Josh 'Monk" Thomas August 1st--4th, 2013 Rio Hotel & Casino • Las Vegas, Nevada
Пікірлер: 57
@NedTheDread10 жыл бұрын
Wow, that's some serious stuff right there! Fuckin awesome presentation.
@indigoanon548310 жыл бұрын
1337 indeed
@Nigelxp17 жыл бұрын
Eye opener, great presentation thanks :).
@Avelx6 жыл бұрын
Can anyone tell me if this has been looked into by software or the GNU community?
@JonMasters7 жыл бұрын
This is fun. In the early days of YAFFS, I recall writing code to walk the OOB data to reset bad blocks during my backport efforts (ABI changes lead to incorrectly missmarking blocks bad) and thought then that this would be a great place to hide stuff. I would note that resetting OOB is totally doable to undo this - obviously not consumer friendly tho.
@sub7x22610 жыл бұрын
Greatest speaker ever.
@yoyomagic20687 жыл бұрын
That man is a god.
@jaymolly29566 жыл бұрын
*bow* great presentation
@noughyou284110 жыл бұрын
This shit is pretty cool when you can get the gist of what they're saying at... All of this shit is fucking scary.
@Zei339 жыл бұрын
Damn that's some serious stuff.
@DweebsUnited8 жыл бұрын
Another cool application for this could be doing it intentionally as a dead drop. Not just for malware, but secret files as well. Mark off NAND, store secrets in it, if anyone steals your phone and tries to examine/clone it, they wont get what you hid.
@holly_hacker8 жыл бұрын
+Eric "Ozzy" Osburn Yes, but then they find your program to accvess those files and you're fucked :p
@Cygnus0lor7 жыл бұрын
as he said, it's literally not accessable because the system itself can't see it...
@DweebsUnited7 жыл бұрын
So don't keep the access program on the device. Also if it's "literally not accessable" then how does his malware access it? It's not paradoxical memory.
@SICKFREDO7 жыл бұрын
he states here he can still call into the memory address, is just the device wont recognize the bit as a good bit and wont read or write to it kzfaq.info/get/bejne/nbGFn8iI3szZpGQ.htmlm28s
@jordanhanna68849 жыл бұрын
Mister No, you've obviously never been to DefCon....
@larva56066 жыл бұрын
This talk is siiiiiiiccckkkkkkkkk!!!!111!!!1!!!!!!!
@JonMasters7 жыл бұрын
The obvious defense is to walk the OOB table and read the bad blocks manually/compare against malicious checksums, monitor rate of failure, etc.
@CGoody5645 жыл бұрын
Wouldn't you need to reverse engineer the nand and data written on it in that case? How can you read it manually if the first thing it asks is "is this block bad? Then it's not here" and refuses to acknowledge it's existence? You would need to program the nand so it doesn't do so, which seems like a fundamental change to how NAND operates as opposed to a defense in regards to how it works now. We're talking convincing an industry to relinquish control of the systems that operate their products. That's not an easy ask.
@johannesyde44087 жыл бұрын
So if I was making phones and selling phones, I would send out some code that fried the camera or digitizer 1 day after warranty ended.
@MariusLuding10 жыл бұрын
Scary stuff...anyone looked at the git yet?
@queazocotal9 жыл бұрын
Major assumption that is utterly broken. No modern phones have NAND exposed anymore. All phones today use eMMC - which is NAND internally, but you can't get at the raw blocks - it pretends to be a perfect block device. This attack only works on raw NAND, not EMMC or SD. Unless your phone is running gingerbread or below - it's not applicable.
@noname-tf7kq9 жыл бұрын
He did explain that the source is based on the kernel based nand, I thought that was implying it was "universal" that way.. BTW, did anyone do an "um" count? Lost track lol
@uN1Qu3DZ9 жыл бұрын
He used an Android 4.0.4 device from Sony, which is a "little bit" newer than Gingerbread. It is entirely possible to do this with EMMC too - the controller in EMMC is not stand-alone and the main processor talks to it. Remember the "sudden death" epidemic that plagued the Galaxy SIII and Note 2? That was due to a bug in the EMMC code that ended up frying it if a particular function was called accidentally. Some phones (maybe 20%) could be recovered via a full flash (emergency boot card to put it into Download Mode and complete firmware with PIT file, then IMEI and network repair with z3x box or similar), but most of them had the EMMC fried, and would need a replacement EMMC plus the complete flashing and software repair process to come back to life. It's entirely possible that something like this could have actually been at the root of the issue.
@AliSAhmad3 жыл бұрын
Holy. Shit.
@jt11226 жыл бұрын
Cool name
@lucun_10 жыл бұрын
So SSDs are pretty much useless if this gets huge..
@YumekuiNeru10 жыл бұрын
they first have to get in, right?
@jordanhanna68849 жыл бұрын
YumekuiNeru Exactly, that was his reason for talking about 0-Days, and how the real magic (and fun) is after you get in (hidden persistence).
@akt674 жыл бұрын
0 Day? anyone explain without flaming me...?
@nullvoid35453 жыл бұрын
a bug or exploit in something that's been there since day 0 and hasn't been found yet. their relatively common and malicious hackers often log them to sell to someone later for lots of money.
@mizoamazzo55117 жыл бұрын
UMM UMM UMM UMM UMM UMM UMM
@snooks56076 жыл бұрын
"oh days", "oh days", "oh days". that's a zero. guy can't read his own damn slides
@Docko41210 жыл бұрын
I'm actually downloading wargames as i watch this... funny
@archimedesworld32029 жыл бұрын
@BlasToise I get annoyed when people chew loudly but seriously can't you firkin compartmentalize that stuff. With all due respect it is super shallow. But I won't hold it against you some people can not filter out annoying repetition or anything else because of chemical imbalances, so in that case I would forgive you. Sorry I've heard people complain about swallowing in the middle of a quantum mechanics lecture and it was just so minor in comparison to the mind shattering reality of the subatomic world.
@user-rc9jf8ng2k7 жыл бұрын
Drink some fucking water.
@jamesfewell21004 жыл бұрын
Can't stand when people say "oh" day and this dudes personality is extra corny. There isn't a single thing sexy about code. What he does is exceptional but he needs to mature on a personal level a whole lot as quickly as possible...