The day when starting a receiver fixed the transmitter
> Have you ever tried to do something, but had it fail and weren’t really sure why? Did you then try to fall back to doing something you could actually measure in order to then get a handle on the problem? I had something like this happen quite a while back with some software defined radio stuff. Here’s how it went.
TPM—Fail TPM meets Timing and Lattice Attacks
> We discovered timing leakage on Intel firmware-based TPM (fTPM) as well as in STMicroelectronics’ TPM chip. Both exhibit secret-dependent execution times during cryptographic signature generation. While the key should remain safely inside the TPM hardware, we show how this information allows an attacker to recover 256-bit private keys from digital signature schemes based on elliptic curves.
> This research shows that even rigorous testing as required by Common Criteria certification is not flawless and may miss attacks that have explicitly been checked for. The STMicroelectronics TPM chip is Common Criteria certified at EAL4+ for the TPM protection profiles and FIPS 140-2 certified at level 2, while the Intel TPM is certified according to FIPS 140-2. However, the certification has failed to protect the product against an attack that is considered by the protection profile.
Project Silica proof of concept stores Warner Bros. ‘Superman’ movie on quartz glass
> It was the first proof of concept test for Project Silica, a Microsoft Research project that uses recent discoveries in ultrafast laser optics and artificial intelligence to store data in quartz glass. A laser encodes data in glass by creating layers of three-dimensional nanoscale gratings and deformations at various depths and angles. Machine learning algorithms read the data back by decoding images and patterns that are created as polarized light shines through the glass.
OpenTitan - open sourcing transparent, trustworthy, and secure silicon
> Today, along with our partners, we are excited to announce OpenTitan - the first open source silicon root of trust (RoT) project. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and more. Open sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure.
U2F support in OpenSSH
> As part two (see previous attempt) of my ongoing series in ‘computational necromancy,’ I’ve spent the last year and a half or so constructing my own 1/10-scale, binary-compatible, cycle-accurate Cray-1. This project falls purely into the “because I can!” category – I was poking around the internet one day looking for a Cray emulator and came up dry, so I decided to do something about it. Luckily, the Cray-1 hardware reference manual turned out to be useful enough that implementing most of this was pretty straightforward. The Cray-1 is one of those iconic machines that just makes you say “Now that‘s a super computer!” Sure, your iPhone is 10X faster, and it’s completely useless to own one, but admit it . . you really want one, don’t you?
How a months-old AMD microcode bug destroyed my weekend
> Unfortunately, unpatched Ryzen 3000 says “yes” to the CPUID 01H call, sets the carry bit indicating it has successfully created the most artisanal, organic high-quality random number possible... and gives you a 0xFFFFFFFF for the “random” number, every single time.
> Unfortunately, after successfully applying the update and rebooting again, I realized my error—yes, Asus showed a later date for the BIOS, but the actual version was the same as the one I already had—3.2.0. My CPU still thought 0xFFFFFFFF was the randomest number ever, always, no matter what.
> At this point, I began to get paranoid—systemd had already quietly worked around the bug. But with most applications just quietly ignoring the problem, how would I know if it ever had been patched? What if two years later, I was still vulnerable to stack-smashing that I shouldn’t have been, due to ASLR that wasn’t actually randomizing?
Another entry for the bad workarounds file.
DB-19: Resurrecting an Obsolete Connector
> This is a happy story about the power of global communication and manufacturing resources in today’s world. If you’ve been reading this blog for any length of time, then you’ve certainly heard me whine and moan about how impossible it is to find the obscure DB-19 disk connector used on vintage Macintosh and Apple II computers (and some NeXT and Atari computers too). Nobody has made these connectors for decades.
How "special register groups" invaded computer dictionaries for decades
> Half a century ago, the puzzling phrase “special register groups” started showing up in definitions of “CPU”, and it is still there. In this blog post, I uncover how special register groups went from an obscure feature in the Honeywell 800 mainframe to appearing in the Washington Post.
A visit to the Large Scale Systems Museum
> I didn’t expect to find two floors filled with vintage computers in a sleepy town outside Pittsburgh. But that’s the location of the Large Scale System Museum, housed in an abandoned department store. The ground floor of this private collection concentrates on mainframes and minicomputers from the 1970s to 1990s featuring IBM, Cray, and DEC systems, along with less common computers. Amazingly, most of these vintage systems are working. Upstairs, the museum is filled with vintage home computers from the pre-PC era.
The PDP-7 Where Unix Began
> In preparation for a talk on Seventh Edition Unix this fall, I stumbled upon a service list from DEC for all known PDP-7 machines. From that list, and other sources, I believe that PDP-7 serial number 34 was the original Unix machine.
How did MS-DOS decide that two seconds was the amount of time to keep the floppy disk cache valid?
Reverse-engineering precision op amps from a 1969 analog computer
> We are restoring a vintage1 computer that CuriousMarc recently obtained. Analog computers were formerly popular for fast scientific computation, but pretty much died out in the 1970s. They are interesting, though, as a completely different computing paradigm from digital computers. In this blog post, I’m going to focus on the op amps used in Marc’s analog computer, a Simulators Inc. model 240.
> An analog computer performs computations using physical, continuously changeable values such as voltages. This is in contrast to a digital computer that uses discrete binary values. Analog computers have a long history including gear mechanisms, slide rules, wheel-and-disk integrators, tide computers, and mechanical gun targeting systems. The “classic” analog computers of the 1950s and 1960s, however, used op amps and integrators to solve differential equations. They were typically programmed by plugging cables into a patch panel, yielding a spaghetti-like tangle of wires.
Plus some good references to more about analog computers.
Ken Thompson did some of his early programming on an early analog computer, although I’m unsure of which model.
> Nearly all retro game systems generate colors in some variant of RGB encoding. But the raw pixel colors are often designed for very different screens than those that emulators typically run on. In this article, I’ll walk through the importance of color emulation, and provide some example code and screenshots.
Chromebook U2F ECDSA vulnerability
> We discovered a vulnerability in the H1 security chip firmware concerning ECDSA signature generation. The firmware code used incompatible transfer instructions when passing a critical secret value to the cryptographic hardware block, resulting in generating secret values of a specific structure and having a significant loss of entropy in the secret value (64 bits instead of 256 bits). We confirmed that the incorrect generation of the secret value allows it to be recovered, which in turn allows the the underlying ECC private key to be obtained. Thus, attackers that have a single pair of signature and signed data can effectively compute the private key, breaking any functionality or protocols that use the key pair in question.
Experimental feature, with an annoying fix. If it had been for real, quite messy.
The Enigma Machine
> The Enigma Machine was one of the centerpoints of World War II, and its cryptanalysis was one of the stepping stones from breaking codes as an art to cryptography as a science. The machine encrypted messages sent between parts of the German army – operators would type a key on its keyboard, the machine would scramble that, and a letter would light up on the top.
> This notebook simulates an Enigma Machine and visualizes how it works. The Enigma Machine is an especially neat thing to visualize because it was electromechanical. As you used it, it moved. Instead of circuit traces, it had beautiful real wires connecting its pieces.
Planned Obsolescence: Innovation Versus Preservation
> We keep making old stuff significantly less useful in the modern day, sometimes by force. We cite problems things such as security, maintenance, and a devotion to constant evolution as reasons for allowing this to happen. But the net effect is that we are making it impossible to continue using otherwise useful things after even a medium amount of time. I’m not even exclusively talking about things that are decades old. Sometimes, just a few years does the trick. Today’s Tedium ponders planned obsolescence and how it theatens preservation.
Where do interrupts happen?
> For a simple 1-wide in-order, non-pipelined CPU the answer might be as simple as: the CPU is interrupted either before or after instruction that is currently running2. For anything more complicated it’s not going to be easy. On a modern out-of-order processor there may be hundreds of instructions in-flight at any time, some waiting to execute, a dozen or more currently executing, and others waiting to retire. From all these choices, which instruction will be chosen as the victim?
Understanding modern UEFI-based platform boot
> To many, the (UEFI-based) boot process is like voodoo; interesting in that it’s something that most of us use extensively but is - in a technical-understanding sense - generally avoided by all but those that work in this space. In this article, I hope to present a technical overview of how modern PCs boot using UEFI (Unified Extensible Firmware Interface).
Quite the overview.
Turning a MacBook into a Touchscreen Using the Webcam
> Our idea was to retrofit a small mirror in front of a MacBook’s built-in webcam, so that the webcam would be looking down at the computer screen at a sharp angle. The camera would be able to see fingers hovering over or touching the screen, and we’d be able to translate the video feed into touch events using computer vision.