928] Setting up static identity map for 0x403d4b80 - 0x403d4bd8
[ 0.003335] CPU1: update cpu_capacity 1024
[ 0.003341] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001
[ 0.003428] Brought up 2 CPUs
[ 0.003449] CPU: All CPU(s) started in HYP mode.
[ 0.003455] CPU: Virtualization extensions available.

 

Turning USB peripherals BadUSB (A confession……)

08 Aug

There is currently a ‘stink’ about this article:

Turning USB peripherals into BadUSB

These guys appear to have put a quite an amount of research into this subject and attack vector.
However I’m disappointed about how little research and citations of prior work they seem to have included, even if it is not based around USB devices it is still relevant.
Then there is the ‘case’ of the 3rd party publicly available code to reprogram the SAME USB device released BEFORE their presentation.

For Example:
On Hacking MicroSD Cards

Read the rest of this entry »

 

USB Storage devices – embedded Trojan analysis/implementation (USB Nand-Flash)

04 Aug

How we can build powerful analysis tools from Ebay crap….

There is lots of cool scrap available on Ebay, specifically items from video processing companies/telecom companies that sold their scrap to clowns who were supposed to ‘destroy it’ ( you know the ones, who advertise ‘secure destruction’ of equipment).
All you need is a JTAG pod, frequency generator (NE555), multi-tester and a little bit of time.

Background
Back In Jan I threw together a library for reading Nand-flash chips on the Arduino, part of the reason for this was to try to throw together a simple and highly cost-effective way to read Nand-flash chips.

Unfortunately it was a failure due to the read speeds…. BUT….
Read the rest of this entry »

 

USB miners and the Dipo Electronic 19 port 20A USB Hub

20 Nov

This is a 19 port hub with an integral power supply that is capable of reliably supplying MORE than 700mA per port without overheating or becoming a fire hazard.

Dipo  hub , with engineering modifications for reliability

Dipo hub , with engineering modifications for reliability

Some of the Basic specifications:

– Fully 480mb/s at each port
– 16 Front facing Standard A USB ports
– 3 Side facing Standard A
– 1 Master hub connection Standard B for connection to Computing Equipment or other hubs
– Fully fused internally via multiple poly-fuse resettable fuses both on each individual port and on the main power feed to the Ports.
– UK/European standard 3 pin power plug
– Hub runs COOL

Unlike cheaper USB ports that only implement links at USB 1.0 standard (12mb/s speeds but state they are ‘compatible’ with USB 2.0) this is a professional FULL 480 Mb/s port that complies and implements the full 2.0 USB standard. It may also be used to connect to generic USB 1.0 equipment.

The good thing about these hubs is that you can load them up with 19 Bi-Fury miners (around 76 gh/s) and the miners would STILL run as intended.

The supplier is a Chinese company we have been working with, each hub we sell is inspected both at the electrical and electronic levels to ensure the correct functionality of the product.

It can be purchased here:
Razorfishsolutions.com.hk

 
Comments Off on USB miners and the Dipo Electronic 19 port 20A USB Hub

Posted in Android, Arduino, BITCOIN, forensics, FPGA, Linux, PCB Design, Reverse Engineering

 

Bit coin miner from Ebay scrap The Solar debateVIII)

13 Jul

It was not until the start of this year (2013) that there has been such a long run of exponential increases in the bitcoin difficulty.
Current difficulty is 26162876 with a PPS share rate of 0.00000092 BTC (actually it is lower once you consider fees etc)

After mining for a few years using various systems- CPU, GPU, FPGA.. The time has now come to reconsider the situation….
B.F.L have continually failed to deliver what they promised they were experts in…. Power consumption does not match,shipping does not match, quality does not match.
Back in January, they were saying delivery would be in Two months, they are still claiming that all back orders would be cleared before end of September 2013, personally I find this unlikely since they STILL have not shipped any of my orders, and for them to clear the backlog, they should at least have my orders in ‘production'(I’m in the top quarter of their estimated order book).
Plus the number of people who have had new ASIC kit only for it to fail abysmally is rapidly increasing..
I have decided to give them until the middle of August and then I’m pulling the plug on the orders.

Read the rest of this entry »

 

Bit coin miner from Ebay scrap (VI)

30 Jun

One major issue with generating bitcoins is getting rid of the heat from the crypto hashing engines. This is partially due to poor design of many of the crypto engines, or the incessant need of miners to over-clock the rigs until the errors are in double figures….
However many Bitcoin miners do not take into account the ambient temperature when designing their cooling solutions( and some cooling solutions are just CRAP… blue flashing lights anyone?, radioactive coolant?…. but ..but. is green and it glows in the dark…yep… chicks just dig flashy lights and green coolant.)
Read the rest of this entry »