Yeah, I was thinking that he must've put some time in Photoshop animating that, but then I realized it was the actual display

Yeah what the fuck that was soooo sick

reply button : 0:26

This channel is underrated. Awesome video.

Michael Reeves nice to see you here!

Yes

You know what else is beautiful? _drones_

Meet your maker, I see.

Ha nice to see you here :D

Hahahaha

The UML of that it's only in his mind. 🤓😇

These little microcontroller chips don't really have any permanent storage other than flash memory. There is also no MMU or MPU to protect memory areas and has no privileged execution modes (The bigger ARMs meant to run Linux have all this). Yes running the check every time on boot would be more sensible but wouldn't protect you against this particular silly exploit. This exploit allows you to write to 0x00000000 and this is the reset vector. With that you can just insert a jump instruction into whatever code you want (And could have loaded earlier), bypassing the bootloader completely. But none of this would happen if the bootloader simply would refuse to write to this memory area too.

@@berni8k "These little microcontroller chips don't really have any permanent storage other than flash memory" Are you sure about that ? I'm currently working with a crypto accelerator IP to implement a secure boot and it embeds a small ROM for the boot ROM and a OTP (One Time Programmable memory) made of fuse for secret datas. I don't know the ST chip, but it would be surprising if it didn't have any memory on it. (like a secrete unique key, a certificat, or a boot rom) Yes obviously that device is a bad example of secure device x), it's so stupid to allow writing on memory used for the secure boot process.

Followed by remark that he didn't do anything important. Like putting your logo onto a device that's sole purpose is to be secure is not impressive

@@evennot Well it demonstrates code execution on something that is supposed to be secure (executing non verified code is a big no no)

@@berni8k did he actually change the code? i think it was just a visual edit thing

@@jamiebury1807 This visually demonstrates that the code is executing, but the code does have full control over the MCU inside. Yes the secure element chip is still safe, but the MCU is the interface between the secure element and the user/usb port. This allows it to trick the user into approving a transaction shown on the display while actually sending a malicious coin stealing transaction to the secure element for signing. This is still a pretty difficult coin stealing attack to execute, but it is possible.

@@berni8k thanks berni8k i thought as much. what about when you enter a 24 word phrase how does the the secure element never get seen by a potential hacker who tried to mess with the device? What makes the secure chip so special?

Well you can't use this vulnerability to directly overwrite the bootloader because the bootloader is executing directly from flash. So the bootloader would end up running in a mix of the old and new code until it trips over itself and crashes, leaving a broken bootloader in flash and bricking the device. However what you can do is use the bootloader to update the main code, this code would then run and overwrite the bootloader and show something on the display to signal its done. At that point you can then reboot it into the new bootloader and load the genuine application back in. This can be done with the exploit or without it (If you have that magical private key)

Oh and i just realised. As part of the exploit you could update the bootloader yourself and lock it down. So then when the user tries to update to the new secure firmware with a patch for this vulnerability it pretends like it is flashing it but actually does not write anything. So your code stays in there.

@@berni8k I'm not certain if you could use the same technique to update the bootloader from main code. Mainly because the vulnerability involved changing this during bootloader code, and altering it during main code may not be trivial, as chips can have hardware protection features to protect the bootloader during main code. I haven't researched this chip in particular, but remember reading something along those lines in a datasheet for another chip

@@jackaw1197 These STM32F04 series are just simple little microcontrollers. There is likely some sort of register based lock to prevent accidental writes to flash, but since there is no such thing as privileged execution any code can do it and start writing to flash. All of the flash memory is the same. The only reason why its placed where it is placed is because the reset vector is at the beginning of flash memory. So the bootloader is placed there so that its the first thing it executes on startup. No special boot region. The things are just faster 32bit versions of classical 8 bit microcontrolers used to run simple tasks with no OS or even RTOS. Its the bigger ARMs built to run a OS that have the usual security features you would expect in a modern computer because the OS pretty much needs them.

@@berni8k OK, I looked up the application notes, and you appear to be correct (AN5156, section 6). Some STM32 series do have 'Secure User Memory', but the F0 series do not. The datasheet I had read was for an ATMEGA32u2, which has lock bits to prevent writes to bootloader memory from application memory. I assumed a 32 bit arm chip would have this since an 8 bit avr does, but I was wrong.

The joys of low level embedded programming. You tend to learn to subconsciously count to 8 when writing 32bit values in hex.

I feel booze

Have Vodka shots. 😂

Yes. KZfaq was not trained on his taste as he uses a private tab in chrome and is not logged in into KZfaq.

@@finntegeler That's not what I meant.. Look at the channel names of the videos.

@@melluh Damn, nice catch! I didn't even notice that heh

@@melluh That last one is so ironic.

Ah, I wasn't the only one who though that.

@@tripplefives1402 lol wow, are you trolling or do people still actually do stuff with gopher.

@@tripplefives1402 IPoHAM...is that an RFC yet? IPoAC is a thing so I have to imagine IPoHAM is. Also while I know what gopher is I've never actually used it. I guess the advantage to not having images or any of the bloat of the web is it's super light weight.

@@tripplefives1402 But does it have IPv6 lol? Also I have no idea what AX.25 and x.25 are so I'll probably go look those up

@@tripplefives1402 very interesting. I am familiar with the OSI model just not many of the layer 2 protocols. I actually would have thought that most fiber connections would use ethernet but guess not. I know fiber in a LAN usually is just ethernet but I guess it shouldn't be surprising something else is used on the scale of an ISP.

Well the NSA can legaly do almost anything anyway, for us mortals its illegal to use malware but not for them its business as usual. Security trough obscurity does help. But only if there is some actual legit security underneath. Piling up layers of obscurity on top can really slow down the attacker. For example when they have no documentation means they have to reverse engineer everything first. Each layer is an annoying time waster so that a lot of attackers will get fed up and give up.Only the most persistent ones actually get to your real security to have a go at cracking it (And this is the important bit). So obscurity in itself it certainly not a security measure but it does help the actual real security measure under it resist attacks a bit better. Modern PC games make heavy use of this. For example now famous Denuvo protection is used to unscramble machine code in real time as its executing. This Denuvo protection is not doing any security jobs, but it makes analyzing or tampering with the code running inside of it really painful and difficult. Its used to obscure actual security code under it so that you can't mess with it as easily. This can take a game from being cracked in

@Fluffy_tail xD ! Same reaction for me : "what ? There is an alias o.o that so stupid !" PUFs are a great solution but you also need a good architecture

ST micro is not US based

@@berni8k I think you're overstating the value of Denuvo a little. When it was first released in 2014, it secured 2 titles for 12 months, followed by titles for 6 months or less. By 2015 it looks like 2-3 months was common. In early 2016, Denuvo was calling almost 4 months for doom "impressive" . In 2017, games were frequently cracked within hours of release (e.g. Middle-earth: Shadow of War and Total War: Warhammer 2). Final Fantasy XV was cracked 3 days before release. I haven't bothered to do a full head count but it seems like between no real effect and 12 months is a much more reasonable estimate to the value that Denuvo gives but with the time spent at 12 months being a lot shorter than the time spent at no real effect. There are a few "not cracked" titles in the list but the ones that stand out to me are Valkyria Chronicles 4 and the Adventures of Captain Spirit/Life is Strange 2 as they are big name titles that are primarily single player. Can't explain why those survived where everything around them was in flames, but i doubt it's purely the quality of the security of Denuvo. Ultimately this is an arms race where the ones doing the protecting have limited time and resources where as the ones doing the penetrating have (effectively) unlimited time and resources. Denuvo found a method that protected against a common cracking vector so the cracking community developed a new general purpose approach.

@@dantenotavailable Well yes Denuvo does get cracked much faster as crackers develop tools to help them work with it. But still before Denuvo and similar mechanisms under other names it was rare that something didn't get cracked within a day of release. So extending it even to a month is actually pretty impressive. But Denuvo does not help at all if the security code it is protecting is itself flawed. Its Denuvo put on top of already strong copy protection that keeps the game from being cracked for long. For example using Denuvo to protect the Steam DRM is essentially useless, the hackers have such good understanding of Steams DRM system that they can crack it without modifying the actual game executable rendering denuvo useless. Using denuvo to protect a sophisticated DRM that is spread trough all the games code and performs secret checks that make the game act weird or mysteriously crash on purpose is a whole different story. In any case Denuvo does significantly slow down cracking when used on top of a good strong DRM. This is security by obsurity and it does work. If the game developers implement it wrong then its there own fault. Denuvo is not a magic never crack pill, just helps reasonably secure DRM be even more secure

Do you think hardware wallet is not secure like nano x?i already ordered nano x.that is on the way?reply me

@@digitalworld5407 That comment made no sense (I recommend using Grammarly btw, it can help you figure out grammatical mistakes and fix typos, I'm not affiliated with them) but I guess you meant to ask whether the Nano X is more secure than the Nano S? If that's your question, then no. The Nano X uses the same design as the Nano S with some "ease of use differences". These differences include (but are not limited to): - allowing more "apps" (basically wallets) on the device - bigger buttons - bigger display - USB-C (instead of micro-B) - Bluetooth Fundamentally, they are the same, though, due to the increased storage space on the Nano X, along with the Bluetooth component, I think the Nano X *might* (in theory) actually be less secure. Do you have to worry? realistically speaking: no. Unless you are being targeted individually (like someone actively targeting YOU), there is no real problem. If they are actively targeting you, then your cryptos might be the least of your concerns... Creating an attack and sending it out in mass and blablabla might prove too difficult to be worth the effort over creating malware that just phishes the user or something. I mean, do note that one thing @LiveOverflow didn't mention is that you need to approve a connection between your ledger and the manager... so it can't do it sneakily (atleast, that we currently know off). Having a hardware wallet is marginally better than having a software wallet so you'd be fine nonetheless. I own both a Nano S and X btw. The Nano X is on me while the Nano S is in my safe (seeded and good to go), the recovery phrase is stamped and put in another safe, pretty far away from me. If I ever lose the Nano X, I buy a new one, initialize it then send my funds from my S to the new X then re-seed my S with the recovery seed from my X. This way, by the time the finder might have broken into the thing... the funds are gone.

@@FinlayDaG33k oh my god tnx for the very big reply.really i have to say that i havent good inglish to understand what you said exactly..i mean some words anyway i Trying to understand your reply words to words.thnx bro

@@digitalworld5407 Use Google translate :) While it *might* not be 100% accurate, it could help you understand it all a bit better since now you can see it in your native language (albeit with some funkyness here and there). Also, just keep trying to write English (especially with the aforementioned Grammarly extension) so you can practice! Good luck!

@@FinlayDaG33k yes thnx bro.i ll

With a hacked firmware theoretically it could trick the secure element into believing the firmware is legit and then authorize a transaction to a different address than what the hacked firmware is displaying on the screen. This would require an additional exploit that no one has demonstrated to exist yet, but it might exist.

@UXXELDUXXEL I assume that there is an option for a passcode that you have to enter on the device. Two buttons are enough for code entry and the hardware can lock itself to deter guessing.

@@henke37 But the passcode is useless if you can simply replace the firmware to do anything you want on the passcode screen. But yeah its a pretty wild scenario to get physical access to the crypto wallet and get malware on the PC in order to make an actual attack. Maybe if they knew someone is keeping >100k USD in there wallet.

You could tamper with the Ledger before it even reaches the end-user, that's the issue here. There's no way to tell if your Ledger was previously compromised.

@@berni8k It's not useless if the secure element stores and verifies the passcode (I'd certainly hope that's the case). If so, the correct value still needs to be entered at least once after a malicious firmware is loaded on an already-initialised device.

Paper wallets in a big trusty safe. At the end of the day a hardware wallet is 100x more safe compared to leaving crypto on an exchange.

@@ShawnBuckingham I would argue that paper wallet is less secure, once you have access to the paper wallet you got funds, once you have access to the physical hardware wallet, you dont have access.

I didn't notice this until I read this comment, and now I can't not hear it again. Shit.

Someone please answer to this

#saliva #goodmic

He's speaking a mix of a language in Africa and English

Him making mouse clicks while recording?

Likely not that hard since they have machine code running inside this chip. The whole thing can be thrown into disassembler, perhaps look for the string that shows when it asks you to confirm. Check what part of the code accesses that string and just add one jump instruction to skip the button check (Or jump into your own code that checks for a specific pattern in the payment address if wanted).

Well if they used 0xB16B00B5 (big boobs) then the feminists would be after them just like they ware after the linux developers that used this magic word in the linux kernel source code. Sad... very sad, i know.

​@@berni8k I had to research that one (was unfamiliar with the whole thing ever having occurred) but the whole controversy, specifically the discussion at mjg59.dreamwidth.org/14955.html, was quite entertaining.

I think the PC needs malware in any case to let you steal funds from the wallet. With a lot of work you probably pretend you are the security chip as the PC is talking to you, modify the request and then pretend you are the PC as you talk to the security chip to make it sign you a huge transaction of bitcoin to your own address. But if you send this forged signature back to the PC it will notice. What happen is that the PC pins this signature to a bitcoin transaction header that the PC generated and the transaction will fail because the signature is wrong. Or the PC will check what it got from the wallet and note that the bitcoin wallet address or amount does not match. Oh wait... i just remembered about the BadUSB exploit... yeah that could be used to get some small program to execute on the PC that received the forged signature and sends it out.

This is not how Ledger recover works. They can’t extract it from your ledger like that.

how would u add a 25th word?

Yes these ARMs throw a "Hard Fault" exception when you try to use memory that is not there or use it in the wrong way (Some things must be 32bit aligned)

PC software issues cryptographic challenge to device that requires having its private key?

Just a feature of the chip

What do you think is the purpose of the Ledger? lol