Pictures from inside the German intelligence agency BND
> The German foreign intelligence service Bundesnachrichtendienst (BND) is moving to a brand new headquarters in Berlin. Here we show some unique pictures from inside the former headquarters in the village of Pullach and also give an impression of what the new building looks like.
> Wheelhouse is a newsletter for makers that covers new materials, techniques, and tools.
(You can read on the web without subscribing.)
ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner
> We exhaustively tested ZFS and RAID performance on our Storage Hot Rod server.
Extracting ROM constants from the 8087 math coprocessor's die
> I opened up an 8087 chip and took photos with a microscope. The photo below shows the chip’s tiny silicon die. Around the edges of the chip, tiny bond wires connect the chip to the 40 external pins. The labels show the main functional blocks, based on my reverse engineering. By examining the chip closely, various constants can be read out of the chip’s ROM, numbers such as pi that the chip uses in its calculations.
A Codebreaker's Dream: The Bombe!
> What is this, sporting dozens of colorful knobs, almost like a “turn-the-knob” toddler’s game at a playground in a nearest mall? This the awesome British Bombe electro-mechanical codebreaking machine which only had one purpose: to determine the rotor settings on the German cipher machine “ENIGMA” during WW2.
OpenBSD on the Microsoft Surface Go 2
> I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter. Microsoft has switched to Intel WiFi chips on their recent Surface devices, making the Surface Go 2 slightly more compatible with OpenBSD.
DVD+R and DVD-R; What was that about?
A format war within a format...
GPU architecture resources
> I am often get asked in DMs about how GPUs work. There is a lot of information on GPU architectures online, one can start with these:
Tiny transformer inside: Decapping an isolated power transfer chip
> I saw an ad for a tiny chip that provides 5 volts of isolated power: You feed 5 volts in one side, and get 5 volts out the other side. What makes this remarkable is that the two sides can have up to 5000 volts between them. This chip contains a DC-DC converter and a tiny isolation transformer so there’s no direct electrical connection from one side to the other. I was amazed that they could fit all this into a package smaller than your fingernail, so I decided to take a look inside.
Hacking together a USB-C charger for a cheap Chromebook
> Only one thing won’t charge with USB-C, my awfully cheap ($190 for 4GB of RAM) Samsung Chromebook 3, a machine I use when I want the extra security of the Chrome OS platform. Instead, this laptop charges from an old-school 12V barrel connector, forcing me to carry around an extra brick.
> What we need is called a “USB-C PD trigger”, a little board that negotiates a specific PD voltage with a charger. There are a few variants, including ones with a button to select the voltage, but the most common one is a tiny board with a female USB-C connector called ZYPDS.
Touch And Go
> Pondering the disastrous fate of the HP TouchPad, an early tablet based on WebOS that’s best known for being the subject of a well-remembered fire sale.
TRRespass: Exploiting the Many Sides of Target Row Refresh
> Well, after two years of rigorous research, looking inside what is implemented inside CPUs and DDR4 chips using novel reverse engineering techniques, we can tell you that we do not live in a Rowhammer-free world. And we will not for the better part of this decade. Turns out while the old hammering techniques no longer work, once we understand the exact nature of these mitigations inside modern DDR4 chips, using new hammering patterns it is trivial to again trigger plenty of new bit flips. Yet again, these results show the perils of lack of transparency and security-by-obscurity. This is especially problematic since unlike software vulnerabilities, we cannot fix these hardware bit flips post-production.
A Quick Tour of the HP-9000 712/100 NEXTSTEP Workstation
> While my first NEXTSTEP system was a high-end 486 66MHz PC that I purchased from a NEXTSTEP for Intel fabricator called eCesys out of Alaska, I currently own two qualifying systems: a NeXTstation Turbo Color setup and an HP-9000 712/100 PA-RISC system. I went with the rather more unique (and powerful!) HP “Gecko” for this competition, and decided to put together a little video tour of the system.
The universe's biggest gear reduction
> Today at 14:52 I will be exactly 1 billion seconds old. To celebrate I build this machine that visualizes the number googol. That’s a 1 with a hundred zeros. A number that’s bigger than the atoms in the known universe. This machine has a gear reduction of 1 to 10 a hundred times. In order to get the last gear to turn once you’ll need to spin the first one a google amount around. Or better said you’ll need more energy than the entire known universe has to do that. That boggles my mind.
Avoiding gaps in IOMMU protection at boot
> But setting things up in the OS isn’t sufficient. If an attacker is able to trigger arbitrary DMA before the OS has started then they can tamper with the system firmware or your bootloader and modify the kernel before it even starts running. So ideally you want your firmware to set up the IOMMU before it even enables any external devices, and newer firmware should actually do this automatically. It sounds like the problem is solved.
A Deep Dive Into Samsung's TrustZone
> After a general introduction on the ARM TrustZone and a focus on Qualcomm’s implementation, this new series of articles will discuss and detail the implementation developed by Samsung and Trustonic.
> These blog posts are a follow up to the conference Breaking Samsung’s ARM TrustZone that was given at BlackHat USA this summer. While an event such as this one is a great opportunity to present a subject we have been working on, many details have to be overlooked to fit the 50-minute format. This blog post, and the following ones, will explain all the details that were missing from the presentation as well as release the different tools mentioned in the talk and developed along the way.
EASYCHAIR - CIA covert listening devices
> EASYCHAIR – also written as Easy Chair or EC – was the codename of a super secret research project, initiated by the US Central Intelligence Agency (CIA), aiming to develop covert listening devices (bugs) based on the principle of the Resonant Cavity Microphone – also known as The Great Seal Bug or The Thing – that had been found in 1952 in the study of the US ambassador’s residency in Moscow, hidden in a donated wooden carving of the Great Seal of the United States.
> Upon discovery of The Thing, many US agencies – including the CIA – investigated the possibility of using the new – hitherto unknown – technology to its own advantage. The secret research took place in the Netherlands at the Dutch Radar Laboratory (NRP) in Noordwijk.
A brief history of liquid computers
> A substrate does not have to be solid to compute. It is possible to make a computer purely from a liquid. I demonstrate this using a variety of experimental prototypes where a liquid carries signals, actuates mechanical computing devices and hosts chemical reactions. We show hydraulic mathematical machines that compute functions based on mass transfer analogies. I discuss several prototypes of computing devices that employ fluid flows and jets. They are fluid mappers, where the fluid flow explores a geometrically constrained space to find an optimal way around, e.g. the shortest path in a maze, and fluid logic devices where fluid jet streams interact at the junctions of inlets and results of the computation are represented by fluid jets at selected outlets. Fluid mappers and fluidic logic devices compute continuously valued functions albeit discretized. There is also an opportunity to do discrete operation directly by representing information by droplets and liquid marbles (droplets coated by hydrophobic powder). There, computation is implemented at the sites, in time and space, where droplets collide one with another. The liquid computers mentioned above use liquid as signal carrier or actuator: the exact nature of the liquid is not that important. What is inside the liquid becomes crucial when reaction–diffusion liquid-phase computing devices come into play: there, the liquid hosts families of chemical species that interact with each other in a massive-parallel fashion. I shall illustrate a range of computational tasks, including computational geometry, implementable by excitation wave fronts in nonlinear active chemical medium. The overview will enable scientists and engineers to understand how vast is the variety of liquid computers and will inspire them to design their own experimental laboratory prototypes.
A new cycle-stepped 6502 CPU emulator
> I wrote a new version of my 6502/6510 emulator in the last weeks which can be stepped forward in clock cycles instead of full instructions.
Sculpt OS on HP EliteBook 840 G5
> Unfortunately, the first boot of a recent Sculpt OS USB flash drive just hanged after GRUB showing the GENODE boot logo. So, it was time to get my hands dirty and debug the boot process. From a debuggers point of view, the used i5-8350U CPU luckily comes with Intel vPRO support, which means enabling AMT Serial-Over-LAN is just a matter of some configuration tweaks. Additionally, I adapted the Sculpt configuration to use the core LOG service, which reflects all messages on the first UART - in our case (and thanks to bender) AMT SOL.