A student of mine was researching "vendor malware" [0] she decided to
order as many random, dodgy USB devices as could be found on the
internet to see what percentage of them were loaded with horrors.
We settled on a CRU Wiebetech write blocker and a minimal sandboxed
distro (that could reboot to a clean slate in a couple of seconds)
with little more than a kernel for which we could activate and
deactivate USB modules.
Conclusions:
USB is terrifying! :)
Buying USB things in the internet is even more scary!!
Rather a shame that page with the abstract has excessively large & linespaced body text which makes it hard to actually read on mobile... that the chat feature assumes you must be a student not anyone else... and the Contact Us is buried many levels deep in the nav... hence me giving up and telling you about the above here.
Fortunately, my USB controller is isolated into a dedicated, disposable, hardware-virtualized virtual machine (on Qubes OS), so I can insert any USB device without a fear to be owned.
Don’t have the time to dissect the linked PDF, but it has numerous issues including methods that are imprecise, misapplied or simply wrong. It needs a pretty extensive review by an expert.
The file signature listings shown on page 80 are most likely spurious (false matches). The first give away is why there would be over 2000 microcode artifacts, the next is that all of the inspected fields are bogus, including the size field (some in the GBs). In theory you could purposefully obfuscate that, but then why would you carry any tell of microcode at all. Much more likely this is just patterned data that happens to match that file magic. Anybody with experience with binwalk knows how common this is.
Same goes for the mcrypt(?) headers. Blowfish 448 CBC 8-bit happens to be all 0s. Another very common false positive (matches \x00m\x02). Also look at the offsets carefully. Seems more like a match confusion.
As for encrypted appearing data at all, not too surprising if someone is selling used drives and naively wiped them. But it isn’t clear that encrypted vs compressed data was identified.
There’s also a fundamental misunderstanding of what a write blocker is/does repeated.
"Results indicated the presence of firmware ... in the machine code of the unallocated spaces of the storage device.". Machine code of the unallocated spaces makes no sense.
In general: microcode attacks are sophisticated attacks. Anybody carrying these out is unlikely to leave such an obvious smoking gun. Not saying impossible, but it would give any serious researcher pause to scrutinize their work.
Also not saying you won’t get shitty crap from random sellers and should buy random junk, but I’d take this paper with a large grain of salt.
If I were paranoid, I might be concerned that the USB device would detect when it's plugged in to a small device like a Raspberry Pi and only launch its attack when it's plugged in to a more valuable target. Is there some way to mitigate that?
Against a very sophisticated attacker? Maybe not, but it doesn't matter for my purposes. My concern is the most likely kinds of attacks, which are not terribly sophisticated. It's really more of a sanity check than a comprehensive security audit.
No security can ever be 100% effective. Like all security measures, this is just one layer intended to cover attacks I am most likely to be exposed to.
In other words, if I'm protecting against governments and other well-funded entities or skilled and determined hackers, I wouldn't be using this alone. I'd be using it in conjunction with other security processes, such as not attaching unknown USB devices to my systems at all, or at least not to ones that matter or aren't permanently isolated from my other machines.
True, if I care. I use the R-Pi as a screening method, not really as the means to dig into something malicious and analyze it in detail. I have other tools for that.
My reasoning for using the R-Pi is that it's disposable, so if the USB device turns out to be an electrical USB-killer, it doesn't kill any hardware that really matters to me.
Kali is convenient in that it has security tools preinstalled (it's what I use in my pentesting gear), but this can be done with any distro.
Primarily what I'm looking for is if the capabilities of the device match what I expect them to be (does this flash drive -- or even just a random USB cable -- also represent itself as a user input device?), and to spy on the USB packets for things like keystroke replay, bitstreams that don't match what would be expected (virii installations, unusual behavior if the storage device thinks that it is being booted from, etc.)
If one buys it from a reputable source it should be safe. Besides, who says that the binary firmware blobs in the computer don't already contain suspicious code?
The first time I saw a PCB business card, I thought it was pretty cool. Then I saw a PCBA business card (with components!) and was amazed. But now I just see them as unnecessary e-waste for vanity. Business cards get read, scanned, and tossed. At least the impact of a piece of paper and ink is small compared to fiberglass resin, copper foil, ENIG, and solder mask. This example isn't even that great as a business card: the typography and contrast make the contact information poorly legible compared to the component silkscreen. Amazing PCB art (https://grandideastudio.com/portfolio/projects/the-worlds-th... is the best I've seen) makes creative use of the different contrast, translucency, and textures between exposed and masked copper, masked and unmasked bare FR4, and silkscreen layers. It's a very constrained graphic design problem that takes a good eye.
Guy: "I wrote a MIPS R3000 emulator from scratch, ran it on a microcontroller on a board I designed myself, and emulated a late-80s DEC workstation well enough to run not just Linux, but also DEC's own proprietary closed-source Unix on it (although I had to patch the Ultrix kernel's machine code, without source code or even symbols in the exec, to fix a bug). For fun."
You have to mention "e-waste" in order to establish that you are virtuous, not just a killjoy.
Note, however, that this does not work in threads about the Vision Pro goggles that people will chuck in the bottom of their closets (next to their Oculus and Google Glass) once the novelty wears off.
This site has some of the worst attitudes towards anything that's not just the same old apple garbage.
Bring something thats genuinely unique or something that really encompasses the spirit of what a hacker was when I was growing up you just get garbage responses like the parent.
The PCB business card is about 0.5% of what’s interesting about this. The artistry is what the business card is running, and that’s also the remaining 99.5% of the links content.
Many people make electronics as a hobby. It's probably a fairly high-impact hobby compared to knitting or reading, but I'd credit the author for at least thinking of a use case for their little microcontroller board. I also imagine they soldered all of the PCBs they got, instead of buying five, populating two, and leaving both in a drawer after bring-up which is so normal now that PCBs are so cheap.
Fact is I never take (or give) business cards. A "what's your name - is this you in LinkedIn?" is more than enough for me. We could chat about your fancy card but I'm definitely not planning to carry any around, from or to home.
I haven't met any techie so far not being in LI. Otherwise for the occasional driver or plumber I'd just get their number on the spot (if not already having it from their site). Worked fine for me for decades.
I deleted my LinkedIn account years ago, and I know a bunch of other devs who have done the same, or have just abandoned theirs and never use it anymore.
I'm not asserting that non-LI tech people are more than a minority, but there seem to be quite a few of them.
You could think of it as a résumé card. You show it to someone who needs someone who can do things like that, and (if they are clueful) they try interest you in their hiring opportunity (not try to neg you with Leetcode nonsense).
The impact of one of these is greater than a paper card, but in turn pales before basically any other electronic device; given that they're made in absolutely tiny quantities, I struggle to imagine that it matters.
I believe that, completely. Your projects are always a joy to read - your hardware is great, your emulation is great, but the way you document them is outstanding.
I think if somebody was talking to you, and saw your site, you'd get great offers regardless of the physical sample though.
So I guess he was first talking about a PCB with zero components that is dead weight... Not sure why it would be "pretty cool" seeing the thickness and that it serves no purpose.
> The first time I saw a PCB business card, I thought it was pretty cool. Then I saw a PCBA business card (with components!) and was amazed.
> I searched around for a cool system and settled on DECstation2100 (or its big brother - DECstation3100).
The DECstation 3100 was nice. It was very fast at the time it came out, and had the huge CRT with the GUI desktop, mouse, etc., a few years after the Mac. It also my first time seeing a Unix workstation, which was fantastic at the time, since I'd only ever touched Unix on BBSes and on random old underpowered timesharing boxes with old dumb terminals. (It was an internship, I was in charge of the porting lab for some very expensive software, and our first DECstation 3100, hostname `screamer`, was probably our fastest at that moment, so it doubled as my first workstation.)
Ultrix was a decent Unix, and DECwindows was nicer than the stock X11 found on many other Unix workstations. Not as consumer-products polished and friendly as the Mac, but obviously a more powerful OS, and more flexible distributed window system.
Another nice thing about Ultrix was that it could talk both TCP/IP and DECnet. I used this to rig up transparent access to our VAXstation 3100 VAX/VMS units remotely from people's Sun workstations in their cubes. (And without trying to get purchase authorization for something like Multinet for the VAXstations.)
(This gateway later evolved into a small part of the Common User Environment (CUE) that I developed as an over-enthusiastic intern's evenings&weekends project, which gave familiar and powerful UI, features, and accesses, no matter which workstation or porting system you were in front of. Which was before the Unix workstation vendors got together to make CDE, but got their lunch eaten by Windows NT on the engineering desktop, and eventually by Linux on the dotcom servers. And you tied an onion on your belt, which was the fashion of the day.)
This article of course demonstrates much more intimate familiarity with the DECstation 3100 than I ever needed to have, and is very impressive.
I love that era of Unix workstation computing. As a teen I'd buy copies of UnixWorld at the bookstore mainly just to gawk at the screenshots and photos of the workstations.
Looking back, isn't it kind of crazy that a) such a magazine existed b) it was on the magazine rack at random bookstores in the middle of nowhere?
And when I finally got a 486/50 that could run Linux, I spent hours tweaking my desktop env to try to make it more workstation-y (OpenLook or Motif-ish), purely on aesthetic grounds not for practical purposes :-)
I had used AIX and SunOS in high school but when I started college in 1993 our university had hundreds of DECstation 2100 and 3100 machines. There were a few DECstation 5000 machines that were faster. I thought they were great machines but over the next few years almost all of them were replaced with Sun SPARC or HP PA-RISC machines that had more software available for them.
I was a big fan of the Alpha workstation I had access to at UCSC's CS department in ~94. it was 64-bit and faster than anything else around. Didn't think much of CDE, as I was running FVWM at home and that did what I wanted.
The Unix workstation vendors seemed to often leapfrog each other. For example (not complete):
DECstation 3100 -> various later SPARCs -> RS/6000 -> HP 9000/7xx -> more SPARCs -> DEC Alpha
Yeah, I kept going back to Fwvm for a long time, after trying various things. The only thing that replace it long-term was Xmonad. (I tried i3wm, but went back to Xmonad, which seems a bit more opinionated in a good way for how I want to manage mostly transient windows on laptop.)
This is very cool. Brings backs memories and makes me feel very old. I can't believe what was once the fastest computer I'd ever used can now be emulated on a business card.
So, story. I worked in a small shop that wrote CAD software. DEC leant us one of the machines to port to Ultrix. We got the port done and the box sat around, occasionally used for debugging and new builds.
One day, my buddy and I were playing nerf football in the office. I missed a catch, and the ball hit a can of coca-cola sitting next to the nice $20k loaner DECstation, which poured directly into the case (from the side).
I reached down instinctively and yanked the power cord out of the wall (knowing that was probably not going to help much). When we opened the box, we found the most beautiful little circuit board, mounted an inch off the floor of the case. The bottom of the case was a perfectly flat piece of metal, with nothing touching it (the board was mounted to the sides). There was a pool of soda under the board, and nothing important, nothing electronic was touched. I sponged out the case, gingerly plugged it back in and it booted up.
This was the only thing we ever did in the office that we never told the boss about.
This looks hugely cool but I found it a bit inaccessible to fully understand the project goal and accomplishment.
It would nice to get a bit more of an overview of the finished article - photo of completed card, or a video or screenshots of what happens when you plug it in etc. Or perhaps somehow I missed all this!
Dude wrote a CPU emulator with all the fixin's to emulate a particular ancient computer. That emulator is compiled then flashed on a microcontroller and then uses that emulator to run linux and ultrix which target this particular emulated environment. Also seemingly includes exposing a serial console via USB to allow interacting with the system. It is all a bit inception-y, but no doubt a master work.
The images of the PCB have silk screen explaining what happens when you plug it in.
I'm with you, @urband311er, really would enjoy seeing a video of it booting and running... It'd be infinitely more satisfying to [nearly] experience what the finished product is like.
I sure hope that this Dmitry person, with the impressive engineering effort "business card", never walks into an interview to encounter... "Let's start by you going to the whiteboard, and doing this Leetcode problem. We want to see how you think." :)
Could have made a hole in the pcb the size of the chips, and flip them so they take up less vertical space which makes the card more flat. Not sure about the uSD card slot but a solution for that might also be possible.
The breakdown on how the MMU works is one of the clearest and most readable descriptions I've seen. Usually my eyes glaze over and I get lost in the details, but this is quite well written.
I usually dismiss this type of stuff as being cool but ultimately a massive waste of time. In this case however how can you argue with the results? He can hand this card to any potential employer and probably get any job he wants. Having a passion for something and finding a constructive outlet for it is quite an achievement.
It feels really backwards if the right way to run Linux on this microcontroller is by emulating something else. Was emulating an old system really the best/easiest way to do this, or is that part just for fun?
Ultrix would always involve an emulator one way or another, sure, but it sounds like Linux was the main point, and that runs natively on cortex-M, right?
No-mmu kernel sort of can, if you call that linux (no fork)… and If you have enough ram. This board doesn’t since ram isn’t memory mapped. This board would never run Linux natively.
Gameboy is a nice system to start working on emulation with. Very well documented. Many games use only a small fraction of capabilities making progress visible.
perfectly cool project and accomplishment, but title should be "my business card snags, snares, and ruins fabrics... but it's really cool in a 'it's been done before' sort of way"
I'm super impressed and think it's very professional. I actually used the DECStation so I'm going wow, that beast of electronics is on a business card.
I loved the story of decide what chips to use, build a card, now write an emulator of a long gone processor, now get Linux to work and hey, make Ultrix work too.
Great story, I liked the documentation of the step by step how to do it. It was nice that you had the details of the process including the good, the bad and the ugly. Lots of these stories are "bought CPU, Memory, a few caps; built a board, did some software; here is final product". I got a feel for the hours you spent and the dedication to seeing it through. As a former employer (retired) it would have caught my attention.
Congrats on a great project, hope it's been helpful to get you cool jobs. If you ever make it to the Philly area, let me know, I'd love to see it run.
Second thought: If I received this card, I would think twice about attaching a homemade USB device to anything. Who knows what it might do? [1]
Third thought: I should let people I know that this is becoming possible.
Fourth thought: Wait a minute, any USB device is potentially risky, not just homemade ones. Carry on!
.. 1. https://usbkill.com/